CN117061235A

CN117061235A - Identity authentication method, system, equipment and computer readable storage medium

Info

Publication number: CN117061235A
Application number: CN202311219334.3A
Authority: CN
Inventors: 张静雨
Original assignee: Bank of China Ltd
Current assignee: Bank of China Ltd
Priority date: 2023-09-20
Filing date: 2023-09-20
Publication date: 2023-11-14

Abstract

The embodiment of the application provides an identity authentication method, an identity authentication system, identity authentication equipment and a computer readable storage medium, which can be applied to the field of network security or the field of finance, wherein the method comprises the following steps: the identity authentication system receives an identity authentication request sent by a meta-universe server, wherein the identity authentication request comprises a virtual identity identifier and authentication identity information of a user corresponding to a meta-universe client; verifying the corresponding user of the meta space client based on the identity authentication request; if the meta-universe client side corresponding user passes verification, the authentication success information is sent to the meta-universe server, so that the meta-universe server generates a login response and sends the login response to the meta-universe client side. According to the embodiment of the application, the identity authentication system is used for authenticating the identity of the user, so that the meta space server does not need to store the registered user information, the problem of data leakage in the meta space server is avoided, and the safety of the user information is ensured.

Description

Identity authentication method, system, equipment and computer readable storage medium

Technical Field

The present application relates to the field of network security technologies, and in particular, to an identity authentication method, system, device, and computer readable storage medium.

Background

With the popularization of metauniverse concepts and the development of metauniverse technology, metauniverse is a virtual and real world, and many natural people in the real world will access various services and interact with others in metauniverse space by using digitized bodies. As a mapping of real individuals, the virtual digital identity as an independent identity layer can control the separation to access massive network services in different systems, such as shopping, social interaction, online learning and the like, so that one user simultaneously has a plurality of metauniverse digital identities, and a large number of digital identity fragments are generated and stored in the service end of an operator of the metauniverse. At present, the service end of an operator cannot realize identity privacy protection and supervision, and once the metauniverse digital identity is revealed, a large amount of user real information behind the metauniverse digital identity is exposed. The disclosure of the data not only threatens the property safety of the user, but also affects the personal safety of the user, so that the improvement of privacy safety and the guarantee of data storage safety are necessary.

Disclosure of Invention

In view of the above, the present application aims to provide an identity authentication method, system, device and computer readable storage medium, in which a meta space server does not need to store registered user information, so as to avoid the problem of data leakage in the meta space server and ensure the security of the user information, and the specific technical scheme is as follows:

in a first aspect, the present application provides an identity authentication method, applied to an identity authentication system, the method comprising:

receiving an identity authentication request sent by a meta space server, wherein the identity authentication request comprises a virtual identity identifier and authentication identity information of a user corresponding to a meta space client, and the virtual identity identifier corresponds to at least one virtual image of the user corresponding to the meta space client;

verifying the corresponding user of the meta-universe client based on the identity authentication request;

and if the meta-universe client side corresponding user passes verification, sending authentication success information to the meta-universe server, enabling the meta-universe server to generate a login response, and sending the login response to the meta-universe client side.

In one possible implementation manner, the verifying the metauniverse client corresponding user based on the identity authentication request includes:

performing digital processing on the authentication identity information to obtain authentication digital identity information;

acquiring digital identity information corresponding to the virtual identity;

and verifying whether the authentication digital identity information is consistent with the digital identity information corresponding to the virtual identity.

In one possible implementation manner, the digitizing the authentication identity information to obtain authentication digital identity information includes:

and carrying out hash operation on the authentication identity information to obtain authentication digital identity information.

In one possible implementation, before the receiving the authentication request sent by the metauniverse server, the method further includes:

receiving a registration request sent by a meta-universe server, wherein the registration request comprises registration identity information of a user corresponding to a meta-universe client;

verifying the registered identity information;

digitally processing the verified registered identity information to obtain digital identity information;

and generating a virtual identity identifier of the user corresponding to the metauniverse client based on the digital identity information.

In one possible implementation manner, after the digitally processing the authenticated registered identity information to obtain digital identity information, the method further includes:

and uploading the digital identity information to a blockchain.

In a second aspect, the present application also provides an identity authentication system, the system comprising:

the receiving module is used for receiving an identity authentication request sent by the metauniverse server, wherein the identity authentication request comprises a virtual identity identifier and authentication identity information of a user corresponding to a metauniverse client, and the virtual identity identifier corresponds to at least one virtual image of the user corresponding to the metauniverse client;

the verification module is used for verifying the corresponding user of the meta space client based on the identity authentication request;

and the sending module is used for sending the authentication success information to the meta-universe server if the meta-universe client side corresponding user passes the authentication, so that the meta-universe server generates a login response and sends the login response to the meta-universe client side.

In one possible implementation, the verification module includes:

the digitizing unit is used for digitizing the authentication identity information to obtain authentication digital identity information;

the acquisition unit is used for acquiring digital identity information corresponding to the virtual identity;

and the verification unit is used for verifying whether the authentication digital identity information is consistent with the digital identity information corresponding to the virtual identity.

In one possible implementation, the system further includes:

the request receiving module is used for receiving a registration request sent by the meta-universe server, wherein the registration request comprises registration identity information of a user corresponding to the meta-universe client;

the information verification module is used for verifying the registered identity information;

the digitizing module is used for digitizing the registered identity information passing the verification to obtain digital identity information;

and the generation module is used for generating the virtual identity mark of the user corresponding to the meta space client based on the digital identity information.

In a third aspect, the present application also provides a computer apparatus, comprising: a memory and a processor;

wherein the memory is used for storing a computer program;

the processor is configured to execute a computer program in the memory to implement the method of the first aspect or any one of the first aspects.

In a fourth aspect, the application also provides a computer readable storage medium, characterized in that instructions are stored which, when run on a computer, cause the computer to perform the method of the first aspect or any one of the first aspects.

In the embodiment of the application, an identity authentication system receives an identity authentication request sent by a meta space server, wherein the identity authentication request comprises a virtual identity identifier and authentication identity information of a user corresponding to a meta space client; verifying the corresponding user of the meta space client based on the identity authentication request; if the meta-universe client side corresponding user passes verification, the authentication success information is sent to the meta-universe server, so that the meta-universe server generates a login response and sends the login response to the meta-universe client side. According to the embodiment of the application, the identity authentication system is used for authenticating the identity of the user, so that the meta space server does not need to store the registered user information, the problem of data leakage in the meta space server is avoided, and the safety of the user information is ensured. According to the embodiment of the application, the same user can log in at least one virtual image through one virtual identity, so that the uniqueness of the digital user identity in the meta universe is ensured, and the problem that the same user needs to memorize a plurality of virtual identities is avoided.

Drawings

In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings that are required in the embodiments or the description of the prior art will be briefly described, and it is obvious that the drawings in the following description are some embodiments of the present application, and other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.

Fig. 1 shows a flowchart of an embodiment of an identity authentication method according to an embodiment of the present application;

FIG. 2 is a flowchart of another embodiment of an authentication method according to an embodiment of the present application;

fig. 3 shows a schematic structural diagram of an identity authentication system according to an embodiment of the present application.

Detailed Description

For the purpose of making the objects, technical solutions and advantages of the embodiments of the present application more apparent, the technical solutions of the embodiments of the present application will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present application, and it is apparent that the described embodiments are some embodiments of the present application, but not all embodiments of the present application. All other embodiments, which can be made by those skilled in the art based on the embodiments of the application without making any inventive effort, are intended to be within the scope of the application.

First, some terms that may appear in the embodiments of the present application will be explained.

Biological recognition technology: the personal identity is identified by the inherent physiological characteristics (such as fingerprints, facial images, irises and the like) and the behavioral characteristics of human bodies through the close combination of a computer and high-tech means such as optics, acoustics, biological sensors, a biological statistics principle and the like.

Distributed digital identity (Decentralized Identity, DID) technology: based on the blockchain, the identity data is prevented from being controlled by a single centralized authority, based on the distributed public key infrastructure (Decentralized Public Key Infrastructure, DPKI), the identity of each user is controlled not by a trusted third party but by the owner thereof, the individual can autonomously manage the identity of the individual, and the identity-related data is anchored on the blockchain, so that the authentication process does not need to depend on the application party providing the identity.

At present, a plurality of metauniverse digital identities of the same user are stored in a service end of an operator of the metauniverse, but the service end of the operator cannot realize identity privacy protection and supervision while authenticating digital virtual characters. The diversified digital separation may also lead to the dispersion of the same real individual account, inevitably creating the problem of identity "crash". Based on the method, the unique identity authentication is performed by using the identity authentication system, and the service end of the operator does not need to store and monitor the digital identity, so that the user identity is ensured to be true and reliable.

Referring to fig. 1, a flowchart of an embodiment of an identity authentication method provided by the embodiment of the present application is shown, and the embodiment of the present application is applied to an identity authentication system, and at least includes the following steps:

s11, receiving an identity authentication request sent by the meta space server.

When a user needs to log in the metauniverse, the metauniverse client inputs the virtual identity and the authentication identity information, and the metauniverse client sends the virtual identity and the authentication identity information of the user to the metauniverse server, so that the metauniverse server performs identity authentication on the user. In the embodiment of the application, the meta space server performs identity authentication on the user through the identity authentication system, namely, the meta space server sends an identity authentication request to the identity authentication system, so that the identity authentication system performs identity authentication based on the identity authentication request, wherein the identity authentication request comprises a virtual identity identifier and authentication identity information of the user corresponding to the meta space client, and the virtual identity identifier corresponds to at least one virtual image of the user corresponding to the meta space client.

The metauniverse client refers to a program for providing a metauniverse service for a user, such as an Application (APP), a browser, etc., and the metauniverse client may be mounted in a terminal, which refers to a device capable of installing and operating the metauniverse client, such as a smart phone, a tablet computer, a laptop personal computer, a desktop personal computer, a mini computer, a midrange computer, a mainframe computer, etc.; the metauniverse server refers to a service device which can communicate with metauniverse clients and provide data support for the metauniverse clients, and can provide services for one metauniverse client or simultaneously provide services for a plurality of metauniverse clients.

And S12, verifying the corresponding user of the meta-universe client based on the identity authentication request.

And the identity authentication system verifies the user after receiving the identity authentication request sent by the meta space server. The verification of the embodiment of the application can be that the identity authentication system compares the received virtual identity and authentication identity information with the stored virtual identity and identity information. In the embodiment of the application, the identity authentication system stores the registered virtual identity and identity information corresponding to the virtual identity.

And S13, if the meta-universe client side corresponding user passes verification, transmitting authentication success information to the meta-universe server, enabling the meta-universe server to generate a login response, and transmitting the login response to the meta-universe client side.

If the virtual identity and the authentication identity information of the user corresponding to the metauniverse client are verified, the fact that the user corresponding to the metauniverse client passes the verification is indicated, authentication success information is sent to the metauniverse server, the metauniverse server generates login response and sends the login response to the metauniverse client, and the user corresponding to the metauniverse client successfully logs in the metauniverse.

Referring to fig. 2, a flowchart of another embodiment of an authentication method according to an embodiment of the present application is shown, and the flowchart is applied to an authentication system, and the embodiment of the present application at least includes the following steps:

s21, receiving a registration request sent by the meta space server.

When a user needs to register an account in a metauniverse, registration identity information is input through a metauniverse client, and the metauniverse client sends the registration identity information of the user to a metauniverse server, so that the metauniverse server registers the account. In the embodiment of the application, the meta space server completes registration through the identity authentication system, namely, the meta space server sends a registration request to the identity authentication system, so that the identity authentication system registers based on the registration request, and the registration request comprises registration identity information of a user corresponding to the meta space client.

The registered identity information may include physical information including a name, an identification card number, a real address, a contact phone, and a contact mailbox, and biometric information including face information, fingerprint information, or iris information.

S22, verifying the registered identity information.

In the embodiment of the application, the registered identity information and the information of the supervision department are verified. The identity authentication system acquires the name and the face information corresponding to the identity card number from the supervision department, compares the name and the face information in the registered identity information with the name and the face information acquired from the supervision department, ensures the authenticity of the registered identity information, and can also ensure the uniqueness of the registered identity information.

S23, performing digital processing on the authenticated registered identity information to obtain digital identity information.

The embodiment of the application can digitize the registered identity information, namely digitize the physical information and the biological information in the registered identity information, so that the physical information and the biological information are converted into numbers.

The embodiment of the application performs digital processing on the authenticated registered identity information to obtain digital identity information, and one implementation way of obtaining the digital identity information can be to perform hash operation on the authenticated registered identity information to obtain the digital identity information. After the hash operation is performed, the obtained hash value is the digital identity information. The uniqueness of the digital identity information is ensured by carrying out hash operation on the authenticated registered identity information to obtain the digital identity information.

It should be noted that, the digitizing process in the embodiment of the present application only needs to convert the registered identity information into numbers, and the specific digitizing process method may be performed according to the actual situation, which is not limited by the embodiment of the present application.

The authenticated registered identity information may be pre-processed prior to digitizing the authenticated registered identity information, which may include scaling, rotation, stretching, light compensation, gray scale transformation, histogram equalization, normalization, geometric correction, filtering, and sharpening.

The registration identity information may also be pre-processed prior to verification of the registration identity information. If the registration identity information is pre-processed before the registration identity information is verified, there is no need to pre-process the verified registration identity information before the verified registration identity information is digitized.

After the digital identity information is obtained, the registered identity information and the digital identity information can be uploaded to the blockchain, so that the digital identity information is prevented from being controlled by a single centralized authority, and the data security is further improved. Preferably, the registration identity information and the digital identity information are uploaded to the blockchain as verifiable credentials (Verifiable Credential, VC) using DID technology. The DID technology can ensure the authenticity and credibility of the data, can protect the privacy safety of users, and has the characteristic of strong portability.

S24, generating virtual identity marks of the corresponding users of the meta-universe client based on the digital identity information.

After the digital identity information is obtained, a unique virtual identity mark which is entered into the metauniverse by the corresponding user of the metauniverse client can be generated based on the digital identity information, so that various interaction activities can be completed in the metauniverse by the corresponding user of the metauniverse client through the virtual identity mark.

The process of registering the metauniverse account is described in the embodiment of the application, so that the uniqueness of the digital user identity in the metauniverse scene is ensured. In the process of registering the meta universe account, the registered identity information is digitally processed, and even if other people obtain the digital identity information, the true identity information cannot be restored, so that the true information of the user is further protected.

S25, receiving an identity authentication request sent by the meta space server.

Step S25 of the embodiment of the present application may refer to step S11 of the previous embodiment, and the description of the embodiment of the present application is omitted.

S26, verifying the corresponding user of the meta-universe client based on the identity authentication request.

In the embodiment of the present application, verifying the meta-universe client corresponding user based on the identity authentication request may include the following steps:

s261, the authentication identity information is subjected to digital processing to obtain authentication digital identity information.

S262, digital identity information corresponding to the virtual identity is acquired.

S263, verifying whether the digital identity information of the authentication is consistent with the digital identity information corresponding to the virtual identity.

If the authentication digital identity information is consistent with the digital identity information corresponding to the virtual identity, the corresponding user of the meta-universe client passes the verification; if the authentication digital identity information is inconsistent with the digital identity information corresponding to the virtual identity, the user corresponding to the meta-universe client does not pass the authentication.

Because the identity authentication system of the embodiment of the application carries out digital processing on the registered identity information, the embodiment of the application can verify the corresponding user of the meta-universe client based on the digital identity information. The obtaining the digital identity information corresponding to the virtual identity may be obtaining the digital identity information corresponding to the virtual identity from the blockchain. The digital authentication identity information is digitally processed, so that the digital authentication identity information can be compared with the registered digital identity information in the blockchain, and the verification accuracy is improved. In the verification process, even if other people obtain the digital identity information, the true identity information cannot be restored, and the true information of the user is further protected.

One implementation of the digital processing of the authentication identity information may be that hash operations are performed on the authentication identity information to obtain authentication digital identity information. After hash operation is carried out, the obtained hash value is the authentication digital identity information. The uniqueness of the authentication digital identity information is ensured by carrying out hash operation on the authentication digital identity information to obtain the authentication digital identity information.

The authentication identity information may be pre-processed prior to digitizing the authentication identity information, which may include scaling, rotation, stretching, light compensation, gray scale transformation, histogram equalization, normalization, geometric correction, filtering, and sharpening.

And S27, if the meta-universe client side corresponding user passes verification, transmitting authentication success information to the meta-universe server, enabling the meta-universe server to generate a login response, and transmitting the login response to the meta-universe client side.

Step S27 of the embodiment of the present application can refer to step S13 of the previous embodiment, and the description of the embodiment of the present application is omitted.

Next, an identity authentication system provided by the present application will be described, and an identity authentication system described below and an identity authentication method described above will be referred to correspondingly.

Referring to fig. 3, a schematic structural diagram of an identity authentication system according to an embodiment of the present application is shown, where the system includes:

a receiving module 301, configured to receive an identity authentication request sent by a metauniverse server, where the identity authentication request includes a virtual identity identifier and authentication identity information of a user corresponding to a metauniverse client, where the virtual identity identifier corresponds to at least one avatar of the user corresponding to the metauniverse client;

a verification module 302, configured to verify a user corresponding to the meta space client based on the identity authentication request;

and the sending module 303 is configured to send authentication success information to the metauniverse server if the user corresponding to the metauniverse client passes the authentication, so that the metauniverse server generates a login response, and send the login response to the metauniverse client.

In an embodiment of the present application, the verification module 302 includes:

In an embodiment of the present application, the digitizing unit is specifically configured to:

In an embodiment of the present application, the system further includes:

and the uploading module is used for uploading the digital identity information to a blockchain.

The embodiment of the application also provides computer equipment, which comprises: a memory and a processor;

wherein the memory is used for storing a computer program;

the processor is configured to execute the computer program in the memory to implement the method as described in the method embodiments above.

Embodiments of the present application also provide a computer-readable storage medium storing instructions that, when executed on a computer, cause the computer to perform a method as described in the method embodiments above.

In the embodiment of the application, a receiving module is used for receiving an identity authentication request sent by a meta space server, wherein the identity authentication request comprises a virtual identity identifier and authentication identity information of a user corresponding to a meta space client, and the virtual identity identifier corresponds to at least one virtual image of the user corresponding to the meta space client; the verification module is used for verifying the corresponding user of the meta-universe client based on the identity authentication request; and the sending module is used for sending the authentication success information to the meta-universe server if the corresponding user of the meta-universe client passes the authentication, so that the meta-universe server generates a login response and sends the login response to the meta-universe client. According to the embodiment of the application, the identity authentication system is used for authenticating the identity of the user, so that the meta space server does not need to store the registered user information, the problem of data leakage in the meta space server is avoided, and the safety of the user information is ensured. According to the embodiment of the application, the same user can log in at least one virtual image through one virtual identity, so that the uniqueness of the digital user identity in the meta universe is ensured, and the problem that the same user needs to memorize a plurality of virtual identities is avoided.

The identity authentication method, the system, the equipment and the computer readable storage medium provided by the application can be used in the network security field or the financial field. The foregoing is merely exemplary, and the application fields of the identity authentication method, the system, the device and the computer readable storage medium provided by the present application are not limited.

It should be noted that, in each embodiment, identical and similar parts are referred to each other. For system-like embodiments, the description is relatively simple as it is substantially similar to method embodiments, and reference should be made to the description of method embodiments for relevant points.

For the foregoing embodiments, for simplicity of explanation, the same is shown as a series of acts, but it should be understood by those skilled in the art that the present application is not limited by the order of acts described, as some steps may occur in other orders or concurrently in accordance with the application. Further, those skilled in the art will also appreciate that the embodiments described in the specification are all preferred embodiments, and that the acts and modules referred to are not necessarily required for the present application.

Finally, it is also noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.

The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present application. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the application. Thus, the present application is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.

The foregoing is merely a preferred embodiment of the present application and it should be noted that modifications and adaptations to those skilled in the art may be made without departing from the principles of the present application, which are intended to be comprehended within the scope of the present application.

Claims

1. An identity authentication method, applied to an identity authentication system, comprising:

2. The method of claim 1, wherein verifying the metauniverse client corresponding user based on the identity authentication request comprises:

acquiring digital identity information corresponding to the virtual identity;

3. The method of claim 2, wherein the digitizing the authentication identity information to obtain authentication digital identity information comprises:

4. A method according to any one of claims 1 to 3, characterized in that before said receiving an authentication request sent by a metauniverse server, the method further comprises:

verifying the registered identity information;

5. The method of claim 4, wherein after digitizing the authenticated registered identity information to obtain digital identity information, the method further comprises:

and uploading the digital identity information to a blockchain.

6. An identity authentication system, the system comprising:

7. The system of claim 6, wherein the authentication module comprises:

8. The system according to claim 6 or 7, characterized in that the system further comprises:

9. A computer device, comprising: a memory and a processor;

the memory is used for storing a computer program;

the processor is configured to execute a computer program in the memory to implement the method of any one of claims 1 to 5.

10. A computer readable storage medium storing instructions which, when run on a computer, cause the computer to perform the method of any one of claims 1 to 5.