CN116318776A - Digital identity login method, device, computer equipment and storage medium - Google Patents
Digital identity login method, device, computer equipment and storage medium Download PDFInfo
- Publication number
- CN116318776A CN116318776A CN202211516667.8A CN202211516667A CN116318776A CN 116318776 A CN116318776 A CN 116318776A CN 202211516667 A CN202211516667 A CN 202211516667A CN 116318776 A CN116318776 A CN 116318776A
- Authority
- CN
- China
- Prior art keywords
- digital identity
- target
- information
- certificate
- credential
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 61
- 238000012795 verification Methods 0.000 claims abstract description 114
- 238000004590 computer program Methods 0.000 claims abstract description 26
- 230000009191 jumping Effects 0.000 claims abstract description 9
- 230000004044 response Effects 0.000 claims description 4
- 238000010586 diagram Methods 0.000 description 9
- YSCNMFDFYJUPEF-OWOJBTEDSA-N 4,4'-diisothiocyano-trans-stilbene-2,2'-disulfonic acid Chemical compound OS(=O)(=O)C1=CC(N=C=S)=CC=C1\C=C\C1=CC=C(N=C=S)C=C1S(O)(=O)=O YSCNMFDFYJUPEF-OWOJBTEDSA-N 0.000 description 7
- 238000005516 engineering process Methods 0.000 description 7
- 238000012550 audit Methods 0.000 description 6
- 238000004891 communication Methods 0.000 description 5
- 230000008520 organization Effects 0.000 description 5
- 238000012797 qualification Methods 0.000 description 5
- 230000005540 biological transmission Effects 0.000 description 4
- 238000013475 authorization Methods 0.000 description 3
- 230000003796 beauty Effects 0.000 description 3
- 238000007726 management method Methods 0.000 description 3
- 230000001343 mnemonic effect Effects 0.000 description 3
- 230000008569 process Effects 0.000 description 3
- 230000008859 change Effects 0.000 description 2
- 238000013478 data encryption standard Methods 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- 230000003068 static effect Effects 0.000 description 2
- 230000001360 synchronised effect Effects 0.000 description 2
- OKTJSMMVPCPJKN-UHFFFAOYSA-N Carbon Chemical compound [C] OKTJSMMVPCPJKN-UHFFFAOYSA-N 0.000 description 1
- 230000008901 benefit Effects 0.000 description 1
- 230000001413 cellular effect Effects 0.000 description 1
- 230000008878 coupling Effects 0.000 description 1
- 238000010168 coupling process Methods 0.000 description 1
- 238000005859 coupling reaction Methods 0.000 description 1
- 229910021389 graphene Inorganic materials 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000009466 transformation Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06K—GRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
- G06K17/00—Methods or arrangements for effecting co-operative working between equipments covered by two or more of main groups G06K1/00 - G06K15/00, e.g. automatic card files incorporating conveying and reading operations
- G06K17/0022—Methods or arrangements for effecting co-operative working between equipments covered by two or more of main groups G06K1/00 - G06K15/00, e.g. automatic card files incorporating conveying and reading operations arrangements or provisious for transferring data to distant stations, e.g. from a sensing device
- G06K17/0025—Methods or arrangements for effecting co-operative working between equipments covered by two or more of main groups G06K1/00 - G06K15/00, e.g. automatic card files incorporating conveying and reading operations arrangements or provisious for transferring data to distant stations, e.g. from a sensing device the arrangement consisting of a wireless interrogation device in combination with a device for optically marking the record carrier
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
Abstract
The present application relates to a digital identity login method, apparatus, computer device, storage medium and computer program product. The method comprises the following steps: scanning the image code to obtain a digital identity; the digital identity is sent to a digital identity system, and digital identity information is obtained from the blockchain according to the digital identity through the digital identity system; receiving digital identity information sent by a digital identity system, obtaining a target certificate according to the digital identity information, and encrypting the target certificate by using local encryption information and target encryption information to obtain an encrypted target certificate; the target encryption information is the encryption information of the target platform; the encryption target credential is sent to a target platform, and the target platform is used for carrying out authority verification on the decryption target credential after the data identity system and the blockchain verify the decryption target credential successfully, and generating a jump result after the authority verification; and receiving a jump result, and jumping to the target page according to the jump result. The method can be used for safety.
Description
Technical Field
The present application relates to the field of blockchain technology, and in particular, to a digital identity login method, a digital identity login device, a computer device, a storage medium, and a computer program product.
Background
With the rapid development of internet technology, computer automatic verification and application login are adopted to connect off-line entities to on-line virtual identities, so that convenience and importance are increasingly highlighted.
Currently, in the traditional technology, there are centralized storage, centralized ID (Identity document, identity) and third party centralized ID, but when the centralized ID logs in each Internet platform, account passwords of each platform need to be remembered, and as the platforms are more and more, simple login becomes extremely complex; the centralized storage data are all mastered in the centralized organization, once the centralized organization is wrote or the centralized server is attacked, personal information of the user is revealed, property and personal safety of the user are directly endangered, and the third party centralized ID can generate the portrait of the user through collecting the Internet use preference of the user and analyzing the big data, so that the potential safety hazard of the user is greatly increased.
Disclosure of Invention
In view of the foregoing, it is desirable to provide a digital identity registration method, apparatus, computer device, computer readable storage medium, and computer program product that can improve security.
In a first aspect, the present application provides a digital identity login method applied to a client. The method comprises the following steps:
scanning the image code to obtain a digital identity;
the digital identity is sent to a digital identity system, and digital identity information is obtained from a blockchain through the digital identity system according to the digital identity;
receiving the digital identity information sent by the digital identity system, obtaining a target certificate according to the digital identity information, and encrypting the target certificate by using local encryption information and target encryption information to obtain an encrypted target certificate; the target encryption information is the encryption information of the target platform;
the encryption target credential is sent to the target platform, and the target platform is used for carrying out authority verification on the decryption target credential after the data identity system and the blockchain verify the decryption target credential successfully, and generating a jump result after the authority verification; and sending the jump result to the client; the decryption target credential is obtained after the target platform decrypts the encryption target credential;
and receiving the jump result, and jumping to a target page according to the jump result.
In one embodiment, encrypting the target credential using the local encryption information and the target encryption information to obtain an encrypted target credential includes:
encrypting the target certificate by using the local encryption information to obtain initial authentication information; the local encryption information is a local private key;
encrypting the initial authentication information through target encryption information to obtain the encrypted target certificate; the target encryption information is a public key of the target platform.
In one embodiment, the obtaining the target credential according to the digital identity information includes:
inquiring according to the digital identity information to obtain an initial certificate;
and receiving a selection instruction, and obtaining the target certificate from the initial certificate.
In a second aspect, the present application provides a digital identity login for a target platform. The method comprises the following steps:
receiving an encryption target credential sent by a client; the target certificate carries a digital identity mark;
decrypting the encrypted target certificate to obtain a decrypted target certificate;
the decryption target certificate and the digital identity are sent to a data identity system, and the data identity system is used for analyzing the decryption target certificate and sending the analyzed decryption target certificate and the digital identity to the blockchain;
Receiving a verification result sent by the blockchain, wherein the verification result is obtained after the blockchain verifies the decryption target certificate and the digital identity;
verifying the user login permission according to the verification result, generating a jump result after the user login permission is successfully verified, and sending the jump result to the client; and the jump result is used for indicating the client to jump to the target page.
In one embodiment, the verifying the user login permission according to the verification result, generating a skip result after the user login permission is successfully verified, and sending the skip result to the client, where the step includes:
when the verification result is successful, verifying the user login permission by using verification information;
and after the login permission of the user is successfully verified, generating the jump result, and sending the jump result to the client.
In a third aspect, the present application provides a digital identity login method applied to a data identity system, the method. Comprising the following steps:
receiving a decryption target credential and a digital identity, which are sent by a target platform, analyzing the decryption target credential, and sending the analyzed decryption target credential and the analyzed digital identity to the blockchain; the block chain is used for verifying the analyzed decryption target certificate and the digital identity; the decryption target credential is obtained after the target platform decrypts the encryption target credential.
In a fourth aspect, the present application provides a digital identity registration system for use with a blockchain, the method comprising:
receiving an information inquiry request sent by a data identity system, wherein the inquiry request carries a digital identity mark; the inquiry request is generated after the digital identity system receives the digital identity sent by the client;
inquiring according to the digital identity to obtain digital identity information corresponding to the digital identity;
transmitting the digital identity information to the digital identity system; the digital identity system analyzes the digital identity information and sends the analyzed digital identity information to a client;
and receiving the analyzed decryption target certificate and the digital identity mark sent by the digital identity system, verifying, generating a verification result, and sending the verification result to a target platform.
In a fifth aspect, the present application further provides a digital identity login device applied to a client. The device comprises:
the response module is used for scanning the image code to obtain a digital identity;
the first sending module is used for sending the digital identity to a digital identity system, and obtaining digital identity information from a blockchain according to the digital identity through the digital identity system;
The first receiving module is used for receiving the digital identity information sent by the digital identity system, obtaining a target certificate according to the digital identity information, and encrypting the target certificate by using local encryption information and target encryption information to obtain an encrypted target certificate; the target encryption information is the encryption information of the target platform;
the certificate sending module is used for sending the encrypted target certificate to the target platform, and the target platform is used for carrying out authority verification on the decrypted target certificate after the data identity system and the blockchain verify the decrypted target certificate successfully and generating a jump result after the authority verification; and sending the jump result to the client; the decryption target credential is obtained after the target platform decrypts the encryption target credential;
and the jump module is used for receiving the jump result and jumping to the target page according to the jump result.
In a sixth aspect, the present application further provides a digital identity login device applied to a target platform, where the device includes:
the second receiving module is used for receiving the encryption target certificate sent by the client; the target certificate carries a digital identity mark;
The decryption module is used for decrypting the encryption target certificate to obtain a decryption target certificate;
the second sending module is used for sending the decryption target certificate and the digital identity to a data identity system, wherein the data identity system is used for analyzing the decryption target certificate and sending the analyzed decryption target certificate and the analyzed digital identity to the blockchain;
the third receiving module is used for receiving a verification result sent by the blockchain, wherein the verification result is obtained after the blockchain verifies the decryption target certificate and the digital identity;
the permission verification module is used for verifying the user login permission according to the verification result, generating a jump result after the user login permission is successfully verified, and sending the jump result to the client; and the jump result is used for indicating the client to jump to the target page.
In a seventh aspect, the present application further provides an apparatus for use in a digital identity system, the apparatus comprising:
the fourth receiving module is used for receiving the decryption target certificate and the digital identity mark sent by the target platform, analyzing the decryption target certificate, and sending the analyzed decryption target certificate and the analyzed digital identity mark to the blockchain; the block chain is used for verifying the analyzed decryption target certificate and the digital identity; the decryption target credential is obtained after the target platform decrypts the encryption target credential.
In an eighth aspect, the present application further provides a digital identity registration apparatus for use with a blockchain, the apparatus comprising:
the fifth receiving module is used for receiving an information inquiry request sent by the data identity system, wherein the inquiry request carries a digital identity mark; the inquiry request is generated after the digital identity system receives the digital identity sent by the client;
the inquiry module is used for inquiring according to the digital identity identifier to obtain digital identity information corresponding to the digital identity identifier;
the third sending module is used for sending the digital identity information to the digital identity system; the digital identity system analyzes the digital identity information and sends the analyzed digital identity information to a client;
and the sixth receiving module is used for receiving the analyzed decryption target certificate and the digital identity mark sent by the digital identity system, verifying the decryption target certificate and the digital identity mark, generating a verification result and sending the verification result to a target platform.
In a ninth aspect, the present application also provides a computer device. The computer device comprises a memory storing a computer program and a processor implementing the steps of the method of any of the embodiments described above when the processor executes the computer program.
In a fourth aspect, the present application also provides a computer-readable storage medium. The computer readable storage medium having stored thereon a computer program which, when executed by a processor, implements the steps of the method of any of the embodiments described above.
In a fifth aspect, the present application also provides a computer program product. The computer program product comprising a computer program which, when executed by a processor, implements the steps of the method of any of the embodiments described above.
The method, the device, the computer equipment, the storage medium and the computer program product for digital identity login are characterized in that a client firstly scans an image code to obtain a digital identity, then sends the digital identity to a digital identity system, obtains digital identity information from a blockchain according to the data identity through the digital identity system, then receives the digital identity information sent by the digital identity system, obtains a target certificate according to the digital identity information, encrypts the target certificate by using local encryption information and target encryption information to obtain an encrypted target certificate; the target encryption information is the encryption information of the target platform; the encryption target credential is sent to a target platform, and the target platform is used for carrying out authority verification on the decryption target credential after the data identity system and the blockchain verify the decryption target credential successfully, and generating a jump result after the authority verification; and sending the jump result to the client; the decryption target credential is obtained after the target platform decrypts the encryption target credential; and receiving a jump result, and jumping to the target page according to the jump result. Firstly, the login method is simple; secondly, the code scanning login based on the distributed digital identity is carried out, login information is mastered by a user, and is submitted to an Internet platform for verification after being manually selected and confirmed by the user, so that the safety of the user information can be ensured.
Drawings
FIG. 1 is a diagram of an application environment for a digital identity registration method in one embodiment;
FIG. 2 is a flow chart of a digital identity registration method according to one embodiment;
FIG. 3 is a flow chart of a digital identity registration method according to another embodiment;
FIG. 4 is a flow chart of a digital identity registration method in other embodiments;
FIG. 5 is a flow chart of steps of a digital identity registration method in one embodiment;
FIG. 6 is a schematic diagram illustrating steps before code scanning login in one embodiment;
FIG. 7 is a block diagram of a digital identity registration device in one embodiment;
FIG. 8 is a block diagram of a digital identity registration device in another embodiment;
FIG. 9 is a block diagram of a digital identity registration device in other embodiments;
fig. 10 is an internal structural diagram of a client in one embodiment.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the present application will be further described in detail with reference to the accompanying drawings and examples. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the present application.
The digital identity login method provided by the embodiment of the application can be applied to an application environment shown in fig. 1. Wherein client 102, target platform 104, digital identity system 106, and blockchain 108 communicate. The client 102 scans the image code to obtain a digital identity, then sends the digital identity to the digital identity system 106, the digital identity system 106 queries from the blockchain 108 according to the digital identity to obtain digital identity information corresponding to the data identity system identity, the blockchain 108 sends the digital identity information obtained by the query to the data identity system 106, the digital identity system 106 sends the digital identity information to the client 102, and obtains a target credential according to the digital identity information, and then encrypts the target credential by using local encryption information and target encryption information to obtain an encrypted target credential; the target encryption information is the encryption information of the target platform. The client 102 sends the encrypted target credential to the target platform 104, and the target platform 104 is configured to verify the authority of the decrypted target credential after the data system 106 and the blockchain 108 verify the decrypted target credential, generate a skip result after the authority is verified successfully, and send the skip result to the client 102; the decryption target credential is obtained by decrypting the encryption target credential by the target platform; the client 102 receives the jump result and jumps to the target page according to the jump result. The client 102 may be, but not limited to, various personal computers, notebook computers, smart phones, tablet computers, internet of things devices, and portable wearable devices, where the internet of things devices may be smart speakers, smart televisions, smart air conditioners, smart vehicle devices, and the like. The portable wearable device may be a smart watch, smart bracelet, headset, or the like. The target platform 104 and the digital identity system 106 may be implemented as separate servers or as a cluster of servers.
In one embodiment, as shown in fig. 2, a digital identity login method is provided, and the method is applied to the client 102 in fig. 1 for illustration, and includes the following steps S202 to S210.
S202, scanning the image code to obtain the digital identity.
The image code refers to a code which is scanned to acquire information identification, and can be a one-dimensional code, a two-dimensional code and the like; the digital identity is a distributed digital identity based on a blockchain technology, is a novel digital identity, can define all entities in the real world, and generally consists of a distributed digital identity identifier and a verifiable statement. The digital identity has the characteristics of uniqueness in application and cross-application self-discovery, and can be used for representing the dids.
Optionally, the image code is a login two-dimensional code pre-generated by the target platform, and callback address url after code scanning, the information such as the did of the target platform, the authentication type, the two-dimensional code number uuid and the like are packaged in the two-dimensional code. The target platform can be any internet platform, such as a beauty group, a microblog and the like.
Optionally, the client scans the two-dimension code, acquires related information carried by the two-dimension code, such as callback address url, internet platform fid, two-dimension code number uuid and other information, and then initiates a request for inquiring the fid document to the distributed digital identity system by using the digital identity.
S204, the digital identity mark is sent to a digital identity system, and digital identity information is obtained from the blockchain through the digital identity system according to the digital identity mark.
Specifically, the client sends the dids to the digital identity system, and the distributed digital identity system queries the blockchain network for the dids related to the Internet platform according to the digital identity.
Optionally, the client generates a query request of the digital identity information according to the did, where the query request includes a waiting time, and if the time from the digital identity system to querying the digital identity information in the blockchain according to the data identity identifier exceeds the waiting time, the client returns a result of requesting to retry, and the client regenerates the query request of the digital identity information. Thus, the resources can be prevented from being occupied all the time, and other requests cannot be found out to be corresponding to the situations.
Alternatively, the client may send the dids directly to the blockchain, which may directly obtain digital identity information, but which may increase the coupling of the system, which may be inconvenient to develop and export.
S206, receiving digital identity information sent by the digital identity system, obtaining a target certificate according to the digital identity information, and encrypting the target certificate by using the local encryption information and the target encryption information to obtain an encrypted target certificate; the target encryption information is the encryption information of the target platform.
The target credential is selected from the initial credentials by the client, and the target credential and the initial credentials are verifiable credentials, wherein the verifiable credentials are open standards for digital identity, can represent all information in the physical credentials, and are used for proving any matters, such as citizen identity (identity card credentials), student identity (student identity card credentials), property evidence (property credentials) and the like. The verifiable credentials may be issued by anyone or an organization, the entity that generated the credentials is referred to as the issuer, the entity that owns the credentials is referred to as the holder, and the entity that verifies the credentials is referred to as the verifier; the holder can present the credential to anyone for verification, thereby proving something about himself. The verifiable credential comprises three parts, namely metadata, a statement and a certificate, wherein the metadata describes the attribute of the credential, such as an issuer, an issuing time, an expiration time, a credential type and the like; statement description statement regarding a principal; the proof describes the information needed to verify the credentials.
The target credential is generated by encrypting the target credential by using local encryption information and target encryption information.
The local encryption information refers to encryption information of the client, and can be a local private key; the target encryption information is encryption information of the target platform, which may be a public key of the target platform.
Optionally, the target encryption information is returned by the blockchain together with the digital identity information when the digital identity system queries the digital identity information from the blockchain according to the digital identity.
Optionally, the blockchain may encode the target encryption information obtained according to the digital identity query according to a preset encoding rule, then send the encoded target encryption information and the digital identity information to the digital identity system together, analyze the target encryption information and the digital identity information by the digital identity system, send the encoded target encryption information and the digital identity information to the client, and decode the target encryption information and the digital identity information by the client according to the preset decoding rule. The preset encoding rule refers to a preset rule for encoding the target encryption information, and the corresponding preset decoding rule refers to a preset decoding rule for decoding the encoded target encryption information. The target encryption information is encoded by the block chain, so that a third party can be prevented from obtaining the target encryption information in the transmission process, and the safety of the target encryption information is further ensured.
Alternatively, the blockchain may encode the digital identity information and the target encryption information using preset encoding rules.
Optionally, the encoding mode of the digital identity information and the encoding mode of the target encryption information may be different, so that the security of the digital identity information and the target encryption information can be further ensured.
Specifically, after receiving digital identity information sent by the digital identity system, the client can obtain a target certificate according to the digital identity information, then encrypt the target certificate by using local encryption information, and then encrypt by using target encryption information to obtain an encrypted target certificate, wherein the target encryption information is the encryption information of the target platform.
S208, sending the encrypted target credential to a target platform, wherein the target platform is used for carrying out authority verification on the decrypted target credential after the data identity system and the blockchain verify the decrypted target credential successfully, and generating a jump result after the authority verification; and sending the jump result to the client; the decryption target credential is obtained after the target platform decrypts the encryption target credential.
Optionally, after the client sends the encrypted target credential to the target platform, the target platform decrypts the encrypted target credential using the local private key to obtain a decrypted target credential, and then sends a verification request for the decrypted target credential to the digital identity system.
The digital identity system sends the digital identity and the verification request to the blockchain, the blockchain verifies the decryption target certificate according to the digital identity, generates a verification result, sends the verification result to the target platform, and the target platform performs further authority verification according to the verification result.
Optionally, the digital identity system initiates the verification request to the dids and the verifiable statement in a synchronous manner, and the digital identity system obtains the digital identity information from the blockchain and decrypts the verification result of the target credential and sends the verification result to the target platform.
It should be noted that, the verification of the decryption target credential must be performed on the blockchain, so that the target platform can be conveniently accessed, and if the target platform directly operates the chain layer, the blockchain sdk related technology is involved, so that the transformation cost of the target platform is increased. Therefore, the distributed digital identity system is used for management, the development cost of upper-layer application is simplified, and the application of technology is facilitated.
S210, receiving a jump result, and jumping to a target page according to the jump result.
The client receives a jump result, and jumps to the target platform according to the jump link carried in the jump result when the jump result is passed.
Illustratively, the client receives a jump result and when the jump result is failed, displays the result that the login was unsuccessful.
In the digital identity login method, a client firstly scans an image code to obtain a digital identity, then sends the digital identity to a digital identity system, obtains digital identity information from a blockchain according to the data identity through the digital identity system, then receives the digital identity information sent by the digital identity system, obtains a target certificate according to the digital identity information, encrypts the target certificate by using local encryption information and target encryption information, and obtains an encrypted target certificate; the target encryption information is the encryption information of the target platform; the encryption target credential is sent to a target platform, and the target platform is used for carrying out authority verification on the decryption target credential after the data identity system and the blockchain verify the decryption target credential successfully, and generating a jump result after the authority verification; and sending the jump result to the client; the decryption target credential is obtained after the target platform decrypts the encryption target credential; and receiving a jump result, and jumping to the target page according to the jump result. Firstly, the login method is simple; secondly, the code scanning login based on the distributed digital identity is carried out, login information is mastered by a user, and is submitted to an Internet platform for verification after being manually selected and confirmed by the user, so that the safety of the user information can be ensured.
In one embodiment, encrypting the target credential using the local encryption information and the target encryption information to obtain an encrypted target credential includes: signing the target certificate by using the local encryption information to obtain initial authentication information; the local encryption information is a local private key; encrypting the initial authentication information through the target encryption information to obtain an encrypted target credential; the target encryption information is a public key of the target platform.
Optionally, the initial authentication information is information obtained after the client signs the target credential through the local private key. For example, the client may sign the target credential using an asymmetric key encryption algorithm, which may ensure integrity, authentication, and non-repudiation of the transmitted information, and which may ensure confidentiality of the transmitted information.
Optionally, the client encrypts the initial authentication information through the public key of the target platform to obtain an encrypted target credential. Illustratively, the client may encrypt the initial authentication information using an encryption algorithm such as DES (Data Encryption Standard ), AES (Advanced Encryption Standard, advanced encryption standard), HMAC-SHA256 (Hash-based Message Authentication Code, hashed message authentication code), or the like.
It should be noted that, the local encryption information is used to sign and then the target encryption information is used to encrypt, and because the target encryption information is the public key of the target platform, if the target encryption information is used to sign the target certificate, other clients can obtain the public key from the blockchain and tamper with the initial authentication information.
In the above embodiment, the client first signs the target credential using the local encryption information, so as to ensure the non-tamperability of the initial authentication information; then, the target encryption information is used for encrypting the initial encryption information, so that the safety of the initial authentication information is further ensured.
In one embodiment, the initial credential is obtained according to the digital identity information query; and receiving a selection instruction, and obtaining a target certificate from the initial certificate.
Optionally, a distributed digital identity configuration module is pre-stored in the client, and various verifiable credentials are stored in the distributed digital identity configuration module.
Optionally, the client queries from the distributed digital identity configuration module according to the digital identity information to obtain the initial credential. Where the initial credential refers to a verifiable credential required by the target platform. For example, the client may query the distributed digital identity configuration module for verifiable credentials required by the beauty community based on the digital identity information of the beauty community.
The selection instruction refers to an instruction received by the client when the user operates on the display screen, and the target credential can be obtained from the initial credential according to the operation instruction.
The client screens out the initial credentials according to the digital identity information for the user to select, and the client obtains the target credentials from the initial credentials after receiving the selection instruction.
Optionally, when the user selects the initial credential, the user may select the initial credential according to the description corresponding to the initial credential, so that the user may conveniently select the required credential.
In the above embodiment, the client can accurately obtain the initial credential according to the digital identity information, and then obtain the target credential from the initial credential through the selection instruction, so that the credential required by the user can be accurately obtained.
In one embodiment, as shown in fig. 3, a digital identity login method is provided, which is illustrated by applying the method to the target platform 104 in fig. 1, and includes the following steps S302 to S310:
s302, receiving an encryption target credential sent by a client; the target credential carries a digital identity.
Illustratively, the target platform receives the encrypted target credential sent by the client, and the specific obtaining of the target credential and the encryption process can refer to the method described in the foregoing embodiments. The target certificate carries a digital identity corresponding to the target platform.
S304, decrypting the encrypted target certificate to obtain a decrypted target certificate.
Illustratively, the target platform decrypts the target credential using the local private key to obtain a decrypted target credential. The decryption target credential refers to a verifiable credential obtained by decrypting the encryption target credential. It should be noted that the local private key is the private key of the target platform.
S306, the decryption target credentials and the digital identity are sent to a data identity system, and the data identity system is used for analyzing the decryption target credentials and sending the analyzed decryption target credentials and the digital identity to a blockchain.
Optionally, the target platform sends a verification request to the data identity system, wherein the verification request carries the decryption target credential and the data identity system. Wherein the verification request refers to a verification request sent by the target platform for decrypting the target credential. For example, the verification request may be a verification of the authenticity, validity of the decryption target credential.
Optionally, the target platform sends the verification request to the digital identity system, the digital identity system analyzes the verification request to obtain a digital identity and a data identity, then sends the analyzed decryption target credential and the analyzed data identity to the blockchain, and verifies the decryption target credential in the blockchain according to the digital identity.
Optionally, the target platform may set a waiting duration of the verification request, and illustratively, the waiting duration may be set to 60 seconds, and when the waiting duration is exceeded, the target platform sends a timeout to send a timeout alert to the client, so that resources may be prevented from being occupied all the time.
S308, receiving a verification result sent by the block chain, wherein the verification result is obtained after the block chain verifies the decryption target credentials and the digital identity.
And the target platform receives a verification result of the decryption target credential sent by the blockchain, wherein the verification result is obtained after the blockchain verifies the decryption target credential and the digital identity.
S310, checking the user login permission according to the verification result, generating a jump result after the user login permission is checked successfully, and sending the jump result to the client; the jump result is used for indicating the client to jump to the target page.
Optionally, after receiving the verification result returned by the blockchain, the target platform verifies the login permission according to the information content in the decrypted target certificate, generates a skip result after the login permission is successfully verified, sends the skip result to the client, and the client can skip to the target page according to the skip result.
Optionally, after the login permission is successfully checked, a jump result is generated, the result is the address of the target page, and the client can jump to the corresponding page according to the address of the target page.
Optionally, after the login permission verification is unsuccessful, a jump result is generated, wherein the jump result is a page with login failure.
Illustratively, after the target platform passes verification, a token (structure) is generated and sent to the client, and the client logs in according to the token.
In the implementation, the target platform obtains the encrypted target credential, decrypts the encrypted target credential by using the private key of the encrypted target credential to obtain the decrypted target credential, and performs login verification on the decrypted target credential after verification is passed, so that the whole login process can be simplified, and the target platform only needs to verify the login authority of the user.
In one embodiment, the verifying the user login permission according to the verification result, generating a skip result after the user login permission is successfully verified, and sending the skip result to the client, where the verifying includes: when the verification result is successful, verifying the user login permission by using the verification information; and after the login permission of the user is successfully verified, generating a jump result, and sending the jump result to the client.
For example, when the verification result returned by the blockchain is that the verification is successful, the target platform uses the verification information to verify the user login authority. Wherein the verification information is derived by the target platform from decoding the target credential.
Illustratively, when the target user successfully verifies the user login permission, a jump result is generated, the jump result is sent to the client, and the client jumps to the target platform according to the jump result.
Optionally, when the blockchain fails to verify the decoding target credential and the target platform fails to verify the login rights, verifying the failed message to the client.
In the above embodiment, only after the verification result is successful and the user login permission is verified, the target platform can send the skip result to the client, so that the security of the target platform can be ensured.
In one embodiment, a digital identity login method is provided, and is described by taking the application of the method to the digital identity system 106 in fig. 1 as an example, and the method includes the following steps: receiving a decryption target credential and a digital identity, which are sent by a target platform, analyzing the decryption target credential, and sending the analyzed decryption target credential and digital identity to a blockchain; the block chain is used for verifying the analyzed decryption target credentials and the digital identity; the decryption target credential is obtained after the target platform decrypts the encryption target credential.
Illustratively, the digital identity system receives the decryption target credential and the digital identity, parses the decryption target credential, and sends the parsed decryption target credential and the digital identity to the blockchain, which verifies the decryption target credential according to the digital identity. The block chain is used for verifying the analyzed decryption target credentials and the digital identity; the decryption target credential is obtained after the target platform decrypts the encryption target credential.
The digital identity system receives the query request sent by the client, queries digital identity information corresponding to the digital identity in the blockchain according to the digital identity after receiving the query request, and sends the digital identity information to the client.
Optionally, the digital identity system creates a digital identity for the user in advance. Optionally, the digital identity system needs to audit the data submitted by the user, and after qualification audit is passed, the digital identity system can be built for the user.
Optionally, the digital identity system may send the data submitted by the user to the certificate authority for qualification audit, generate a verifiable certificate after the qualification audit is passed, save the state of the certificate (issued, deleted, to-be-approved, etc.) in the blockchain, and send the original document information of the certificate to the client after the saving is successful.
In the above embodiment, the digital identity system analyzes the decryption target credential in time after receiving the decryption target credential and the digital identity, and sends the analyzed decryption target credential and the digital identity to the blockchain, so that verification management can be provided for the client.
In one embodiment, as shown in fig. 4, a digital identity registration method is provided, and the method is applied to the blockchain 108 in fig. 1 for illustration, and includes the following steps S402 to S408.
S402, receiving an information inquiry request sent by a data identity system, wherein the inquiry request carries a digital identity; the inquiry request is generated after the digital identity system receives the digital identity mark sent by the client.
The block link receives an information inquiry request sent by the digital identity system, wherein the information inquiry request carries a digital identity.
S404, inquiring according to the digital identity, and obtaining digital identity information corresponding to the digital identity.
Illustratively, the blockchain queries according to the digital identity to obtain digital identity information corresponding to the digital identity.
Optionally, the blockchain stores the digital identity information corresponding to each digital identity in advance, so that the corresponding digital identity information can be queried according to the digital identity.
S406, the digital identity information is sent to a digital identity system; the digital identity system analyzes the digital identity information and sends the analyzed digital identity information to the client.
The blockchain sends the digital identity information to the digital identity system after obtaining the digital identity information corresponding to the digital identity, and the digital identity system analyzes the digital identity information and sends the digital identity information to the client. Since the digital identity information is in the form of a json-like representation, it is not available and is parsed into user-identifiable field meanings.
S408, the decrypted target certificate and the digital identity mark which are sent by the digital identity system and are analyzed are received for verification, a verification result is generated, and the verification result is sent to the target platform.
Illustratively, the block link receives the decrypted target credential and the digital identity sent by the digital identity system, and verifies the authenticity and validity of the decrypted target credential according to the digital identity.
Optionally, the state of the verifiable credentials (issued, deleted, pending, etc.) is pre-stored in the blockchain, and the blockchain can verify the decryption target credentials according to the state of each verifiable credential.
Optionally, the blockchain may verify the decryption target credential based on the state of the verifiable credential. If the state of the verifiable certificate obtained by inquiring according to the digital identity corresponding to the decrypted target certificate is deleted, the verification is not passed, a corresponding verification result is generated, and the verification result is sent to the target platform.
In the above embodiment, the blockchain provides the client with the storage service of the chain layer, such as the digital identity information uplink storage, and the state uplink storage is proved, so that the security of the digital identity information and the state of the verifiable certificate can be ensured.
In an exemplary embodiment, with reference to fig. 5, fig. 5 is a flowchart showing steps of a digital identity login method in an embodiment, and the specific process includes steps 1 to 14:
1. the internet platform generates a login two-dimensional code, and packages callback address url after code scanning, the information such as the did of the internet platform, the authentication type and the two-dimensional code number uuid in the two-dimensional code.
2. The wallet applet end scans the two-dimension code to acquire related information carried by the two-dimension code, such as callback address url, internet platform fid, two-dimension code number uuid and other information.
3. The wallet applet uses the internet platform did to initiate a request to the distributed digital identity system for a query for a did document.
4. The distributed digital identity system queries the blockchain network for the internet platform-related did documents.
5. The blockchain network returns the did document to the distributed digital identity system.
6. The distributed digital identity system parses the did document and returns it to the wallet applet.
7. The wallet applet queries a required certification list of the internet platform from the distributed digital identity configuration module according to the did information, and screens out required verifiable certificates for the user to manually select authorization.
8. The wallet applet signs the selected certificate using the local private key, encrypts the request message using the public key of the third party internet platform, and attaches the user's own dids for transmission to the third party internet platform.
9. And after receiving the request information, the third-party internet platform decrypts the request information by using the local private key.
10. And the third party internet platform initiates verification requests of the dids and the verifiable statement to the distributed digital identity system in a synchronous mode until the distributed digital identity returns a verification result. Wherein the timeout waiting time may be set to 60 seconds.
11. The distributed digital identity system queries the di document and verifiable claims from the blockchain, parses and verifies the authenticity and validity of the di and verifiable claims.
12. And the distributed digital identity system returns the verification result to the third party internet platform.
13. After the third party internet platform obtains the verification passing result, verifying the login authority of the user according to the information content in the verifiable certificate, and jumping to the corresponding page according to the login authority; otherwise, directly returning the verification failure.
14. After the verification is passed, a token is generated and the successful login is returned to the wallet applet, otherwise, the login failure is returned.
In this embodiment, the client is a wallet applet, the target platform is a third party internet platform, the digital identity system is a distributed digital identity system, the digital identity is a did, and the digital identity information is a did document.
Before the user scans through the image code, the digital identity system further includes generating a digital identity identifier for the user, and the specific flow is shown in fig. 6, and fig. 6 is a schematic diagram of steps before the code scanning login in an embodiment.
(1) The digital identity system creates a distributed Digital Identity (DID) for a user, the user logs in a wallet applet, after WeChat authorization is successful, an identity mark is created for the user, after KYC (Know Your Customer, meaning that whether the user meets the supervision requirements of backwash money law and anti-terrorism financing) is authenticated, after the authentication of identity card and name two-element networking, face recognition authentication is carried out, a mnemonic (indicating the expression form of a text private key and generally used for retrieving the private key) is finally generated for the user, and after a security code (similar to a common transaction password) is input by the user and the mnemonic is recorded, the distributed digital identity is created.
(2) The user applies for login evidence, the user applies for login evidence in a wallet applet demonstration column, and related application materials are submitted to a certificate issuing organization for qualification verification.
(3) And the issuing organization logs in the distributed digital identity background management system to audit the data submitted by the user, after qualification audit is passed, the local private key is used for signing the applied certificate to generate a verifiable certificate, the state (issued, deleted, to-be-approved and the like) of the certificate is stored in the blockchain, and after the storage is successful, the original document information of the certificate is sent to the platform user side.
(4) The platform user side logs in the wallet applet and returns to the proving list, and the applied login certificate is seen to display the character of successful authentication, and the specific content comprises: the certification name, the certification description, the certification state, the certification validity period, the certificate issuing party, the issuing time and other information.
In the above embodiment, first, the digital identity system creates a distributed digital identity for a user, generates a mnemonic and a public and private key, and stores the public key in a uplink manner; secondly, the wallet applet scans the two-dimensional code, analyzes information in the two-dimensional code, jumps out of a proof list to be provided, and confirms authorization to the Internet platform after manual selection by a user; in addition, according to the did in the two-dimensional code, the public key is queried from the chain, and the public key is used for encrypting the transmitted message. Such a login method is relatively simple; and the code scanning login based on the distributed digital identity is carried out, login information is mastered by a user, and is submitted to an Internet platform for verification after being manually selected and confirmed by the user, so that the safety of the user information can be ensured.
It should be understood that, although the steps in the flowcharts related to the above embodiments are sequentially shown as indicated by arrows, these steps are not necessarily sequentially performed in the order indicated by the arrows. The steps are not strictly limited to the order of execution unless explicitly recited herein, and the steps may be executed in other orders. Moreover, at least some of the steps in the flowcharts described in the above embodiments may include a plurality of steps or a plurality of stages, which are not necessarily performed at the same time, but may be performed at different times, and the order of the steps or stages is not necessarily performed sequentially, but may be performed alternately or alternately with at least some of the other steps or stages.
Based on the same inventive concept, the embodiment of the application also provides a digital identity login device for realizing the above related digital identity login method. The implementation of the solution provided by the device is similar to the implementation described in the above method, so the specific limitation in the embodiment of one or more digital identity registration devices provided below may be referred to the limitation of the digital identity registration method hereinabove, and will not be repeated here.
In one embodiment, as shown in fig. 7, there is provided a digital identity login device applied to a client, including: a response module 710, a first transmission module 720, a first reception module 730, a credential transmission module 740, and a skip module 750, wherein:
and the response module 710 is configured to scan the image code to obtain a digital identity.
The first sending module 720 is configured to send the digital identity to a digital identity system, and obtain digital identity information from the blockchain according to the digital identity through the digital identity system.
The first receiving module 730 is configured to receive digital identity information sent by the digital identity system, obtain a target credential according to the digital identity information, and encrypt the target credential using the local encryption information and the target encryption information to obtain an encrypted target credential; the target encryption information is the encryption information of the target platform.
The credential sending module 740 is configured to send the encrypted target credential to a target platform, where the target platform is configured to perform authority verification on the decrypted target credential after the data identity system and the blockchain verify the decrypted target credential successfully, and generate a skip result after the authority verification; and sending the jump result to the client; the decryption target credential is obtained after the target platform decrypts the encryption target credential.
The skip module 750 is configured to receive a skip result, and skip to the target page according to the skip result.
In one embodiment, the first receiving module 730 includes:
the local encryption unit is used for encrypting the target certificate by using the local encryption information to obtain initial authentication information; the local encryption information is a local private key.
The target encryption unit is used for encrypting the initial authentication information through the target encryption information to obtain an encrypted target certificate; the target encryption information is a public key of the target platform.
In one embodiment, the first receiving module 730 further includes:
and the certificate acquisition unit is used for acquiring the initial certificate.
And the certificate selection unit is used for obtaining the target certificate from the initial certificate according to the digital identity information.
In one embodiment, as shown in fig. 8, the present application provides a digital identity registration device applied to a target platform, including: a second receiving module 810, a decrypting module 820, a second transmitting module 830, a third receiving module 840 and a third receiving module 840, wherein:
a second receiving module 810, configured to receive an encrypted target credential sent by a client; the target credential carries a digital identity.
The decryption module 820 is configured to decrypt the encrypted target credential to obtain a decrypted target credential.
The second sending module 830 is configured to send the decryption target credential and the digital identity to the data identity system, where the data identity system is configured to parse the decryption target credential, and send the parsed decryption target credential and the digital identity to the blockchain.
The third receiving module 840 is configured to receive a verification result sent by the blockchain, where the verification result is obtained after the blockchain verifies the decryption target credential and the digital identity.
The permission verification module 850 is configured to verify the user login permission according to the verification result, generate a skip result after the user login permission is successfully verified, and send the skip result to the client; the jump result is used for indicating the client to jump to the target page.
In one embodiment, the rights verification module 850 includes:
and the first verification unit is used for verifying the user login permission by using the verification information when the verification result is successful.
And the second verification unit is used for generating a jump result after the login permission of the user is verified successfully and sending the jump result to the client.
In one embodiment, the present application provides a digital identity registration device applied to a data identity system, including a fourth receiving module, wherein:
the fourth receiving module is used for receiving the decryption target credentials and the digital identity marks sent by the target platform, analyzing the decryption target credentials, and sending the analyzed decryption target credentials and the digital identity marks to the blockchain; the block chain is used for verifying the analyzed decryption target credentials and the digital identity; the decryption target credential is obtained after the target platform decrypts the encryption target credential.
In one embodiment, as shown in fig. 9, the present application provides a digital identity registration device applied to a blockchain, including a fifth receiving module 910, a querying module 920, a third sending module 930, and a sixth receiving module 940, where:
a fifth receiving module 910, configured to receive an information query request sent by the data identity system, where the query request carries a digital identity; the inquiry request is generated after the digital identity system receives the digital identity mark sent by the client.
The query module 920 is configured to query according to the digital identity, and obtain digital identity information corresponding to the digital identity.
A third sending module 930, configured to send the digital identity information to the digital identity system; the digital identity system analyzes the digital identity information and sends the analyzed digital identity information to the client.
The sixth receiving module 940 is configured to receive the parsed decryption target credential and the digital identity sent by the digital identity system, perform verification, generate a verification result, and send the verification result to the target platform.
The modules in the digital identity registration device may be implemented in whole or in part by software, hardware, or a combination thereof. The above modules may be embedded in hardware or may be independent of a processor in the computer device, or may be stored in software in a memory in the computer device, so that the processor may call and execute operations corresponding to the above modules.
In one embodiment, a computer device is provided, which may be a terminal, and an internal structure diagram thereof may be as shown in fig. 10. The computer device includes a processor, a memory, an input/output interface, a communication interface, a display unit, and an input means. The processor, the memory and the input/output interface are connected through a system bus, and the communication interface, the display unit and the input device are connected to the system bus through the input/output interface. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device includes a non-volatile storage medium and an internal memory. The non-volatile storage medium stores an operating system and a computer program. The internal memory provides an environment for the operation of the operating system and computer programs in the non-volatile storage media. The input/output interface of the computer device is used to exchange information between the processor and the external device. The communication interface of the computer device is used for carrying out wired or wireless communication with an external terminal, and the wireless mode can be realized through WIFI, a mobile cellular network, NFC (near field communication) or other technologies. The computer program is executed by a processor to implement a digital identity registration method.
It will be appreciated by those skilled in the art that the structure shown in fig. 10 is merely a block diagram of some of the structures associated with the present application and is not limiting of the computer device to which the present application may be applied, and that a particular computer device may include more or fewer components than shown, or may combine certain components, or have a different arrangement of components.
In an embodiment, a computer device is provided comprising a memory and a processor, the memory having stored therein a computer program, the processor implementing the steps of the method of any of the embodiments described above when the computer program is executed.
In an embodiment, a computer readable storage medium is provided, on which a computer program is stored which, when executed by a processor, carries out the steps of the method of any of the embodiments described above.
In an embodiment, a computer program product is provided, comprising a computer program which, when executed by a processor, implements the steps of the method of any of the embodiments described above.
Those skilled in the art will appreciate that implementing all or part of the above described methods may be accomplished by way of a computer program stored on a non-transitory computer readable storage medium, which when executed, may comprise the steps of the embodiments of the methods described above. Any reference to memory, database, or other medium used in the various embodiments provided herein may include at least one of non-volatile and volatile memory. The nonvolatile Memory may include Read-Only Memory (ROM), magnetic tape, floppy disk, flash Memory, optical Memory, high density embedded nonvolatile Memory, resistive random access Memory (ReRAM), magnetic random access Memory (Magnetoresistive Random Access Memory, MRAM), ferroelectric Memory (Ferroelectric Random Access Memory, FRAM), phase change Memory (Phase Change Memory, PCM), graphene Memory, and the like. Volatile memory can include random access memory (Random Access Memory, RAM) or external cache memory, and the like. By way of illustration, and not limitation, RAM can be in the form of a variety of forms, such as static random access memory (Static Random Access Memory, SRAM) or dynamic random access memory (Dynamic Random Access Memory, DRAM), and the like. The databases referred to in the various embodiments provided herein may include at least one of relational databases and non-relational databases. The non-relational database may include, but is not limited to, a blockchain-based distributed database, and the like. The processors referred to in the embodiments provided herein may be general purpose processors, central processing units, graphics processors, digital signal processors, programmable logic units, quantum computing-based data processing logic units, etc., without being limited thereto.
The technical features of the above embodiments may be arbitrarily combined, and all possible combinations of the technical features in the above embodiments are not described for brevity of description, however, as long as there is no contradiction between the combinations of the technical features, they should be considered as the scope of the description.
The above examples only represent a few embodiments of the present application, which are described in more detail and are not to be construed as limiting the scope of the present application. It should be noted that it would be apparent to those skilled in the art that various modifications and improvements could be made without departing from the spirit of the present application, which would be within the scope of the present application. Accordingly, the scope of protection of the present application shall be subject to the appended claims.
Claims (14)
1. A digital identity login method, applied to a client, comprising:
scanning the image code to obtain a digital identity;
the digital identity is sent to a digital identity system, and digital identity information is obtained from a blockchain through the digital identity system according to the digital identity;
receiving the digital identity information sent by the digital identity system, obtaining a target certificate according to the digital identity information, and encrypting the target certificate by using local encryption information and target encryption information to obtain an encrypted target certificate; the target encryption information is the encryption information of the target platform;
The encryption target credential is sent to the target platform, and the target platform is used for carrying out authority verification on the decryption target credential after the data identity system and the blockchain verify the decryption target credential successfully, and generating a jump result after the authority verification; and sending the jump result to the client; the decryption target credential is obtained after the target platform decrypts the encryption target credential;
and receiving the jump result, and jumping to a target page according to the jump result.
2. The method of claim 1, wherein encrypting the target credential using the local encryption information and the target encryption information results in an encrypted target credential, comprising:
encrypting the target certificate by using the local encryption information to obtain initial authentication information; the local encryption information is a local private key;
encrypting the initial authentication information through target encryption information to obtain the encrypted target certificate; the target encryption information is a public key of the target platform.
3. The method of claim 1, wherein obtaining the target credential from the digital identity information comprises:
Inquiring according to the digital identity information to obtain an initial certificate;
and receiving a selection instruction, and obtaining the target certificate from the initial certificate.
4. A digital identity login method, applied to a target platform, comprising:
receiving an encryption target credential sent by a client; the target certificate carries a digital identity mark;
decrypting the encrypted target certificate to obtain a decrypted target certificate;
the decryption target certificate and the digital identity are sent to a data identity system, and the data identity system is used for analyzing the decryption target certificate and sending the analyzed decryption target certificate and the digital identity to the blockchain;
receiving a verification result sent by the blockchain, wherein the verification result is obtained after the blockchain verifies the decryption target certificate and the digital identity;
verifying the user login permission according to the verification result, generating a jump result after the user login permission is successfully verified, and sending the jump result to the client; and the jump result is used for indicating the client to jump to the target page.
5. The method according to claim 4, wherein verifying the user login right according to the verification result, generating a jump result after the user login right is verified successfully, and transmitting the jump result to the client, includes:
when the verification result is successful, verifying the user login permission by using verification information;
and after the login permission of the user is successfully verified, generating the jump result, and sending the jump result to the client.
6. A digital identity login method, applied to a data identity system, the method comprising:
receiving a decryption target credential and a digital identity, which are sent by a target platform, analyzing the decryption target credential, and sending the analyzed decryption target credential and the analyzed digital identity to the blockchain; the block chain is used for verifying the analyzed decryption target certificate and the digital identity; the decryption target credential is obtained after the target platform decrypts the encryption target credential.
7. A digital identity registration method, applied to a blockchain, comprising:
Receiving an information inquiry request sent by a data identity system, wherein the inquiry request carries a digital identity mark; the inquiry request is generated after the digital identity system receives the digital identity sent by the client;
inquiring according to the digital identity to obtain digital identity information corresponding to the digital identity;
transmitting the digital identity information to the digital identity system; the digital identity system analyzes the digital identity information and sends the analyzed digital identity information to a client;
and receiving the analyzed decryption target certificate and the digital identity mark sent by the digital identity system, verifying, generating a verification result, and sending the verification result to a target platform.
8. A digital identity registration device for use with a client, the device comprising:
the response module is used for scanning the image code to obtain a digital identity;
the first sending module is used for sending the digital identity to a digital identity system, and obtaining digital identity information from a blockchain according to the digital identity through the digital identity system;
The first receiving module is used for receiving the digital identity information sent by the digital identity system, obtaining a target certificate according to the digital identity information, and encrypting the target certificate by using local encryption information and target encryption information to obtain an encrypted target certificate; the target encryption information is the encryption information of the target platform;
the certificate sending module is used for sending the encrypted target certificate to the target platform, and the target platform is used for carrying out authority verification on the decrypted target certificate after the data identity system and the blockchain verify the decrypted target certificate successfully and generating a jump result after the authority verification; and sending the jump result to the client; the decryption target credential is obtained after the target platform decrypts the encryption target credential;
and the jump module is used for receiving the jump result and jumping to the target page according to the jump result.
9. A digital identity registration apparatus for use with a target platform, the apparatus comprising:
the second receiving module is used for receiving the encryption target certificate sent by the client; the target certificate carries a digital identity mark;
The decryption module is used for decrypting the encryption target certificate to obtain a decryption target certificate;
the second sending module is used for sending the decryption target certificate and the digital identity to a data identity system, wherein the data identity system is used for analyzing the decryption target certificate and sending the analyzed decryption target certificate and the analyzed digital identity to the blockchain;
the third receiving module is used for receiving a verification result sent by the blockchain, wherein the verification result is obtained after the blockchain verifies the decryption target certificate and the digital identity;
the permission verification module is used for verifying the user login permission according to the verification result, generating a jump result after the user login permission is successfully verified, and sending the jump result to the client; and the jump result is used for indicating the client to jump to the target page.
10. A digital identity registration apparatus for use in a data identity system, the apparatus comprising:
the fourth receiving module is used for receiving the decryption target certificate and the digital identity mark sent by the target platform, analyzing the decryption target certificate, and sending the analyzed decryption target certificate and the analyzed digital identity mark to the blockchain; the block chain is used for verifying the analyzed decryption target certificate and the digital identity; the decryption target credential is obtained after the target platform decrypts the encryption target credential.
11. A digital identity registration device for use with a blockchain, the device comprising:
the fifth receiving module is used for receiving an information inquiry request sent by the data identity system, wherein the inquiry request carries a digital identity mark; the inquiry request is generated after the digital identity system receives the digital identity sent by the client;
the inquiry module is used for inquiring according to the digital identity identifier to obtain digital identity information corresponding to the digital identity identifier;
the third sending module is used for sending the digital identity information to the digital identity system; the digital identity system analyzes the digital identity information and sends the analyzed digital identity information to a client;
and the sixth receiving module is used for receiving the analyzed decryption target certificate and the digital identity mark sent by the digital identity system, verifying the decryption target certificate and the digital identity mark, generating a verification result and sending the verification result to a target platform.
12. A computer device comprising a memory and a processor, the memory storing a computer program, characterized in that the processor implements the steps of the method of any one of claims 1 to 3 or 4 to 5 or 6 or 7 when the computer program is executed.
13. A computer readable storage medium, on which a computer program is stored, characterized in that the computer program, when being executed by a processor, implements the steps of the method of any of claims 1 to 3 or 4 to 5 or 6 or 7.
14. A computer program product comprising a computer program, characterized in that the computer program, when being executed by a processor, realizes the steps of the method of any one of claims 1 to 3 or 4 to 5 or 6 or 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211516667.8A CN116318776A (en) | 2022-11-30 | 2022-11-30 | Digital identity login method, device, computer equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211516667.8A CN116318776A (en) | 2022-11-30 | 2022-11-30 | Digital identity login method, device, computer equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116318776A true CN116318776A (en) | 2023-06-23 |
Family
ID=86827528
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211516667.8A Pending CN116318776A (en) | 2022-11-30 | 2022-11-30 | Digital identity login method, device, computer equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116318776A (en) |
-
2022
- 2022-11-30 CN CN202211516667.8A patent/CN116318776A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11777911B1 (en) | Presigned URLs and customer keying | |
| CN113572614B (en) | Security method and system for data transmission | |
| CN105099692B (en) | Security verification method and device, server and terminal | |
| US9806887B1 (en) | Authenticating nonces prior to encrypting and decrypting cryptographic keys | |
| US9787672B1 (en) | Method and system for smartcard emulation | |
| CN109495268B (en) | Two-dimensional code authentication method and device and computer readable storage medium | |
| CN104125064A (en) | Dynamic password authentication method, client and authentication system | |
| CN112861102A (en) | Block chain-based electronic file processing method and system | |
| CN113704734A (en) | Distributed digital identity-based method for realizing certificate verification and related device | |
| RU2698424C1 (en) | Authorization control method | |
| CN116015846A (en) | Identity authentication method, identity authentication device, computer equipment and storage medium | |
| CN116049802A (en) | Application single sign-on method, system, computer equipment and storage medium | |
| CN107919958B (en) | Data encryption processing method, device and equipment | |
| US10608997B1 (en) | Context-based data access control | |
| CN116318776A (en) | Digital identity login method, device, computer equipment and storage medium | |
| CN110490003B (en) | User trusted data generation method, user trusted data acquisition method, device and system | |
| CN114567444B (en) | Digital signature verification method, device, computer equipment and storage medium | |
| TWI670618B (en) | Login system implemented along with a mobile device without password and method thereof | |
| CN115664742A (en) | Block chain-based digital identity verification method and system | |
| CN114244574A (en) | Application authorization method and device, computer equipment and storage medium | |
| CN114238915A (en) | Digital certificate adding method and device, computer equipment and storage medium | |
| CN117062073A (en) | Security authentication method, device, computer equipment and storage medium | |
| CN117390665A (en) | Identity information management method, apparatus, device, storage medium and program product | |
| CN115189919A (en) | Method and system for sharing information between platform and living application based on cryptographic algorithm | |
| CN117436046A (en) | Bank login method, device and equipment based on alliance chain and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |