CN116108410A - Identity credential generation method and device - Google Patents

Identity credential generation method and device Download PDF

Info

Publication number
CN116108410A
CN116108410A CN202310148311.1A CN202310148311A CN116108410A CN 116108410 A CN116108410 A CN 116108410A CN 202310148311 A CN202310148311 A CN 202310148311A CN 116108410 A CN116108410 A CN 116108410A
Authority
CN
China
Prior art keywords
identity
identity credential
value
requester
credential information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202310148311.1A
Other languages
Chinese (zh)
Inventor
孙亚东
李国松
谭咏茂
蔚晨
吴海洋
张荣臻
向小佳
丁永建
李璠
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Everbright Technology Co ltd
Original Assignee
Everbright Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Everbright Technology Co ltd filed Critical Everbright Technology Co ltd
Priority to CN202310148311.1A priority Critical patent/CN116108410A/en
Publication of CN116108410A publication Critical patent/CN116108410A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Storage Device Security (AREA)

Abstract

The invention provides an identity credential generation method and device, wherein the method comprises the following steps: acquiring identity credential information of a requester, wherein the identity credential information comprises: identity code, gender, creator, date of creation; generating a digest value of the identity credential information; encrypting the digest value of the identity credential information to obtain the digest value secret value; the identity credential of the requester is generated according to the identity credential information and the summary value secret value, so that the problem that the digital personal identity codes are not unique in the related technology, the interaction cost in the multi-meta-universe interaction process is greatly increased, the identity credential is generated through two-stage digital identity codes, the identity codes are unique, and the interaction cost in the multi-meta-universe interaction process is effectively reduced.

Description

Identity credential generation method and device
Technical Field
The invention relates to the field of data processing, in particular to an identity credential generation method and device.
Background
The digital personal identity is established in the meta-universe at present, and is often only a basic number, and the number can only be used in a certain system, so that the problem of repeated digital personal identity numbers exists when the system is used in a cross-system mode. Because the digital human identity identifiers are not uniform, the phenomenon that the digital human identities are coded identically occurs in a plurality of metauniverse spaces, and the interaction cost in the interaction process of the metauniverse spaces is greatly increased.
Aiming at the problem that the digital personal identity codes are not unique in the related technology, the interaction cost in the process of multiple metauniverse interactions is greatly increased, no solution is proposed yet.
Disclosure of Invention
The embodiment of the invention provides an identity credential generation method and device, which at least solve the problem that the digital personal identity codes in the related technology are not unique, and greatly increase the interaction cost in the process of multi-dimensional interaction.
According to an embodiment of the present invention, there is provided an identity credential generation method including:
acquiring identity credential information of a requester, wherein the identity credential information comprises: identity code, gender, creator, date of creation;
generating a digest value of the identity credential information;
encrypting the digest value of the identity credential information to obtain the digest value secret value;
and generating the identity credential of the requester according to the identity credential information and the summary value secret value.
Optionally, obtaining the identity credential information of the requestor includes:
receiving a request message which is initiated by the requester and requests an identity credential, wherein the request message carries the identity credential information;
and acquiring the identity credential information from the request message.
Optionally, after generating the identity credential of the requester according to the identity credential information and the digest value secret, the method further comprises:
encrypting the identity credential according to the public key to obtain an encrypted identity credential;
and sending the encrypted identity credential to the requester, wherein the requester is used for decoding the encrypted identity credential through a private key corresponding to the public key to obtain the identity credential.
Optionally, the method further comprises:
generating the public key and the corresponding private key for the requester based on a threshold algorithm;
splitting the private key into a plurality of key fragments and transmitting the plurality of key fragments to the requester, so that the requester determines the private key according to at least one key fragment in the plurality of key fragments.
Optionally, before acquiring the identity credential information of the requester, the method further comprises:
generating the identity code for the requester, and recording the identity code by adopting a blockchain;
and sending the identity code to the requester.
Optionally, after generating the identity credential of the requester according to the identity credential information and the digest value secret, the method further comprises:
and storing the identity credentials into an identity credential library.
Optionally, after generating the identity credential of the requester according to the identity credential information and the digest value secret, the method further comprises:
receiving an access request of the requester, wherein the access request carries the identity credential;
acquiring the summary value secret value from the identity certificate;
searching whether an identity credential corresponding to the summary value secret value exists in the identity credential library;
if the identity certificate exists, the identity certificate is determined to be valid, and if the identity certificate does not exist, the identity certificate is determined to be invalid.
Optionally, after generating the identity credential of the requester according to the identity credential information and the digest value secret, the method further comprises:
receiving an access request of the requester, wherein the access request carries the identity credential;
acquiring the summary value secret value and the identity credential information from the identity credential;
generating a target abstract value of the identity credential information, and encrypting the target abstract value to obtain a target abstract value secret value;
judging whether the obtained summary value secret value is the same as the target summary value secret value;
and under the condition that the judging results are the same, the identity certificate is determined to be valid, and under the condition that the judging results are different, the identity certificate is determined to be invalid.
According to another embodiment of the present invention, there is also provided an identity credential generating apparatus including:
the first acquisition module is used for acquiring identity credential information of a requester, wherein the identity credential information comprises: identity code, gender, creator, date of creation;
the first generation module is used for generating the abstract value of the identity credential information;
the first encryption module is used for encrypting the digest value of the identity credential information to obtain the digest value secret value;
and the second generation module is used for generating the identity certificate of the requester according to the identity certificate information and the summary value secret value.
Optionally, the first acquisition module includes:
the receiving sub-module is used for receiving a request message which is initiated by the requester and requests an identity credential, wherein the request message carries the identity credential information;
and the acquisition sub-module is used for acquiring the identity credential information from the request message.
Optionally, the apparatus further comprises:
the second encryption module is used for encrypting the identity certificate according to the public key to obtain an encrypted identity certificate;
and the first sending module is used for sending the encrypted identity credential to the requester, wherein the requester is used for decoding the encrypted identity credential through a private key corresponding to the public key to obtain the identity credential.
Optionally, the apparatus further comprises:
a generation sub-module, configured to generate the public key and the corresponding private key for the requester based on a threshold algorithm;
and the splitting module is used for splitting the private key into a plurality of key fragments and transmitting the key fragments to the requester so that the requester can determine the private key according to at least one key fragment in the key fragments.
Optionally, the apparatus further comprises:
the third generation module is used for generating the identity code for the requester and recording the identity code by adopting a blockchain;
and the second sending module is used for sending the identity code to the requester.
Optionally, the apparatus further comprises:
and the storage module is used for storing the identity certificate into an identity certificate library.
Optionally, the apparatus further comprises:
the first receiving module is used for receiving an access request of the requester, wherein the access request carries the identity credential;
the second acquisition module is used for acquiring the summary value secret value from the identity certificate;
the searching module is used for searching whether the identity certificate corresponding to the summary value secret value exists in the identity certificate library;
and the determining module is used for determining that the identity certificate is valid if the identity certificate exists, and determining that the identity certificate is invalid if the identity certificate does not exist.
Optionally, the apparatus further comprises:
the second receiving module is used for receiving an access request of the requester, wherein the access request carries the identity credential;
the third acquisition module is used for acquiring the summary value secret value and the identity credential information from the identity credential;
the third encryption module is used for generating a target abstract value of the identity credential information and encrypting the target abstract value to obtain the target abstract value secret value;
the judging module is used for judging whether the obtained summary value secret value is the same as the target summary value secret value or not;
and the second determining module is used for determining that the identity credential is valid under the condition that the judging results are the same, and determining that the identity credential is invalid under the condition that the judging results are different.
According to a further embodiment of the invention, there is also provided a computer-readable storage medium having stored therein a computer program, wherein the computer program is arranged to perform the steps of any of the method embodiments described above when run.
According to a further embodiment of the invention, there is also provided an electronic device comprising a memory having stored therein a computer program and a processor arranged to run the computer program to perform the steps of any of the method embodiments described above.
According to the invention, the identity credential information of the requester is obtained, wherein the identity credential information comprises: identity code, gender, creator, date of creation; generating a digest value of the identity credential information; encrypting the digest value of the identity credential information to obtain the digest value secret value; the identity credential of the requester is generated according to the identity credential information and the summary value secret value, so that the problem that the digital personal identity codes are not unique in the related technology, the interaction cost in the multi-meta-universe interaction process is greatly increased, the identity credential is generated through two-stage digital identity codes, the identity codes are unique, and the interaction cost in the multi-meta-universe interaction process is effectively reduced.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this application, illustrate embodiments of the invention and together with the description serve to explain the invention and do not constitute a limitation on the invention. In the drawings:
FIG. 1 is a block diagram of a hardware architecture of a mobile terminal of an identity credential generation method of an embodiment of the present invention;
FIG. 2 is a flow chart of a method of identity credential generation in accordance with an embodiment of the present invention;
FIG. 3 is a schematic diagram of a natural person to digital person correspondence according to an embodiment of the present invention;
FIG. 4 is a schematic diagram of a collection of attributes of a digital person according to an embodiment of the present invention;
FIG. 5 is a schematic diagram of basic information set attribute content according to an embodiment of the present invention;
FIG. 6 is a schematic diagram of a digital person key pair according to an embodiment of the present invention;
FIG. 7 is a schematic diagram of unique encoding of a digital person according to an embodiment of the present invention;
FIG. 8 is a schematic diagram of unique code generation for a digital person in accordance with an embodiment of the present invention;
FIG. 9 is a flow chart of an identity credential generation process according to an embodiment of the present invention;
FIG. 10 is a flow chart of a digital personal identity credential information verification process in accordance with an embodiment of the present invention;
fig. 11 is a block diagram of an identity credential generating apparatus according to an embodiment of the present invention.
Detailed Description
The invention will be described in detail hereinafter with reference to the drawings in conjunction with embodiments. It should be noted that, in the case of no conflict, the embodiments and features in the embodiments may be combined with each other.
It should be noted that the terms "first," "second," and the like in the description and the claims of the present invention and the above figures are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order.
The method embodiment provided in the first embodiment of the present application may be executed in a mobile terminal, a computer terminal or a similar computing device. Taking a mobile terminal as an example, fig. 1 is a block diagram of a hardware structure of the mobile terminal according to the identity credential generating method of the embodiment of the present invention, as shown in fig. 1, the mobile terminal may include one or more (only one is shown in fig. 1) processors 102 (the processors 102 may include, but are not limited to, a microprocessor MCU or a processing device such as a programmable logic device FPGA) and a memory 104 for storing data, and optionally, the mobile terminal may further include a transmission device 106 for a communication function and an input/output device 108. It will be appreciated by those skilled in the art that the structure shown in fig. 1 is merely illustrative and not limiting of the structure of the mobile terminal described above. For example, the mobile terminal may also include more or fewer components than shown in fig. 1, or have a different configuration than shown in fig. 1.
The memory 104 may be used to store a computer program, for example, a software program of application software and a module, such as a computer program corresponding to the identity credential generation method in the embodiment of the present invention, and the processor 102 executes the computer program stored in the memory 104 to perform various functional applications and data processing, that is, implement the method described above. Memory 104 may include high-speed random access memory, and may also include non-volatile memory, such as one or more magnetic storage devices, flash memory, or other non-volatile solid-state memory. In some examples, the memory 104 may further include memory remotely located relative to the processor 102, which may be connected to the mobile terminal via a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The transmission means 106 is arranged to receive or transmit data via a network. Specific examples of the network described above may include a wireless network provided by a communication provider of the mobile terminal. In one example, the transmission device 106 includes a network adapter (Network I nterface Contro l l er, abbreviated NIC) that can communicate with other network equipment via a base station to communicate with the Internet. In one example, the transmission device 106 may be a radio frequency (Rad i o Frequency, abbreviated as RF) module for communicating with the internet wirelessly.
In this embodiment, there is provided a method for generating an identity credential operating on the mobile terminal or the network architecture, and fig. 2 is a flowchart of the method for generating an identity credential according to an embodiment of the present invention, as shown in fig. 2, where the flowchart includes the following steps:
step S202, obtaining identity credential information of a requester, wherein the identity credential information comprises: identity code, gender, creator, date of creation;
in the embodiment of the present invention, the step S202 may specifically include: receiving a request message which is initiated by the requester and requests an identity credential, wherein the request message carries the identity credential information; and acquiring the identity credential information from the request message.
Step S204, generating a summary value of the identity credential information;
step S206, encrypting the abstract value of the identity credential information to obtain the secret value of the abstract value;
and step S208, generating the identity credential of the requester according to the identity credential information and the summary value secret value.
Through the steps S202 to S208, the problem that the digital personal identity codes are not unique in the related technology, the interaction cost in the multi-element universe interaction process is greatly increased can be solved, the identity credentials are generated through two-stage digital identity codes, the identity codes are unique, and the interaction cost in the multi-element universe interaction process is effectively reduced.
Optionally, after step S208, the method further includes: encrypting the identity credential according to the public key to obtain an encrypted identity credential; and sending the encrypted identity credential to the requester, wherein the requester is used for decoding the encrypted identity credential through a private key corresponding to the public key to obtain the identity credential.
Optionally, the method further comprises: generating the public key and the corresponding private key for the requester based on a threshold algorithm; splitting the private key into a plurality of key fragments and transmitting the plurality of key fragments to the requester, so that the requester determines the private key according to at least one key fragment in the plurality of key fragments.
Optionally, before step S202, the method further includes: generating the identity code for the requester, and recording the identity code by adopting a blockchain; and sending the identity code to the requester.
Optionally, after step S208, the method further includes: and storing the identity credentials into an identity credential library.
Optionally, after step S208, the method further includes: receiving an access request of the requester, wherein the access request carries the identity credential; acquiring the summary value secret value from the identity certificate; searching whether an identity credential corresponding to the summary value secret value exists in the identity credential library; if the identity certificate exists, the identity certificate is determined to be valid, and if the identity certificate does not exist, the identity certificate is determined to be invalid.
Optionally, after step S208, the method further includes: receiving an access request of the requester, wherein the access request carries the identity credential; acquiring the summary value secret value and the identity credential information from the identity credential; generating a target abstract value of the identity credential information, and encrypting the target abstract value to obtain a target abstract value secret value; judging whether the obtained summary value secret value is the same as the target summary value secret value; and under the condition that the judging results are the same, the identity certificate is determined to be valid, and under the condition that the judging results are different, the identity certificate is determined to be invalid.
The requestor in the embodiments of the present invention may be a virtual person or a digital person, a digital person being a virtual identity that exists in the digital world, the identity of each digital person being unique. The natural person refers to a person that is visually present in the real world, and fig. 3 is a schematic diagram of a correspondence between the natural person and the digital person according to an embodiment of the present invention, as shown in fig. 3, the natural person and the digital person are in a one-to-many correspondence. Fig. 4 is a schematic diagram of an attribute set of a digital person, and as shown in fig. 4, the digital person is constructed by set information such as a basic information set, a credential information set, a key information set, and the like.
Fig. 5 is a schematic diagram of attribute contents of a basic information set according to an embodiment of the present invention, and as shown in fig. 5, the basic information base is composed of unique codes, names, sexes, creators, creation dates, control relationships, whether self-learning capability is provided, and the like.
The unique code is a unique attribute of the digital person in the digital world, generated by the identity authority when the digital person is generated, and recorded in the blockchain.
The creator is a natural person to whom the digital person corresponds, here the identity number of the corresponding natural person. Where authentication of a natural person's identity credentials is required, this attribute needs to be further verified.
The control relation refers to whether the natural person can rewrite the generated digital person information and whether the digital person self-learning process can be controlled. The control relationship may be yes or no. Whether the self-learning capability is provided, if so, the digital person can be matched with a machine learning algorithm. The voucher information includes the voucher information such as work vouchers, income vouchers, tax vouchers, health vouchers, school vouchers and the like. Different voucher information is issued by the corresponding institutions, such as identity vouchers issued by on-line identity institutions, work vouchers issued by on-line personnel institutions, income vouchers issued by on-line banks, tax vouchers issued by on-line tax authorities, health vouchers issued by on-line medical institutions, academic vouchers issued by on-line education departments.
Fig. 6 is a schematic diagram of a digital person key pair according to an embodiment of the present invention, and as shown in fig. 6, generates a private key pr ivateKey for a digital person based on a quadratic function, and splits the private key pr ivateKey into a plurality of key fragments. Let a quadratic function y=ax 2 +bx+c, let the public key pr ivateKey be the function value y of the quadratic function. A set (a, b, c) can always be found such that y=ax 2 The +bx+c holds, and at this time, a plurality of x can be found, and this quadratic function holds. The following data sets may be generated:
pr ivateKey,(a、b、c),(x 1 ,x 2 ,x 3 ,x 4 ......x n )
so that
Figure BDA0004089946450000101
This is true.
At this time, the pr ivateKey is split into a plurality of key fragments x n Will x n Distributed to the digital person, who only uses one of the x' s n The private key pr ivateKey thereof can be obtained.
And stores coefficients (a, b, c) of a quadratic function corresponding to the pr ivateKey.
Decrypting ciphertext based on key fragment, when the digital person decrypts ciphertext, first x will be n Substitution quadratic function y=ax 2 +bx+c, the function value y is calculated, and the value is the private key pr ivateKey of the digital person. The digital person uses the private key to decrypt the data, and can encrypt the identity certificate, and then send the identity certificate to the digital person, and the digital person uses x n Is used to decrypt the identity credential.
At this time, if the digital person is lost (x 1 ,x 2 ,x 3 ,x 4 ......x n ) As long as one is maintained, the data can be decrypted. Therefore, the problem that the encrypted data cannot be decrypted due to the loss of the secret key is solved.
The embodiment of the invention also uses a blockchain to record the unique code of the digital person, and fig. 7 is a schematic diagram of the unique code of the digital person according to the embodiment of the invention, and as shown in fig. 7, the unique identification of the digital person in the metaspace is ensured by two methods. FIG. 8 is a flow chart of unique code generation for a digital person, as shown in FIG. 8, according to an embodiment of the present invention, including:
the first is a mechanism for issuing digital identity codes, which applies for the issuing authority of the digital identity codes to an on-line official identity mechanism (such as a public security agency), and the official identity mechanism provides the application mechanism with a first 128-bit character string for issuing the digital identity codes. The institution that is required to issue the digital personal identity code must ensure that the digital personal identity code it issues cannot be repeated.
And secondly, applying for the unique code of the digital person by a natural person to an on-line identity mechanism (such as a public security agency), and generating the unique code of the digital person by using a random number generator by using the on-line identity mechanism with 128 bit character strings as the head.
The digital person is uniquely coded and consists of numbers and letters, and the length of the digital person is 1024 characters, and the digital person is not used for distinguishing the case. The digital person unique code in this format can accommodate 102436 digital person identities.
After the online identity mechanism generates the unique code of the digital person, the code is sent to the requester, and the code is stored in the digital identity block chain, so that the code is ensured not to be tampered and the whole chain is unique.
Generating digital personal identity credentials using a cryptographic algorithm, fig. 9 is a flowchart of an identity credential generation process according to an embodiment of the present invention, as shown in fig. 9, the digital personal identity credential information generation process is as follows:
the identity credential information format requires that the identity credential information is composed of a digital person identity unique code, a gender, a creator, a creation date, a credential issue organization code, and a credential summary value and a secret value.
The certificate issue date format is yyyymmdd: hhmmsss.
The natural person requests the identity certificate, and the digital person combines the unique code, the sex, the creator, the creation date and other attributes into a data set c according to the requirement of the certificate issuing mechanism and sends the data set c to the certificate issuing mechanism.
The set c= { unique code, gender, creator, date of creation }, in jsons format.
The issuing mechanism generates an identity certificate digest value by using a digital envelope method, and the certificate issuing mechanism generates a digest value h of certificate information c sent by a digital person by using a digital digest algorithm SM3 of the mechanism, wherein h=sm3 (c).
The issuing mechanism encrypts the summary value of the identity certificate, the certificate issuing mechanism adopts an asymmetric encryption algorithm SM2 of the certificate issuing mechanism to encrypt the summary value h of the certificate information to obtain h_s:
h_s=SM2(h)。
the issuing mechanism sends the identity certificate to the requester, and the certificate issuing mechanism sends the encrypted certificate abstract value to the requester. The issuing mechanism records the identity certificate, and the certificate issuing mechanism stores the identity certificate in the identity certificate library.
Fig. 10 is a flowchart of a digital personal identity credential information verification process according to an embodiment of the present invention, as shown in fig. 10, using a signature verification technique to verify digital personal identity credentials, where the digital personal identity credential information verification process is as follows:
acquiring digital person identity credential information, and acquiring the digital person identity credential information from the identity credential set of the digital person identity model.
And requesting to verify the validity of the certificate from the identity certificate issuing mechanism. The summary value and the secret value of the identity certificate are obtained from the identity certificate, and whether the certificate corresponding to the summary value and the secret value exists or not is searched in an identity certificate library published by an issuing organization. If the identity exists, the identity is confirmed to be valid, and if the identity does not exist, the identity is confirmed to be invalid.
The embodiment of the invention solves the problem of non-unique digital personal identification codes by a mode of issuing and blockchain of two-layer digital personal identification codes. The first-layer identity code issuing mechanism is an official mechanism, can issue a designated digital identity code for the second-layer identity code issuing mechanism, and can also directly issue an identity code for a digital person. The second layer identity code issuing mechanism starts with the digital identity code head given by the first layer, and generates the digital personal identity code by adopting a random algorithm, so that the unique identity of the digital person in the metaspace is ensured. And by adopting a block chain, the identity code of the digital person is recorded, so that the uniqueness of the identity code of the digital person is further ensured.
The problem that the ciphertext cannot be recovered when the private key is lost is solved by adopting a threshold cryptographic algorithm. The user private key is split into a plurality of keys through a threshold cryptographic algorithm, and the user can decrypt the ciphertext data only by holding the keys larger than the threshold value, so that the problem that the ciphertext data cannot be recovered due to the loss of the keys is solved.
Signature verification technology based on SM3 and SM2 algorithms is adopted to solve the problem of data tampering. The SM3 algorithm is used for generating the data abstract value, and the uniqueness of the data generated abstract is ensured because the SM3 algorithm has the characteristics of unidirectionality and first directionality resistance. The sender encrypts the summary data through the SM2 algorithm, and the receiver uses the SM2 algorithm to solve the summary data, verify the summary value and check the summary value, so that the use safety of the data is ensured.
According to another embodiment of the present invention, there is also provided an identity credential generating apparatus, fig. 11 is a block diagram of the identity credential generating apparatus according to an embodiment of the present invention, as shown in fig. 11, the apparatus including:
a first obtaining module 112, configured to obtain identity credential information of a requester, where the identity credential information includes: identity code, gender, creator, date of creation;
a first generation module 114, configured to generate a digest value of the identity credential information;
a first encryption module 116, configured to encrypt a digest value of the identity credential information to obtain the digest value secret value;
and a second generating module 118, configured to generate an identity credential of the requester according to the identity credential information and the digest value secret.
Optionally, the first obtaining module 102 includes:
the receiving sub-module is used for receiving a request message which is initiated by the requester and requests an identity credential, wherein the request message carries the identity credential information;
and the acquisition sub-module is used for acquiring the identity credential information from the request message.
Optionally, the apparatus further comprises:
the second encryption module is used for encrypting the identity certificate according to the public key to obtain an encrypted identity certificate;
and the first sending module is used for sending the encrypted identity credential to the requester, wherein the requester is used for decoding the encrypted identity credential through a private key corresponding to the public key to obtain the identity credential.
Optionally, the apparatus further comprises:
a generation sub-module, configured to generate the public key and the corresponding private key for the requester based on a threshold algorithm;
and the splitting module is used for splitting the private key into a plurality of key fragments and transmitting the key fragments to the requester so that the requester can determine the private key according to at least one key fragment in the key fragments.
Optionally, the apparatus further comprises:
the third generation module is used for generating the identity code for the requester and recording the identity code by adopting a blockchain;
and the second sending module is used for sending the identity code to the requester.
Optionally, the apparatus further comprises:
and the storage module is used for storing the identity certificate into an identity certificate library.
Optionally, the apparatus further comprises:
the first receiving module is used for receiving an access request of the requester, wherein the access request carries the identity credential;
the second acquisition module is used for acquiring the summary value secret value from the identity certificate;
the searching module is used for searching whether the identity certificate corresponding to the summary value secret value exists in the identity certificate library;
and the determining module is used for determining that the identity certificate is valid if the identity certificate exists, and determining that the identity certificate is invalid if the identity certificate does not exist.
Optionally, the apparatus further comprises:
the second receiving module is used for receiving an access request of the requester, wherein the access request carries the identity credential;
the third acquisition module is used for acquiring the summary value secret value and the identity credential information from the identity credential;
the third encryption module is used for generating a target abstract value of the identity credential information and encrypting the target abstract value to obtain the target abstract value secret value;
the judging module is used for judging whether the obtained summary value secret value is the same as the target summary value secret value or not;
and the second determining module is used for determining that the identity credential is valid under the condition that the judging results are the same, and determining that the identity credential is invalid under the condition that the judging results are different.
It should be noted that each of the above modules may be implemented by software or hardware, and for the latter, it may be implemented by, but not limited to: the modules are all located in the same processor; alternatively, the above modules may be located in different processors in any combination.
Embodiments of the present invention also provide a computer readable storage medium having a computer program stored therein, wherein the computer program is arranged to perform the steps of any of the method embodiments described above when run.
Alternatively, in the present embodiment, the above-described storage medium may be configured to store a computer program for performing the steps of:
s1, acquiring identity credential information of a requester, wherein the identity credential information comprises: identity code, gender, creator, date of creation;
s2, generating a summary value of the identity credential information;
s3, encrypting the abstract value of the identity credential information to obtain the abstract value secret value;
s4, generating the identity certificate of the requester according to the identity certificate information and the summary value secret value.
Alternatively, in the present embodiment, the storage medium may include, but is not limited to: a usb disk, a Read-On-y Memory (ROM), a random access Memory (Random Access Memory, RAM), a removable hard disk, a magnetic disk, or an optical disk, or other various media capable of storing a computer program.
An embodiment of the invention also provides an electronic device comprising a memory having stored therein a computer program and a processor arranged to run the computer program to perform the steps of any of the method embodiments described above.
Optionally, the electronic apparatus may further include a transmission device and an input/output device, where the transmission device is connected to the processor, and the input/output device is connected to the processor.
Alternatively, in the present embodiment, the above-described processor may be configured to execute the following steps by a computer program:
s1, acquiring identity credential information of a requester, wherein the identity credential information comprises: identity code, gender, creator, date of creation;
s2, generating a summary value of the identity credential information;
s3, encrypting the abstract value of the identity credential information to obtain the abstract value secret value;
s4, generating the identity certificate of the requester according to the identity certificate information and the summary value secret value.
Alternatively, specific examples in this embodiment may refer to examples described in the foregoing embodiments and optional implementations, and this embodiment is not described herein.
It will be appreciated by those skilled in the art that the modules or steps of the invention described above may be implemented in a general purpose computing device, they may be concentrated on a single computing device, or distributed across a network of computing devices, they may alternatively be implemented in program code executable by computing devices, so that they may be stored in a memory device for execution by computing devices, and in some cases, the steps shown or described may be performed in a different order than that shown or described, or they may be separately fabricated into individual integrated circuit modules, or multiple modules or steps within them may be fabricated into a single integrated circuit module for implementation. Thus, the present invention is not limited to any specific combination of hardware and software.
The above description is only of the preferred embodiments of the present invention and is not intended to limit the present invention, but various modifications and variations can be made to the present invention by those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the principle of the present invention should be included in the protection scope of the present invention.

Claims (11)

1. A method of identity credential generation, the method comprising:
acquiring identity credential information of a requester, wherein the identity credential information comprises: identity code, gender, creator, date of creation;
generating a digest value of the identity credential information;
encrypting the digest value of the identity credential information to obtain the digest value secret value;
and generating the identity credential of the requester according to the identity credential information and the summary value secret value.
2. The method of claim 1, wherein obtaining identity credential information of the requestor comprises:
receiving a request message which is initiated by the requester and requests an identity credential, wherein the request message carries the identity credential information;
and acquiring the identity credential information from the request message.
3. The method of claim 2, wherein after generating the identity credential of the requestor from the identity credential information and the digest value secret, the method further comprises:
encrypting the identity credential according to the public key to obtain an encrypted identity credential;
and sending the encrypted identity credential to the requester, wherein the requester is used for decoding the encrypted identity credential through a private key corresponding to the public key to obtain the identity credential.
4. A method according to claim 3, characterized in that the method further comprises:
generating the public key and the corresponding private key for the requester based on a threshold algorithm;
splitting the private key into a plurality of key fragments and transmitting the plurality of key fragments to the requester, so that the requester determines the private key according to at least one key fragment in the plurality of key fragments.
5. The method of claim 1, wherein prior to obtaining the identity credential information of the requestor, the method further comprises:
generating the identity code for the requester, and recording the identity code by adopting a blockchain;
and sending the identity code to the requester.
6. The method of claim 1, wherein after generating the identity credential of the requestor from the identity credential information and the digest value secret, the method further comprises:
and storing the identity credentials into an identity credential library.
7. The method of claim 6, wherein after generating the identity credential of the requestor from the identity credential information and the digest value secret, the method further comprises:
receiving an access request of the requester, wherein the access request carries the identity credential;
acquiring the summary value secret value from the identity certificate;
searching whether an identity credential corresponding to the summary value secret value exists in the identity credential library;
if the identity certificate exists, the identity certificate is determined to be valid, and if the identity certificate does not exist, the identity certificate is determined to be invalid.
8. The method of claim 1, wherein after generating the identity credential of the requestor from the identity credential information and the digest value secret, the method further comprises:
receiving an access request of the requester, wherein the access request carries the identity credential;
acquiring the summary value secret value and the identity credential information from the identity credential;
generating a target abstract value of the identity credential information, and encrypting the target abstract value to obtain a target abstract value secret value;
judging whether the obtained summary value secret value is the same as the target summary value secret value;
and under the condition that the judging results are the same, the identity certificate is determined to be valid, and under the condition that the judging results are different, the identity certificate is determined to be invalid.
9. An identity credential generating device, the device comprising:
the first acquisition module is used for acquiring identity credential information of a requester, wherein the identity credential information comprises: identity code, gender, creator, date of creation;
the first generation module is used for generating the abstract value of the identity credential information;
the encryption module is used for encrypting the abstract value of the identity credential information to obtain the secret value of the abstract value;
and the second generation module is used for generating the identity certificate of the requester according to the identity certificate information and the summary value secret value.
10. A computer-readable storage medium, characterized in that the storage medium has stored therein a computer program, wherein the computer program is arranged to execute the method of any of the claims 1 to 8 when run.
11. An electronic device comprising a memory and a processor, characterized in that the memory has stored therein a computer program, the processor being arranged to run the computer program to perform the method of any of the claims 1 to 8.
CN202310148311.1A 2023-02-15 2023-02-15 Identity credential generation method and device Pending CN116108410A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310148311.1A CN116108410A (en) 2023-02-15 2023-02-15 Identity credential generation method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310148311.1A CN116108410A (en) 2023-02-15 2023-02-15 Identity credential generation method and device

Publications (1)

Publication Number Publication Date
CN116108410A true CN116108410A (en) 2023-05-12

Family

ID=86259714

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310148311.1A Pending CN116108410A (en) 2023-02-15 2023-02-15 Identity credential generation method and device

Country Status (1)

Country Link
CN (1) CN116108410A (en)

Similar Documents

Publication Publication Date Title
US10931658B2 (en) Encryption and decryption techniques using shuffle function
US8208627B2 (en) Format-preserving cryptographic systems
CN101765996B (en) Device and method for remote authentication and transaction signatures
CN112313683A (en) Offline storage system and using method
US11488134B2 (en) Format-preserving cryptographic systems
CN110324143A (en) Data transmission method, electronic equipment and storage medium
WO2017164159A1 (en) 1:n biometric authentication, encryption, signature system
US8892881B2 (en) Split key secure access system
CN114730420A (en) System and method for generating signatures
US20110145576A1 (en) Secure method of data transmission and encryption and decryption system allowing such transmission
CN107251476A (en) Secret communication is managed
CN105306194B (en) For encrypted file and/or the multiple encryption method and system of communications protocol
CN104992119B (en) A kind of safe transmission method and system of sensitive information Anti-theft
CN106130716A (en) Cipher key exchange system based on authentication information and method
CN112738051B (en) Data information encryption method, system and computer readable storage medium
CN112740615A (en) Multi-party computed key management
CN113348455A (en) Apparatus and method for providing authentication, non-repudiation, managed access, and twin discrimination of data using data control signatures
Simmons Secure communications and asymmetric cryptosystems
Sujithra et al. ID based adaptive-key signcryption for data security in cloud environment
CN113343255A (en) Data interaction method based on privacy protection
CN107682156A (en) A kind of encryption communication method and device based on SM9 algorithms
Suthar et al. EncryScation: A novel framework for cloud iaas, daas security using encryption and obfuscation techniques
WO2022137668A1 (en) Data file encoding transmision/reception system, and data file encoding transmission/reception method
WO2022123795A1 (en) Service provision system
CN116108410A (en) Identity credential generation method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination