CN117176354A - Data processing method, device, equipment, medium and product - Google Patents
Data processing method, device, equipment, medium and product Download PDFInfo
- Publication number
- CN117176354A CN117176354A CN202210598416.2A CN202210598416A CN117176354A CN 117176354 A CN117176354 A CN 117176354A CN 202210598416 A CN202210598416 A CN 202210598416A CN 117176354 A CN117176354 A CN 117176354A
- Authority
- CN
- China
- Prior art keywords
- identity
- target object
- verification
- authentication
- request
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000003672 processing method Methods 0.000 title claims abstract description 28
- 238000012795 verification Methods 0.000 claims abstract description 249
- 238000012545 processing Methods 0.000 claims abstract description 65
- 238000000034 method Methods 0.000 claims abstract description 46
- 238000013475 authorization Methods 0.000 claims description 45
- 238000004590 computer program Methods 0.000 claims description 20
- 238000003860 storage Methods 0.000 claims description 16
- 238000010586 diagram Methods 0.000 description 20
- 238000005516 engineering process Methods 0.000 description 9
- 238000004458 analytical method Methods 0.000 description 6
- 238000004891 communication Methods 0.000 description 6
- 238000012790 confirmation Methods 0.000 description 6
- 238000012546 transfer Methods 0.000 description 4
- 238000010200 validation analysis Methods 0.000 description 4
- 230000001815 facial effect Effects 0.000 description 3
- 230000006870 function Effects 0.000 description 3
- 230000002452 interceptive effect Effects 0.000 description 3
- 238000007726 management method Methods 0.000 description 3
- RTZKZFJDLAIYFH-UHFFFAOYSA-N Diethyl ether Chemical compound CCOCC RTZKZFJDLAIYFH-UHFFFAOYSA-N 0.000 description 2
- 238000013473 artificial intelligence Methods 0.000 description 2
- 238000009434 installation Methods 0.000 description 2
- 238000009826 distribution Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000011160 research Methods 0.000 description 1
Landscapes
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The application provides a data processing method, a data processing device, data processing equipment, a medium and a product. The method comprises the following steps: acquiring an identity verification request aiming at a target object, and acquiring verification data from the identity verification request, wherein the verification data is generated based on a digital collection protocol; analyzing the verification data to obtain an object identity verification certificate, and verifying the object identity verification certificate; and if the authentication of the identity authentication credentials of the object is passed, generating authentication passing indication information. The application can carry out identity verification based on the object identity registration certificate generated by the digital collection protocol, thereby improving the efficiency and the reliability of the identity verification.
Description
Technical Field
The present application relates to the field of internet technology, and in particular, to a data processing method, a data processing apparatus, a computer device, a computer readable storage medium, and a computer program product.
Background
In blockchains, ownership validation and circulation of the assets under the chain is a hot topic of research in the current blockchain arts. Where validation of ownership of an asset under a chain refers to validation of the identity of the object that owns the asset, this process typically involves the technical means of authenticating an object.
In the authentication scene, when an object needs to use a certain service, the object is usually required to perform authentication manually, for example, a mobile phone number is input to perform short message authentication, and an account number and a password are filled to perform authentication, which is time-consuming and labor-consuming. Therefore, how to improve the efficiency of authentication is a technical problem to be solved currently.
Disclosure of Invention
The embodiment of the application provides a data processing method, a device, equipment, a medium and a product, which can carry out identity verification based on an object identity registration certificate generated by a digital collection protocol, thereby improving the efficiency of the identity verification.
In one aspect, an embodiment of the present application provides a data processing method, where the method includes:
acquiring an identity verification request aiming at a target object, and acquiring verification data from the identity verification request, wherein the verification data is generated based on a digital collection protocol;
analyzing the verification data to obtain an object identity verification certificate, and verifying the object identity verification certificate;
and if the authentication of the identity authentication credentials of the object is passed, generating authentication passing indication information.
In one aspect, an embodiment of the present application provides a data processing method, where the method includes:
Acquiring an identity registration request submitted by a target object, wherein the identity registration request carries identity information of the target object;
verifying the identity information of the target object, and if the verification is passed, generating an object identity registration credential of the target object based on a digital collection protocol;
the method comprises the steps of sending an object identity registration credential of a target object to computer equipment so that the computer equipment verifies the object identity verification credential, and generating verification passing indication information if the verification of the object identity verification credential is passed;
the object authentication credentials are obtained after analysis of authentication data, and the authentication data are obtained from an authentication request after the computer equipment obtains the authentication request aiming at the target object.
In one aspect, an embodiment of the present application provides a data processing apparatus, including:
the acquisition unit is used for acquiring an identity verification request aiming at a target object and acquiring verification data from the identity verification request, wherein the verification data is generated based on a digital collection protocol;
the processing unit is used for analyzing the verification data to obtain an object identity verification certificate and verifying the object identity verification certificate;
The processing unit is further configured to generate verification passing indication information if verification of the object authentication credential passes.
In a possible implementation manner, before the obtaining unit obtains the authentication request for the target object, the processing unit is further configured to:
acquiring a real-name authentication success notification message which is sent by a real-name server and aims at a target object, wherein the real-name authentication success notification message is generated by calling an identity authentication platform interface to perform real-name authentication on the identity information of the target object after the real-name server receives the identity information submitted by the target object;
associating the target object with an object identity registration credential generated for the target object;
wherein the real name authentication comprises at least one of the following: and verifying the validity of the identity information and verifying the security of the identity information.
In one possible implementation, the processing unit associates the target object with an object identity registration credential generated for the target object for performing the following operations:
receiving an address registration request sent by a real name server, wherein the address registration request carries a blockchain address of a target object;
responding to the address registration request, and acquiring an object identity registration credential generated by an identity service system for a target object based on a digital collection protocol;
The object identity registration credential is associated with the blockchain address of the target object.
In one possible implementation, the processing unit verifies the object authentication credentials for performing the following operations:
acquiring an object identity registration credential of a target object, wherein the object identity registration credential is generated by an identity service system based on a digital collection protocol after verification of identity information submitted by the target object to the identity service system is passed;
the object authentication credentials are authenticated based on the object identity registration credentials of the target object.
In one possible implementation, the verification data is obtained by signing an object authentication credential with a private key of the target object;
the processing unit analyzes the verification data to obtain an object identity verification certificate, and the object identity verification certificate is used for executing the following operations:
and carrying out signature verification processing on the verification data by utilizing the public key of the target object, and acquiring object identity verification credentials of the target object based on a digital collection protocol if the signature verification is successful.
In one possible implementation, the authentication request is used to request to log in to an identity service system or at least one service system, where any one of the at least one service system refers to a system that has performed a trust endorsement operation on the identity information of the target object.
In one possible implementation, the processing unit is further configured to perform the following operations:
receiving a data acquisition request submitted by a target service system, wherein the data acquisition request is used for requesting to acquire the identity information of a target object, and the target service system comprises an identity service system and at least one service system;
sending a data acquisition request to a real name server;
receiving the identity information of the target object sent by the real name server, and sending the identity information of the target object to a target service system;
the identity information of the target object is obtained after the real name server receives the authorization success notification message returned by the target object.
In one aspect, an embodiment of the present application provides a data processing apparatus, including:
the acquisition unit is used for acquiring an identity registration request submitted by the target object, wherein the identity registration request carries the identity information of the target object;
the processing unit is used for verifying the identity information of the target object, and if the verification is passed, the object identity registration credential of the target object is generated based on a digital collection protocol;
the sending unit is used for sending the object identity registration certificate of the target object to the computer equipment so that the computer equipment verifies the object identity verification certificate, and if the object identity verification certificate is verified, verification passing indication information is generated;
The object authentication credentials are obtained after analysis of authentication data, and the authentication data are obtained from an authentication request after the computer equipment obtains the authentication request aiming at the target object.
In one possible implementation, after the acquiring unit acquires the identity registration request submitted by the target object, the processing unit is further configured to:
the identity information of the target object is sent to a real name server, so that the real name server calls an identity authentication platform interface to perform real name authentication on the identity information of the target object to generate a real name authentication success notification message, and the real name authentication success notification message is sent to computer equipment, so that the computer equipment associates the target object with an object identity registration credential generated for the target object;
wherein the real name authentication comprises at least one of the following: and verifying the validity of the identity information and verifying the security of the identity information.
In one possible implementation, the processing unit is further configured to perform the following operations:
generating a data acquisition request, wherein the data acquisition request is used for requesting to acquire the identity information of the target object;
transmitting the data acquisition request to the computer equipment so that the computer equipment transmits the data acquisition request to a real name server;
Identity information of a target object sent by computer equipment is received.
In one aspect, an embodiment of the present application provides a computer apparatus, where the computer apparatus includes a memory and a processor, and the memory stores a computer program, and when the computer program is executed by the processor, causes the processor to execute the data processing method described above.
In one aspect, embodiments of the present application provide a computer-readable storage medium storing a computer program that, when read and executed by a processor of a computer device, causes the computer device to perform the above-described data processing method.
In one aspect, embodiments of the present application provide a computer program product or computer program comprising computer instructions stored in a computer readable storage medium. The processor of the computer device reads the computer instructions from the computer-readable storage medium, and the processor executes the computer instructions, so that the computer device performs the data processing method described above.
In the embodiment of the application, firstly, an identity verification request aiming at a target object can be obtained, and verification data is obtained from the identity verification request, wherein the verification data is generated based on a digital collection protocol. Then, the verification data can be parsed to obtain the subject authentication credentials, and the subject authentication credentials are verified. And finally, if the authentication certificate of the object passes authentication, generating authentication passing indication information. Therefore, when the target object needs to carry out identity verification, the identity verification method is simpler and more convenient than the manual identity verification of the object, and the identity verification efficiency is improved.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings required for the description of the embodiments will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present application, and other drawings may be obtained according to these drawings without inventive effort for the person skilled in the art.
FIG. 1a is a block chain system according to an embodiment of the present application;
FIG. 1b is a block chain architecture diagram according to an embodiment of the present application;
FIG. 1c is a schematic diagram of a standard protocol in a blockchain provided by an embodiment of the present application;
FIG. 2 is a schematic diagram of a data processing system according to an embodiment of the present application;
FIG. 3 is a schematic flow chart of a data processing method according to an embodiment of the present application;
FIG. 4 is a schematic diagram of a data acquisition scenario provided by an embodiment of the present application;
FIG. 5 is a flowchart of another data processing method according to an embodiment of the present application;
FIG. 6 is an interactive flow chart of a data processing method according to an embodiment of the present application;
FIG. 7 is a schematic diagram of another data acquisition scenario provided by an embodiment of the present application;
FIG. 8 is a schematic diagram of a data processing apparatus according to an embodiment of the present application;
FIG. 9 is a schematic diagram of another data processing apparatus according to an embodiment of the present application;
fig. 10 is a schematic structural diagram of a computer device according to an embodiment of the present application.
Detailed Description
Reference will now be made in detail to exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, the same numbers in different drawings refer to the same or similar elements, unless otherwise indicated. The implementations described in the following exemplary examples do not represent all implementations consistent with the application.
The embodiment of the application provides a data processing scheme, which is mainly based on an asset issuing platform of an open chain and digital collection protocol of a trust SQL (a bottom platform for providing a block chain basic service function for an upper application scene). The general principle of this data processing scheme is as follows: first, an authentication request for a target object may be obtained, and authentication data generated based on a digital collection protocol (e.g., ERC-721 (Etherum Request for Comments, a protocol proposal with reference 721 for a ticket) standard protocol and ERC-1155 (Etherum Request for Comments 1155, a protocol proposal with reference 1155 for a ticket) standard protocol may be obtained from the authentication request. Then, the verification data can be parsed to obtain the subject authentication credentials, and the subject authentication credentials are verified. And finally, if the authentication certificate of the object passes authentication, generating authentication passing indication information.
Therefore, when the target object needs to carry out identity verification, the identity verification method is simpler and more convenient than the manual identity verification of the object, and the identity verification efficiency is improved.
The data processing scheme of the present application may be combined with blockchain techniques. Next, the blockchain technology related to the data processing scheme provided by the application is described in detail:
the blockchain system according to the embodiment of the present application may be a distributed system formed by connecting a client and a plurality of nodes (any form of computing device in an access network, such as a server and a terminal device) through a network communication. The blockchain correlation technique is described in association with fig. 1 a-1 c as follows:
1. blockchain system:
referring to fig. 1a, fig. 1a is a schematic diagram of a blockchain system according to an embodiment of the application. The blockchain system as shown in fig. 1a may be a data sharing system 100, where the data sharing system 100 refers to a system for sharing data between nodes, and the data sharing system 100 may include multiple nodes 101, and the multiple nodes 101 may be respective clients in the data sharing system. Each node 101 may receive input information while operating normally (e.g., any node 101 may receive an identity registration request submitted by a target object for a first business service system; e.g., any node 101 may receive a data acquisition request submitted by a target business service system, etc.), and maintain shared data within the data sharing system based on the received input information. In order to ensure the information intercommunication in the data sharing system, information connection can exist between each node in the data sharing system, and the nodes can transmit information through the information connection. For example, when any node in the data sharing system receives input information, other nodes in the data sharing system acquire the input information according to a consensus algorithm, and store the input information as data in the shared data, so that the data stored on all nodes in the data sharing system are consistent.
Each node in the data sharing system has a node identifier corresponding to the node identifier, and each node in the data sharing system can store the node identifiers of other nodes in the data sharing system, so that the generated block can be broadcast to other nodes in the data sharing system according to the node identifiers of other nodes. Each node can maintain a node identification list shown in the following table, and the node names and the node identifications are correspondingly stored in the node identification list. The node identifier may be an IP (Internet Protocol, protocol of interconnection between networks) address, and any other information that can be used to identify the node, and the IP address is only illustrated in table 1.
TABLE 1 node identification list
| Node name | Node identification |
| Node 1 | 000.000.000.000 |
| Node 2 | 111.111.111.111 |
| … | … |
| Node N | xx.xx.xx.xx |
2. Structure of the blockchain:
each node in the data sharing system stores one and the same blockchain. The blockchain is composed of a plurality of blocks, referring to fig. 1b, fig. 1b is a schematic diagram of a blockchain structure according to an embodiment of the present application. As shown in fig. 1b, the blockchain is composed of a plurality of blocks, the starting block includes a block header and a block body, the block header stores an input information characteristic value, a version number, a time stamp and a difficulty value, and the block body stores input information; the next block of the starting block takes the starting block as a father block, the next block also comprises a block head and a block body, the block head stores the input information characteristic value of the current block, the block head characteristic value of the father block, the version number, the timestamp and the difficulty value, and the like, so that the block data stored in each block in the block chain are associated with the block data stored in the father block, and the safety of the input information in the block is ensured.
In one possible implementation manner, the application can upload the identity information of the target object, the object identity verification credential, the object identity registration credential and the like to the blockchain of the blockchain network for storage, so as to prevent internal data of the computer equipment (such as the blockchain node) from being tampered, thereby improving the safety and reliability of the data.
3. An intelligent transportation system:
the intelligent transportation system (Intelligent Traffic System, ITS), also called intelligent transportation system (Intelligent Transportation System), is a comprehensive transportation system which uses advanced scientific technology (information technology, computer technology, data communication technology, sensor technology, electronic control technology, automatic control theory, operation study, artificial intelligence, etc.) effectively and comprehensively for transportation, service control and vehicle manufacturing, and enhances the connection among vehicles, roads and users, thereby forming a comprehensive transportation system for guaranteeing safety, improving efficiency, improving environment and saving energy.
In one possible implementation manner, the scheme provided by the embodiment of the application can be applied to the traffic field. For example, if city a and city B are in the same province, according to the method provided by the embodiment of the present application, if the target object completes one identity registration in the first service system (for example, the traffic management platform 1 where city a is located), a specified identity registration credential allocated by the first service system may be obtained, and then, based on the identity registration credential, unified login may be performed in the first service system and the second service system (for example, the traffic management platform 2 where city B is located) at the same time. By the method, the identity information of the target object does not need to be registered in the traffic management platform of each city, so that the convenience and efficiency of managing the intelligent traffic system can be improved.
4. Specific introduction to digital collection protocols (e.g., ERC-721 Standard protocol and ERC-1155 Standard protocol):
it should be noted that the data processing scheme provided by the present application is based on a digital collection protocol, which may be, for example, the ERC-721 standard protocol and the ERC-1155 standard protocol, so that the two standard protocols are described in connection with fig. 1 c.
Referring to fig. 1c, fig. 1c is a schematic diagram of a standard protocol in a blockchain according to an embodiment of the present application. As shown in fig. 1c, the ticket (e.g., token) used in the blockchain platform (the currently mainstream smart contract platform on the public chain) may include: fungible Token (FT) and NFT (Non-homogeneous Token). Wherein the funneled Token is issued based on the ERC-20 standard protocol (a standard protocol for a homogenizing ticket for a smart contract on a blockchain), and the non-homogenizing ticket is issued based on the ERC-721 standard protocol and the ERC-1155 standard protocol.
Wherein the ERC-721 standard protocol and the ERC-1155 standard protocol are both standard protocols for non-homogeneous ticket of intelligent contracts on blockchain. The ERC-721 standard protocol is used for indicating that one part of the under-chain digital collection asset correspondingly issues one part of the non-homogeneous ticket on the chain, and the ERC-1155 standard protocol is used for indicating that one part of the under-chain digital collection asset can issue a plurality of parts of the non-homogeneous ticket on the chain. Because the blockchain is a blockchain platform of a public chain, the public chain only uses the address on the chain corresponding to the private key held by the object as the unique identification of the object, the two standard protocols have no requirements on real-name authentication of the object, and the operations on the digital collection asset on the chain are anonymous.
Next, the main interfaces involved in the ERC-721 standard protocol and the ERC-1155 standard protocol are respectively described in the following:
(1) Main interface of ERC-721 standard protocol:
ERC721: a master contract interface;
ERC721 energy: enumerating data query interfaces, which are mainly used for counting all the token Ids in the contract, and which account each token Id specifically belongs to;
ERC721Receiver: the receiver callback implementation interface is mainly used for checking contract addresses of receivers so as to avoid dead accounts;
ERC721MetaData: a main contract metadata interface (name, symbol, token uri).
ERC721 available: contract pause interfaces;
ERC721Burnable: a ticket destroying interface;
ERC721URIStorage: the tokeni store interface.
ERC721 presetminterpauserld: the contract owner authorizes the Minter and Pauser interfaces;
ERC721Holder: the default implementation interface of ERC721Receiver is used to receive any token.
(2) Main interface of ERC-1155 standard protocol:
ERC1155: a master contract interface;
ERC1155metadata uri: a master contract metadata URI (uniform resource identifier, uniform Resource Identifier, URI) interface;
ERC1155Receiver: the receiver callback implementation interface is used for checking the address of the receiving account and avoiding 'dead account';
ERC1155 available: contract pause interfaces;
ERC1155Burnable: a ticket destroying interface;
ERC1155Supply: a total supply data statistics interface for each token;
ERC1155 presetminterpauserld: the contract owner authorizes the Minter and Pauser interfaces;
ERC1155Holder: the default implementation interface of ERC721Receiver is used to receive any token.
In addition, the ERC-1155 standard protocol and the ERC-721 standard protocol differ in that: the ERC-1155 standard protocol supports bulk transfer and bulk issuance of certificates, i.e., one piece of an under-chain asset cast by the ERC-1155 standard protocol may correspond to multiple pieces of object identity registration credentials cast on-chain.
It should be noted that, in the following embodiments of the present application, data related to object information (for example, identity information of a target object) and the like is required to obtain permission or consent of the object when the above embodiments of the present application are applied to specific products or technologies, and collection, use and processing of the related data are required to comply with related regulations and standards of related countries and regions.
Next, an architecture diagram of a data processing system according to the present application will be described. With reference to FIG. 2, FIG. 2 is a block diagram illustrating an architecture of a data processing system according to an embodiment of the present application. As shown in fig. 2, the system architecture diagram may at least include: a blockchain system, an identity service system 204, and a terminal device 205. The blockchain system may specifically be a federated blockchain. In particular, the federated blockchain may include a first business service system 201, a second business service system 202, and a blockchain node 203. It will be appreciated that the number of first and second business service systems 201, 202 in a blockchain system is for illustration only; similarly, the number of blockchain nodes 203 may be one or more, and the number of business service systems and the number of blockchain nodes in the blockchain system are not specifically limited in the present application. In addition, the blockchain node 203 in the blockchain system is directly or indirectly connected with the first service system 201 and the second service system 202 through wired or wireless communication modes, which is not limited in this disclosure; and the identity service system 204 is directly or indirectly connected to the blockchain node 203 and the terminal device 205 through wired or wireless communication, respectively, which is not limited herein.
It should be noted that, the identity service system 204 may refer to a system independent from the first business service system 201 and the second business service system 202; the identity service system 204 may also be a system integrated with the first service system 201 or the second service system 202 in the same computer device, which is not limited in this embodiment of the present application.
The identity service system 204, and the blockchain node 203, the first business service system 201, and the second business service system 202 in the blockchain system may be independent physical servers, may be a server cluster or a distributed system formed by a plurality of physical servers, and may also be a cloud server for providing cloud services, cloud databases, cloud computing, cloud functions, cloud storage, network services, cloud communication, middleware services, domain name services, security services, CDNs (Content Delivery Network, content distribution networks), basic cloud computing services such as big data and artificial intelligence platforms, and the like.
The end device 205, the blockchain node 203 in the blockchain system, the first business service system 201, the second business service system 202 may also be, but are not limited to: a mobile phone, a tablet computer, a notebook computer, a palm computer, a mobile internet device (MID, mobile internet device), an intelligent voice interaction device, an on-board terminal, a roadside device, an aircraft, a wearable device, an intelligent home appliance, or a wearable device with a data processing function such as a smart watch, a smart bracelet, a pedometer, or the like.
It is to be understood that the device types of the first service system 201, the second service system 202, the blockchain node 203, the identity service system 204, and the terminal device 205 may be the same or different, which is not specifically limited in the embodiment of the present application. For example, blockchain node 203 and identity service system 204 may be servers, and first business service system 201, second business service system 202, and terminal device 205 may each be a terminal device. As another example, the first service system 201, the second service system 202, the blockchain node 203, and the identity service system 204 may all be servers, and the terminal device 205 is a terminal device.
In one possible implementation, the target object may send an authentication request to the identity service system 204 through the terminal device 205, and then the identity service system 204 may send the authentication request to the blockchain node 203, where the blockchain node 203 obtains the authentication request for the target object, and obtains authentication data from the authentication request, where the authentication data is generated based on the digital collection protocol. Next, the blockchain node 203 parses the verification data to obtain the subject authentication credential, and verifies the subject authentication credential. And if the authentication certificate of the object passes authentication, generating authentication passing indication information.
In another possible implementation, the identity service system 204 may receive identity information submitted by the target object through the terminal device 205; the identity service system 204 verifies the identity information of the target object, and if the verification is passed, an object identity registration credential of the target object is generated based on a digital collection protocol; the identity service system 204 sends the object identity registration credential of the target object to the blockchain node 203, so that the blockchain node 203 verifies the verification data based on the object identity registration credential, and if the verification data is verified, verification passing indication information is generated. The verification data is obtained from the authentication request after the blockchain node 203 obtains the authentication request for the target object.
It should be noted that, the target object may also send an authentication request to the first service system 201 or the second service system 202 through the terminal device 205, and then the first service system 201 or the second service system 202 may send the authentication request to the blockchain node 203.
It can be understood that the schematic diagram of the system architecture described in the embodiment of the present application is for more clearly describing the technical solution of the embodiment of the present application, and does not constitute a limitation on the technical solution provided in the embodiment of the present application, and as a general technical object in the art can know, along with the evolution of the system architecture and the appearance of a new service scenario, the technical solution provided in the embodiment of the present application is also applicable to similar technical problems.
Based on the above description of the data processing scheme and the data processing system, the embodiment of the application provides a data processing method. Referring to fig. 3, fig. 3 is a flowchart of a data processing method according to an embodiment of the present application, which may be performed by a blockchain node inside a blockchain or other electronic device outside the blockchain in the data processing system mentioned in fig. 2, and for convenience of explanation, the embodiment of the present application will be described with reference to a computer device. The data processing method may include the following steps S301 to S303:
s301: an authentication request for a target object is acquired, authentication data is acquired from the authentication request, and the authentication data is generated based on a digital collection protocol.
In the embodiment of the application, the authentication request can be generated by the target object when logging in the identity service system, and then the identity service system can send the authentication request to the computer equipment after receiving the authentication request for the target object. The computer device mentioned in the embodiment of the present application may be any node in a blockchain, and the blockchain may be a coalition chain. The digital collection protocol is a protocol (such as ERC-721 standard protocol, ERC-1155 standard protocol, etc.) proposed by the digital collection, and the digital collection is a rights and a ticket of a virtual digital commodity, and may include, but not limited to, various forms such as digital drawings, pictures, music, videos, 3D models, etc.
In addition, the authentication request mentioned in the embodiments of the present application may be used to request to log in to an identity service system or at least one business service system. Any one of the at least one business service system refers to a system which performs trust endorsement operation on the identity information of the target object. Wherein, the trust endorsement operation refers to: in the process that the identity service system performs real-name authentication on the identity information of the target object, any service system needs to authorize and trust the real-name authentication result of the target object, namely if the identity service system successfully performs real-name authentication on the identity information of the target object, the service system also needs to trust the successful result of the real-name authentication. For convenience of explanation, the following description will correspondingly take the example that the authentication request is used to request to log in to the identity service system.
In one possible implementation, the computer device may obtain an authentication request for the target object sent by the identity service system, where the authentication request may carry authentication data. And, the authentication request is generated based on a digital collection protocol, wherein the digital collection protocol may include, but is not limited to: ERC-721 standard protocol and ERC-1155 standard protocol.
In one possible implementation, before acquiring the authentication request for the target object, the computer device further includes: and acquiring a real-name authentication success notification message sent by the real-name server and aiming at the target object, wherein the real-name authentication success notification message is generated by calling an identity authentication platform interface to perform real-name authentication on the identity information of the target object after the real-name server receives the identity information submitted by the target object. The computer device then associates real-name information of the target object with the object identity registration credential generated for the target object. Wherein the real name authentication comprises at least one of the following: and verifying the validity of the identity information and verifying the security of the identity information. The real-name authentication success notification message may be generated after the real-name authentication of the target object is successful.
In one possible implementation manner, the computer device obtains the real-name authentication success notification message sent by the real-name server for the target object, and the method may include the following specific procedures: the target object can perform real-name authentication by logging in a real-name authentication applet (wherein the real-name authentication applet refers to an application program which is free from installation), and then the real-name authentication applet can acquire identity information recorded by the target object in the real-name authentication applet. For example, the identity information of the target object may include, but is not limited to: name, age, gender, identification number, location of the household, etc. Then, the real-name authentication applet may send the identity information of the target object to the real-name server, so that the real-name server may invoke the identity authentication platform interface to perform real-name authentication on the identity information of the target object after receiving the identity information submitted by the target object, and generate a real-name authentication success notification message, and send the real-name authentication success notification message to the computer device.
Specifically, the identity authentication platform interface is called to obtain real-name information of the target object, where the real-name information may include, but is not limited to: identity (which may be, for example, a avatar or name), age, gender, etc. Then, real-name authentication can be performed on the identity information of the target object based on the acquired real-name information, which specifically includes: comparing each item of identity, age and sex in the real-name information with each item of identity, age and sex in the identity information respectively, if the identity, age and sex are the same, determining that the real-name authentication of the target object is successful, and generating a real-name authentication success notification message; if any of the items are different, determining that the authentication of the real name of the target object fails. It should be noted that, before obtaining real-name information of the target object, the authorization of the target object needs to be requested as well, that is, after the authorization permission of the target object is passed, the party may obtain corresponding real-name information.
In one possible implementation, a computer device associates real-name information of a target object with an object identity registration credential generated for the target object, comprising: firstly, receiving an address registration request sent by a real name server, wherein the address registration request carries a blockchain address of a target object; responding to the address registration request, and acquiring an object identity registration credential generated for a target object based on a digital collection protocol; the object identity registration credential is associated with the blockchain address of the target object.
It will be appreciated that the computer device obtaining object identity registration credentials generated for a target object based on a digital collection protocol may include:
(1) If the service system does not have the capability of issuing the object identity registration credential, the service system may delegate the computer device to generate the object identity registration credential for the target object, which may specifically include: the computer equipment acquires an identity registration credential delegation request for the target object sent by the business service system, then responds to the identity registration credential delegation request and generates an object identity registration credential for the target object based on a digital collection protocol.
(2) If the business service system has the capability of issuing object identity registration credentials, the business service system may directly generate the object identity registration credentials for the target object based on the digital collection protocol. The computer device then receives the object identity registration credential sent by the business service system. It should be noted that the subsequent embodiments of the present application will be correspondingly described with respect to the case (2).
In one possible implementation, the computer device may continuously monitor the process of associating the object identity registration credential with the blockchain address of the target object, and if it is detected that the object identity registration credential has been successfully associated with the blockchain address of the target object, generate an identity registration success notification message for the target object. And sending the identity registration success notification message to the real name server, so that the real name server sends the identity registration success notification message to the real name authentication applet. Wherein the real-name authentication applet may expose the object identity registration credential to the target object.
Through the mode, when the target object registers the identity with the identity service system, the real-name server can perform real-name authentication on the identity information of the target object, and transfer of the on-chain object identity registration credentials (namely, association of the identity registration credentials of the target object with the object address) can be performed after the authentication is passed, so that the accuracy of identity verification of the target object can be improved. In addition, it should be noted that, before acquiring the identity information of the target object, the real name server may send an identity information acquisition request to the target object in advance, and then after receiving the confirmation authorization information of the target object, the real name server may acquire the identity information of the target object.
S302: and analyzing the verification data to obtain the identity verification certificate of the object, and verifying the identity verification certificate of the object.
It will be appreciated that the specific steps for verifying the object identity registration credential of the target object and then associating the object identity registration credential with the target object after the verification is passed may refer to the specific steps described in step S301 above in detail, which is not particularly limited in the embodiment of the present application.
In one possible implementation, the verification data is obtained by signing the object authentication credential with the private key of the target object. The computer device analyzes the verification data to obtain an object identity verification credential, comprising: and carrying out signature verification processing on the verification data by utilizing the public key of the target object, and acquiring object identity verification credentials of the target object based on a digital collection protocol if the signature verification is successful. That is, the verification data is encrypted by using the private key of the target object, after the computer device obtains the encrypted verification data, the computer device can decrypt the verification data by using the public key of the target object, and if the decryption is successful, the object identity verification credential of the target object can be obtained based on analysis of the digital collection protocol.
Specifically, the computer device verifies the identity verification credentials of the object, including: first, object identity registration credentials of a target object are obtained, the object identity registration credentials being generated by an identity service system based on a digital collection protocol after verification of identity information submitted by the target object to the identity service system is passed. The object authentication credentials are then authenticated based on the object identity registration credentials of the target object. The object identity registration certificate and the object identity verification certificate can be compared, and if the object identity registration certificate and the object identity verification certificate are the same, the object identity verification certificate is confirmed to pass verification; if the verification result is different, determining that verification of the identity verification credentials of the object fails. It should be noted that the object identity registration credential of the target object may be stored in the blockchain.
In another possible implementation, the verifying the object authentication credential by the computer device may further include: first, authentication information (e.g., partial or complete identity information carrying a target object) is obtained from an object authentication credential. Then, the identity information of the target object is requested to be acquired from the real name server (it is to be noted that, before the identity information is requested to be acquired, permission authorization of the target object needs to be obtained in advance), and verification information is verified based on the identity information of the target object. Specifically, the computer device may compare the obtained identity information with the verification information, and if the identity information is matched with the verification information, determine that the identity verification credentials of the object pass; if the verification result is not matched, the verification failure of the identity verification credentials of the object is determined.
In one possible implementation, if the computer device is any blockchain node in the blockchain, the computer device may further send the object identity verification credential to other nodes in the blockchain, so that the other nodes in the blockchain verify the verification data based on the object identity registration credential in the blockchain to obtain a verification result; and receiving verification results of other nodes in the block chain, and if the verification results are that the number of verification success is greater than or equal to a preset number threshold, determining that verification data passes.
In particular implementations, the computer device may send the object identity credential to some or all of the nodes in the blockchain, e.g., 20 computer devices included in the blockchain, then the object identity credential may be sent to 19 other nodes in the blockchain, or alternatively the object identity credential may be sent randomly to 15 nodes in the blockchain, as embodiments of the present application are not limited in this respect.
In this way, the blockchain consensus can be performed on the object identity authentication credentials of the target object based on some or all nodes in the blockchain, so that the object identity authentication credentials submitted by the target object are guaranteed to be identical to the object identity registration credentials distributed for the target object, the uniqueness of the object identity registration credentials of the target object is proved, and the reliability in the identity authentication process can be guaranteed.
S303: and if the authentication of the identity authentication credentials of the object is passed, generating authentication passing indication information.
In one possible implementation, after the computer device determines that the authentication of the subject authentication credential is passed, authentication pass indication information may be generated. The computer device may then send the verification passing indication information to the service system, and the service system may then display a verification passing interface in which a prompt that the target object has successfully logged into the service system may be displayed.
It will be appreciated that the authentication request referred to in embodiments of the present application may be used to request a login to an identity service system or at least one business service system. In the above embodiments of the present application, the authentication request is used to request to log in to an identity service system for example, and similarly, for the specific execution steps of the authentication request used to request to log in to any service system, reference may be made to the above steps in detail, and the embodiments of the present application are not described herein in detail. Any one of the at least one business service system refers to a system which performs trust endorsement operation on the identity information of the target object. Wherein, the trust endorsement operation refers to: in the process that the identity service system performs real-name authentication on the identity information of the target object, any service system needs to authorize and trust the real-name authentication result of the target object, namely if the identity service system successfully performs real-name authentication on the identity information of the target object, the service system also needs to trust the successful result of the real-name authentication.
In one possible implementation, first, a computer device receives a data acquisition request submitted by a target business system, the data acquisition request being for requesting acquisition of identity information of a target object, the target business system including an identity service system, and at least one business service system. The computer device then sends a data acquisition request to the real name server. And finally, the computer equipment receives the identity information of the target object sent by the real name server and sends the identity information of the target object to the target service system.
The identity information of the target object is obtained after the real name server receives the authorization success notification message returned by the target object. In particular, when the identity information of a target object needs to be acquired, authorization needs to be requested to the target object in advance. Next, referring to fig. 4, fig. 4 is a schematic diagram of a data acquisition scenario according to an embodiment of the present application. As shown in fig. 4, before the computer device receives the identity information of the target object sent by the real name server, the real name server may send an authorization request to the terminal device used by the target object, and after the terminal device used by the target object receives the authorization request, an authorization interface S400 may be displayed in the terminal device, where the authorization interface S400 is used to prompt whether the target object confirms the information acquisition operation of the target service system, for example, the authorization interface S400 may include a confirmation control 401 and a rejection control 420. Specifically, if the target object clicks the confirmation control 401, the target object is represented to allow the target service system to acquire the identity information, and if the target object clicks the cancellation control 402, the target object is represented to reject the target service system from acquiring the identity information. After the target object clicks the confirmation control 401, the terminal device may generate an authorization success notification message, and send the authorization success notification message to the real name server, where the real name server may obtain the identity information of the target object after receiving the authorization success notification message. In this way, when the target service system needs to acquire the identity information of the target object, authorization needs to be requested to the target object, but after the target object is successfully authorized, the party can acquire the corresponding identity information, so that the reliability of the identity information of the target object can be ensured.
In the embodiment of the application, firstly, an identity verification request aiming at a target object can be obtained, and verification data is obtained from the identity verification request, wherein the verification data is generated based on a digital collection protocol. Then, the verification data can be parsed to obtain the subject authentication credentials, and the subject authentication credentials are verified. And finally, if the authentication certificate of the object passes authentication, generating authentication passing indication information. Therefore, when the target object needs to carry out identity verification, the identity verification method is simpler and more convenient than the manual identity verification of the object, and the identity verification efficiency is improved. In the application, the identity information of the object does not need to be registered in a whole quantity among all login systems, and compared with the traditional login mode (the login mode based on account and password, mobile phone short message and facial recognition), the method has the advantages that the decentralization is realized, and the security of identity verification is ensured; in addition, after the object identity obtains the appointed object identity registration certificate on the chain once by real name, the login can be carried out in all the decentralizing application systems on the blockchain platform, the identity verification system on the blockchain platform can be opened, and the efficiency and the reliability of the identity verification are improved.
Referring to fig. 5, fig. 5 is a flowchart illustrating another data processing method according to an embodiment of the application. The data processing method may be performed by the identity service system or any one of the business service systems in the data processing system mentioned in fig. 2, and for convenience of explanation, the following description will be given with reference to the identity service system. The data processing method may include the following steps S501 to S503:
s501: and acquiring an identity registration request submitted by the target object, wherein the identity registration request carries the identity information of the target object.
When the target object performs identity registration to the identity service system, the target object may submit an identity registration request to the identity service system, and then the identity service system may receive the identity registration request submitted by the target object, where the identity registration request may carry identity information of the target object. The identity information of the target object may include, but is not limited to: name, age, gender, identification number, location of the household, etc.
In one possible implementation, the identity service system may send an authorization request to the terminal device used by the target object before acquiring the identity information of the target object. Then, after the terminal device used by the target object receives the authorization request, an authorization interface (e.g., interface S400 shown in fig. 4) may be displayed in the terminal device. Specifically, if the target object clicks on the confirmation control 401 in the authorization interface S400, the identity service system is allowed to acquire identity information on behalf of the target object. In this way, when the identity service system needs to acquire the identity information of the target object, authorization needs to be requested to the target object, but after the target object is successfully authorized, the party can acquire the corresponding identity information, so that the reliability of the identity information of the target object can be ensured.
S502: and verifying the identity information of the target object, and if the verification is passed, generating an object identity registration credential of the target object based on a digital collection protocol.
In one possible implementation manner, after the identity service system obtains the identity registration request submitted by the target object, the method further includes: the identity information of the target object is sent to the real name server, so that the real name server calls an identity authentication platform interface to perform real name authentication on the identity information of the target object to generate a real name authentication success notification message, and the real name authentication success notification message is sent to the computer equipment, so that the computer equipment associates the target object with the object identity registration credential generated for the target object. Wherein the real name authentication comprises at least one of the following: and verifying the validity of the identity information and verifying the security of the identity information.
When the method is concretely implemented, the identity service system can conduct real-name authentication on the identity information of the target object through the real-name server, and if the real-name server determines that the real-name authentication of the target object is passed, a real-name authentication success notification message can be sent to the computer equipment and the identity service system. After receiving the real-name authentication success notification message for the target object, the identity service system can confirm that the identity information of the target object passes the authentication, and then an object identity registration credential of the target object can be generated based on a digital collection protocol. The subject identity registration credentials may specifically be digital collections, which may be the aforementioned non-homogenous credentials. By the method, real-name authentication is performed when the target object performs identity registration, so that the validity and reliability of the identity information of the target object can be ensured.
S503: and sending the object identity registration credential of the target object to the computer equipment so that the computer equipment verifies the object identity verification credential, and if the verification of the object identity verification credential is passed, generating verification passing indication information.
The object identity verification credentials are obtained after analysis of verification data, the verification data are obtained from an identity verification request aiming at a target object after the computer equipment obtains the identity verification request, and the verification data are generated based on a digital collection protocol.
In one possible implementation, the identity service system may respond to an identity verification request for the target object, and then the identity service system may send the identity verification request to the computer device, so that the computer device obtains verification data from the identity verification request; and analyzing the verification data to obtain an object identity verification certificate, verifying the object identity verification certificate, and if the object identity verification certificate is verified, generating verification passing indication information. Subsequently, the identity service system can receive the verification passing indication information sent by the computer equipment, and can prove the identity of the target object, so that the identity recognition based on the object identity registration certificate in the blockchain is realized.
It should be noted that, in the embodiment of the present application, the identity registration of the target object with the identity service system is taken as an example to describe in detail, it can be understood that, for the identity registration of the target object with any service system, the specific execution steps thereof may refer to the relevant steps of the identity registration of the target object with the identity service system in the embodiment of the present application, and the embodiments of the present application are not repeated herein.
In one possible implementation, the identity service system may generate a data acquisition request for requesting acquisition of identity information of the target object. The identity service system may then send the data acquisition request to the computer device to cause the computer device to send the data acquisition request to the real name server. Finally, the identity service system receives the identity information of the target object sent by the computer equipment. It should be noted that, before the identity service system obtains the identity information of the target object, permission and authorization of the target object need to be obtained, and the detailed process can be specifically referred to the flow shown in fig. 4, which is not repeated herein.
In the embodiment of the application, when the target object registers the identity with the identity service system, real-name authentication can be performed through the real-name server, and when the real-name authentication is successful, the party can generate a corresponding object identity registration credential for the target object. And then, when the target object needs to carry out identity verification, an identity verification request can be submitted to the identity service system or any one of the service systems based on the identity registration credentials, and if the identity verification request passes, the target object can log in to the identity service system or any one of the service systems. Thus, when the target object performs identity registration in a specific system (identity service system or any business service system), after real-name authentication is completed, the system issues a specific object identity registration credential to the target object, and when the target object logs in to the system again or needs to prove the identity of the target object to a third party, the identity of the target object can be proved to log in to the specific system by proving the chain ownership of the identity registration credential of the target object. Compared with the traditional login mode based on account, password, mobile phone short message and facial recognition, the scheme has the advantages that the decentralization is realized, the identity information of the target object does not need to be registered in a whole quantity among all login systems, the identity of the target object can be logged in all decentralization application systems on the blockchain platform after the specified object identity registration credentials are acquired on the chain by real names, and the identity login system on the blockchain platform is opened, so that the identity verification efficiency can be improved.
The description of the specific flow of the data processing method is incorporated in fig. 3 and 5. Next, referring to fig. 6, fig. 6 is an interactive flow chart of a data processing method according to an embodiment of the present application. The data processing method may be performed jointly by a computer device, a real name server, an identity service system, or any one of the business service systems (which may be denoted as business system 1, or business system 2). The interactive flow of the data processing method may include the following steps S1 to S13:
s1: and the target object logging applet performs real-name authentication.
In a specific implementation, the target object may log into an applet (specifically, may be a real-name authentication applet) to perform real-name authentication. The real-name authentication applet refers to an application program without installation, the real-name authentication applet may be built in other installed application programs (such as a social application program), a target object may be first logged into the social application program, and then the real-name authentication applet is searched and opened in the social application program for real-name authentication.
S2: the real name server obtains a real name authentication request of the target object.
In specific implementation, after the target object logs in the real-name authentication applet, a real-name authentication request can be generated, and then the real-name server can receive the real-name authentication request sent by the real-name authentication applet.
S3: and the real name server performs real name authentication on the identity information of the target object.
In one possible implementation, the real name server responds to the real name authentication request and obtains the identity information of the target object. Of course, before the real name server obtains the identity information of the target object, an authorization request needs to be sent to the target object, where the authorization request is used to request authorization of the target object, and if the target object confirms the authorization, the real name server obtains the identity information of the target object. If the target object does not confirm the authorization, the real name server cannot acquire the identity information of the target object.
In particular, when the identity information of a target object needs to be acquired, authorization needs to be requested to the target object in advance. For example, referring to fig. 7, fig. 7 is a schematic diagram of another data acquisition scenario provided in an embodiment of the present application. As shown in fig. 7, when the real name server needs to obtain the identity information of the target object, an authorization request may be generated and then sent to a terminal device used by the target object, and after the terminal device receives the authorization request, an authorization interface S700 may be displayed, where the authorization interface S700 is used to request authorization to obtain the identity information from the target object. The target object may click on the confirmation control 701 in the authorization interface S700, so that authorization may be completed, and the terminal device may generate an authorization success notification message and send the authorization success notification message to the real name server. When the real name server receives the authorization success notification message, the party can acquire the identity information of the target object from the identity information base, for example, the real name server can acquire the identity information of the target object based on the identity of the target object. In this way, before the identity information of the target object is acquired, the authorization permission of the target object needs to be obtained in advance, so that the reliability of the identity information of the target object can be ensured, and the identity information is prevented from being revealed.
S4: address registration on the object chain.
In particular, the real name server sends an address registration request to the blockchain. When the real name server successfully authenticates the identity information of the target object, the party can submit an address registration request to the blockchain, wherein the address registration request carries the blockchain address of the target object. The blockchain address may be an account address in a blockchain determined based on a public key of the target object, and specifically may be determined by calculating a hash value of the public key of the target object through a digest algorithm (for example, SHA-256 algorithm, SHA-512 algorithm, etc.). It will be appreciated that the blockchain address of the target object is unique across the blockchain.
S5: on-chain transfer of object identity registration credentials.
In particular, after the computer device responds to the address registration request, the identity service system can acquire the object identity registration credential generated for the target object based on the digital collection protocol, and associate the object identity registration credential with the blockchain address of the target object.
S6: the computer device monitors the chain for transfer object identity registration credentials.
In one possible implementation, the computer device may continuously monitor a process of associating the object identity registration credential with the blockchain address of the target object, generate an identity registration success notification message for the target object if it is detected that the object identity registration credential has been successfully associated with the blockchain address of the target object, and may send the identity registration success notification message to the real name server.
S7: the real name server sends the object identity registration credential to the applet.
In the specific implementation, after receiving the identity registration success notification message, the real name server determines that the identity information of the target object is successfully verified, and sends the object identity registration certificate to the applet.
S8: the applet displays the object identity registration credential.
S9: the target object logs in the service system 1 and submits an identity verification request.
In the embodiment of the present application, the service system 1 may be the aforementioned identity service system. When the target object logs in the identity service system, an identity verification request can be sent to the identity service system.
S10: the service system 1 sends an authentication request to the computer device.
In one possible implementation, after receiving the authentication request, the identity service system may perform uplink authentication on the authentication request, that is, send the authentication request to a computer device, which may be any node or executing node in a blockchain (e.g., a federation chain).
S11: the computer device sends verification passing indication information to the service system 1.
In one possible implementation, the computer device obtains authentication data from the authentication request, the authentication data being generated based on a digital collection protocol, and then parses the authentication data to obtain an object authentication credential for the target object. The computer device then verifies the subject authentication credentials, and if the subject authentication credentials are verified, generates verification pass indication information. Finally, the computer device sends the verification passing indication information to the identity service system.
S12: the service system 1 returns a login result to the target object.
S13: the target object logs in the service system 2 and submits an authentication request.
It will be appreciated that the specific implementation procedure of the target object registration service system 2 may refer to the specific steps set forth in the above steps S9-S12 in detail, which is not specifically limited in the embodiment of the present application. Wherein the business system 2 may be any of the business service systems mentioned above.
In the application, the target object can acquire the appointed identity registration certificate once through real-name authentication in the service system 1, and when the subsequent target object logs in the service system 1 again, the identity can be verified only by carrying out on-chain validation of the object identity registration certificate on the chain. In addition, the registration certificate can be registered in the service system 2 (even any other service system in the blockchain) based on the object identity, so that the identity registration system on the blockchain platform can be opened.
Referring to fig. 8, fig. 8 is a schematic structural diagram of a data processing apparatus according to an embodiment of the present application. The data processing apparatus 800 can be applied to the computer device in the foregoing embodiment. The data processing apparatus 800 may be a computer program (comprising program code) running in a computer device, for example the data processing apparatus 800 is an application software; the data processing apparatus 800 may be used to perform corresponding steps in the data processing method provided in the embodiment of the present application. The data processing apparatus 800 may include:
An obtaining unit 801, configured to obtain an authentication request for a target object, and obtain authentication data from the authentication request;
a processing unit 802, configured to verify the verification data based on an object identity registration credential of the target object, where the object identity registration credential is generated by the identity service system based on a digital collection protocol after verification of identity information submitted by the target object to the identity service system is passed;
the processing unit 802 is further configured to generate verification passing indication information if verification data is verified to pass.
In one possible implementation, before the obtaining unit 801 obtains the authentication request for the target object, the processing unit 802 is further configured to:
acquiring a real-name authentication success notification message which is sent by a real-name server and aims at a target object, wherein the real-name authentication success notification message is generated by calling an identity authentication platform interface to perform real-name authentication on the identity information of the target object after the real-name server receives the identity information submitted by the target object;
associating the target object with an object identity registration credential generated for the target object;
wherein the real name authentication comprises at least one of the following: and verifying the validity of the identity information and verifying the security of the identity information.
In one possible implementation, the processing unit 802 associates the target object with object identity registration credentials generated for the target object for performing the following operations:
receiving an address registration request sent by a real name server, wherein the address registration request carries a blockchain address of a target object;
responding to the address registration request, and acquiring an object identity registration credential generated by an identity service system for a target object based on a digital collection protocol;
the object identity registration credential is associated with the blockchain address of the target object.
In one possible implementation, the processing unit 802 verifies the object authentication credentials for performing the following operations:
acquiring an object identity registration credential of a target object, wherein the object identity registration credential is generated by an identity service system based on a digital collection protocol after verification of identity information submitted by the target object to the identity service system is passed;
the object authentication credentials are authenticated based on the object identity registration credentials of the target object.
In one possible implementation, the verification data is obtained by signing an object authentication credential with a private key of the target object;
The processing unit 802 parses the verification data to obtain an object authentication credential for performing the following operations:
and carrying out signature verification processing on the verification data by utilizing the public key of the target object, and acquiring object identity verification credentials of the target object based on a digital collection protocol if the signature verification is successful.
In one possible implementation, the authentication request is used to request to log in to an identity service system or at least one service system, where any one of the at least one service system refers to a system that has performed a trust endorsement operation on the identity information of the target object.
In one possible implementation, the processing unit 802 is further configured to perform the following operations:
receiving a data acquisition request submitted by a target service system, wherein the data acquisition request is used for requesting to acquire the identity information of a target object, and the target service system comprises an identity service system and at least one service system;
sending a data acquisition request to a real name server;
receiving the identity information of the target object sent by the real name server, and sending the identity information of the target object to a target service system;
the identity information of the target object is obtained after the real name server receives the authorization success notification message returned by the target object.
In the embodiment of the application, firstly, an identity verification request aiming at a target object can be obtained, and verification data is obtained from the identity verification request, wherein the verification data is generated based on a digital collection protocol. Then, the verification data can be parsed to obtain the subject authentication credentials, and the subject authentication credentials are verified. And finally, if the authentication certificate of the object passes authentication, generating authentication passing indication information. Therefore, when the target object needs to carry out identity verification, the identity verification method is simpler and more convenient than the manual identity verification of the object, and the identity verification efficiency is improved.
Referring to fig. 9, fig. 9 is a schematic structural diagram of another data processing apparatus according to an embodiment of the present application. The data processing apparatus 900 may be applied to the identity service system (or business service system) in the foregoing embodiment. The data processing device 900 may be a computer program (comprising program code) running in an identity service system, e.g. the data processing device 900 is an application software; the data processing apparatus 900 may be configured to perform corresponding steps in a data processing method provided in an embodiment of the present application. The data processing apparatus 900 may include:
An obtaining unit 901, configured to obtain an identity registration request submitted by a target object, where the identity registration request carries identity information of the target object;
the processing unit 902 is configured to verify identity information of a target object, and if the verification is passed, generate an object identity registration credential of the target object based on a digital collection protocol;
a sending unit 903, configured to send the object identity registration credential of the target object to the computer device, so that the computer device verifies the object identity verification credential, and if the verification of the object identity verification credential is passed, generate verification passing indication information;
the object authentication credentials are obtained after analysis of authentication data, the authentication data are obtained from an authentication request of a target object after the computer equipment obtains the authentication request, and the authentication request is generated based on a digital collection protocol.
In a possible implementation manner, after the acquiring unit 901 acquires the identity registration request submitted by the target object, the processing unit 902 is further configured to perform the following operations:
the identity information of the target object is sent to a real name server, so that the real name server calls an identity authentication platform interface to perform real name authentication on the identity information of the target object to generate a real name authentication success notification message, and the real name authentication success notification message is sent to computer equipment, so that the computer equipment associates the target object with an object identity registration credential generated for the target object;
Wherein the real name authentication comprises at least one of the following: and verifying the validity of the identity information and verifying the security of the identity information.
In one possible implementation, the processing unit 902 is further configured to perform the following operations:
generating a data acquisition request, wherein the data acquisition request is used for requesting to acquire the identity information of the target object;
transmitting the data acquisition request to the computer equipment so that the computer equipment transmits the data acquisition request to a real name server;
and receiving the identity information of the target object sent by the computer equipment, wherein the identity information of the target object is acquired after the real name server receives the authorization success notification message returned by the target object.
In the embodiment of the application, when the target object performs identity registration in a specific system (an identity service system or any business service system), after real-name authentication is completed, the system issues a specific object identity registration certificate to the target object, and when the target object logs in to the system again or needs to prove the identity of the target object to a third party, the identity of the target object can be proved to be logged in to the specific system by proving the chain ownership of the specific object identity registration certificate. Compared with the traditional login mode based on account, password, mobile phone short message and facial recognition, the scheme has the advantages that the decentralization is realized, the identity information of the target object does not need to be registered in a whole quantity among all login systems, the identity of the target object can be logged in all decentralization application systems on the blockchain platform after the specified object identity registration credentials are acquired on the chain by real names, and the identity login system on the blockchain platform is opened, so that the identity verification efficiency can be improved.
Referring to fig. 10, fig. 10 is a schematic structural diagram of a computer device according to an embodiment of the application. The computer device 1000 is configured to perform the steps performed by the computer device, the identity service system (or the business service system) in the foregoing method embodiment, where the computer device 1000 includes: one or more processors 1010; one or more input devices 1020, one or more output devices 1030, and a memory 1040. The processor 1010, input device 1020, output device 1030, and memory 1040 are connected via a bus 1050. The memory 1040 is used for storing a computer program comprising program instructions, and the processor 1010 is used for calling the program instructions stored in the memory 1040 to perform the following operations:
acquiring an identity verification request aiming at a target object, and acquiring verification data from the identity verification request, wherein the verification data is generated based on a digital collection protocol;
analyzing the verification data to obtain an object identity verification certificate, and verifying the object identity verification certificate;
and if the authentication of the identity authentication credentials of the object is passed, generating authentication passing indication information.
In one possible implementation, before obtaining the authentication request for the target object, the processor 1010 is further configured to:
Acquiring a real-name authentication success notification message which is sent by a real-name server and aims at a target object, wherein the real-name authentication success notification message is generated by calling an identity authentication platform interface to perform real-name authentication on the identity information of the target object after the real-name server receives the identity information submitted by the target object;
associating the target object with an object identity registration credential generated for the target object;
wherein the real name authentication comprises at least one of the following: and verifying the validity of the identity information and verifying the security of the identity information.
In one possible implementation, the processor 1010 associates the target object with object identity registration credentials generated for the target object for performing the following operations:
receiving an address registration request sent by a real name server, wherein the address registration request carries a blockchain address of a target object;
responding to the address registration request, and acquiring an object identity registration credential generated by an identity service system for a target object based on a digital collection protocol;
the object identity registration credential is associated with the blockchain address of the target object.
In one possible implementation, the processor 1010 verifies the object authentication credentials for performing the following:
Acquiring an object identity registration credential of a target object, wherein the object identity registration credential is generated by an identity service system based on a digital collection protocol after verification of identity information submitted by the target object to the identity service system is passed;
the object authentication credentials are authenticated based on the object identity registration credentials of the target object.
In one possible implementation, the verification data is obtained by signing an object authentication credential with a private key of the target object;
the processor 1010 parses the authentication data to obtain object authentication credentials for performing the following operations:
and carrying out signature verification processing on the verification data by utilizing the public key of the target object, and acquiring object identity verification credentials of the target object based on a digital collection protocol if the signature verification is successful.
In one possible implementation, the authentication request is used to request to log in to an identity service system or at least one service system, where any one of the at least one service system refers to a system that has performed a trust endorsement operation on the identity information of the target object.
In one possible implementation, the processor 1010 is further configured to perform the following operations:
Receiving a data acquisition request submitted by a target service system, wherein the data acquisition request is used for requesting to acquire the identity information of a target object, and the target service system comprises an identity service system and at least one service system;
sending a data acquisition request to a real name server;
receiving the identity information of the target object sent by the real name server, and sending the identity information of the target object to a target service system;
the identity information of the target object is obtained after the real name server receives the authorization success notification message returned by the target object.
The processor 1010 is configured to call the program instructions stored in the memory 1040, and further configured to perform the following operations:
acquiring an identity registration request submitted by a target object, wherein the identity registration request carries identity information of the target object;
verifying the identity information of the target object, and if the verification is passed, generating an object identity registration credential of the target object based on a digital collection protocol;
the method comprises the steps of sending an object identity registration credential of a target object to computer equipment so that the computer equipment verifies the object identity verification credential, and generating verification passing indication information if the verification of the object identity verification credential is passed;
The object authentication credentials are obtained after analysis of authentication data, the authentication data are obtained from an authentication request of a target object after the computer equipment obtains the authentication request, and the authentication request is generated based on a digital collection protocol.
In one possible implementation, after obtaining the identity registration request submitted by the target object, the processor 1010 is further configured to:
the identity information of the target object is sent to a real name server, so that the real name server calls an identity authentication platform interface to perform real name authentication on the identity information of the target object to generate a real name authentication success notification message, and the real name authentication success notification message is sent to computer equipment, so that the computer equipment associates the target object with an object identity registration credential generated for the target object;
wherein the real name authentication comprises at least one of the following: and verifying the validity of the identity information and verifying the security of the identity information.
In one possible implementation, the processor 1010 is further configured to perform the following operations:
generating a data acquisition request, wherein the data acquisition request is used for requesting to acquire the identity information of the target object;
Transmitting the data acquisition request to the computer equipment so that the computer equipment transmits the data acquisition request to a real name server;
and receiving the identity information of the target object sent by the computer equipment, wherein the identity information of the target object is acquired after the real name server receives the authorization success notification message returned by the target object.
In the embodiment of the application, firstly, an authentication request aiming at a target object can be acquired, authentication data is acquired from the authentication request, and the authentication request is generated based on a digital collection protocol. The verification data may then be processed to obtain object authentication credentials for the target object. Next, the object identity registration credential is verified based on the object identity registration credential in the blockchain, which is generated and stored by the identity service system based on the digital collection protocol to the blockchain after the verification of the identity information submitted by the target object for the identity service system is passed. And finally, if the verification data is verified to be passed, generating verification passing indication information. Therefore, when the target object needs to carry out identity verification, the identity service system can complete identity verification through a block chain by sending an identity verification request to the identity service system, and compared with the manual identity verification of the object, the identity verification mode is simpler and more convenient, so that the identity verification efficiency is improved; moreover, the reliability of identity verification can be improved by the verification method based on the blockchain.
Furthermore, it should be noted here that: the embodiment of the present application further provides a computer storage medium, in which a computer program is stored, and the computer program includes program instructions, when executed by a processor, can perform the method in the corresponding embodiment, so that a detailed description will not be given here. For technical details not disclosed in the embodiments of the computer storage medium according to the present application, please refer to the description of the method embodiments of the present application. As an example, the program instructions may be deployed on one computer device or executed on multiple computer devices at one site or distributed across multiple sites and interconnected by a communication network.
According to one aspect of the present application, there is provided a computer program product or computer program comprising computer instructions stored in a computer readable storage medium. The processor of the computer device reads the computer instructions from the computer readable storage medium, and the processor executes the computer instructions, so that the computer device can perform the method in the foregoing corresponding embodiment, and therefore, a detailed description will not be given here.
It will be understood by those skilled in the art that implementing all or part of the above-described methods in the embodiments may be implemented by a computer program for instructing relevant hardware, and the above-described program may be stored in a computer readable storage medium, and the program may include the steps of the embodiments of the above-described methods when executed. The storage medium may be a magnetic disk, an optical disk, a Read-Only Memory (ROM), a random-access Memory (Random Access Memory, RAM), or the like.
The foregoing disclosure is illustrative of the present application and is not to be construed as limiting the scope of the application, which is defined by the appended claims.
Claims (15)
1. A method of data processing, comprising:
acquiring an identity verification request aiming at a target object, and acquiring verification data from the identity verification request, wherein the verification data is generated based on a digital collection protocol;
analyzing the verification data to obtain an object identity verification certificate, and verifying the object identity verification certificate;
and if the authentication of the object authentication certificate is passed, generating authentication passing indication information.
2. The method of claim 1, wherein prior to obtaining the authentication request for the target object, further comprising:
acquiring a real-name authentication success notification message sent by a real-name server and aiming at a target object, wherein the real-name authentication success notification message is generated by calling an identity authentication platform interface to perform real-name authentication on the identity information of the target object after the real-name server receives the identity information submitted by the target object;
associating the target object with an object identity registration credential generated for the target object;
wherein the real-name authentication includes at least one of: and verifying the validity of the identity information and verifying the security of the identity information.
3. The method of claim 2, wherein the associating the target object with the object identity registration credential generated for the target object comprises:
receiving an address registration request sent by the real name server, wherein the address registration request carries a blockchain address of the target object;
responding to the address registration request, and acquiring an object identity registration credential generated by the identity service system for the target object based on the digital collection protocol;
The object identity registration credential is associated with a blockchain address of the target object.
4. A method according to any of claims 1-3, wherein said verifying said object authentication credential comprises:
acquiring an object identity registration credential of the target object, wherein the object identity registration credential is generated by the identity service system based on a digital collection protocol after verification of identity information submitted by the target object to the identity service system is passed;
and verifying the object identity verification credential based on the object identity registration credential of the target object.
5. The method of claim 1, wherein the verification data is obtained by signing an object authentication credential with a private key of the target object;
the analyzing the verification data to obtain the identity verification credentials of the object comprises the following steps:
and carrying out signature verification processing on the verification data by utilizing the public key of the target object, and acquiring object identity verification credentials of the target object based on the digital collection protocol if the signature verification is successful.
6. The method of claim 1, wherein the authentication request is for requesting to log in to the identity service system or at least one business service system, wherein any one of the at least one business service system refers to a system that has performed a trust endorsement operation on identity information of the target object.
7. The method of claim 1, wherein the method further comprises:
receiving a data acquisition request submitted by a target service system, wherein the data acquisition request is used for requesting to acquire the identity information of the target object, and the target service system comprises the identity service system and at least one service system;
sending the data acquisition request to a real name server;
receiving the identity information of the target object sent by the real name server, and sending the identity information of the target object to the target service system;
the identity information of the target object is obtained after the real name server receives the authorization success notification message returned by the target object.
8. A method of data processing, comprising:
acquiring an identity registration request submitted by a target object, wherein the identity registration request carries identity information of the target object;
verifying the identity information of the target object, and if the verification is passed, generating an object identity registration credential of the target object based on a digital collection protocol;
the object identity registration credential of the target object is sent to computer equipment so that the computer equipment verifies the object identity verification credential, and if the object identity verification credential is verified, verification passing indication information is generated;
The object identity verification credentials are obtained by analyzing verification data, and the verification data are obtained from an identity verification request of a target object after the computer equipment obtains the identity verification request.
9. The method of claim 8, wherein after the obtaining the identity registration request submitted by the target object, further comprising:
the identity information of the target object is sent to a real name server, so that the real name server calls an identity authentication platform interface to perform real name authentication on the identity information of the target object to generate a real name authentication success notification message, and the real name authentication success notification message is sent to the computer equipment, so that the computer equipment associates the target object with an object identity registration credential generated for the target object;
wherein the real-name authentication includes at least one of: and verifying the validity of the identity information and verifying the security of the identity information.
10. The method of claim 9, wherein the method further comprises:
generating a data acquisition request, wherein the data acquisition request is used for requesting to acquire the identity information of the target object;
Transmitting the data acquisition request to the computer device, so that the computer device transmits the data acquisition request to the real name server;
and receiving the identity information of the target object sent by the computer equipment, wherein the identity information of the target object is acquired after receiving an authorization success notification message returned by the target object by the real name server.
11. A data processing apparatus, comprising:
the acquisition unit is used for acquiring an identity verification request aiming at a target object, and acquiring verification data from the identity verification request, wherein the verification data is generated based on a digital collection protocol;
the processing unit is used for analyzing the verification data to obtain an object identity verification certificate and verifying the object identity verification certificate;
the processing unit is further configured to generate verification passing indication information if verification of the object authentication credential passes.
12. A data processing apparatus, comprising:
the system comprises an acquisition unit, a storage unit and a storage unit, wherein the acquisition unit is used for acquiring an identity registration request submitted by a target object, and the identity registration request carries identity information of the target object;
The processing unit is used for verifying the identity information of the target object, and if the verification is passed, an object identity registration credential of the target object is generated based on a digital collection protocol;
the sending unit is used for sending the object identity registration certificate of the target object to the computer equipment so that the computer equipment verifies the object identity verification certificate, and if the verification of the object identity verification certificate is passed, verification passing indication information is generated;
the object identity verification credentials are obtained by analyzing verification data, and the verification data are obtained from an identity verification request of a target object after the computer equipment obtains the identity verification request.
13. A computer device, comprising: a memory device and a processor;
a memory in which one or more computer programs are stored;
a processor for loading the one or more computer programs to implement the data processing method of any of claims 1-7 or 8-10.
14. A computer readable storage medium, characterized in that the computer readable storage medium stores a computer program adapted to be loaded by a processor and to perform a data processing method according to any of claims 1-7 or 8-10.
15. A computer program product, characterized in that the computer program product comprises a computer program adapted to be loaded by a processor and to perform the data processing method according to any of claims 1-7 or 8-10.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210598416.2A CN117176354A (en) | 2022-05-27 | 2022-05-27 | Data processing method, device, equipment, medium and product |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210598416.2A CN117176354A (en) | 2022-05-27 | 2022-05-27 | Data processing method, device, equipment, medium and product |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117176354A true CN117176354A (en) | 2023-12-05 |
Family
ID=88932345
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210598416.2A Pending CN117176354A (en) | 2022-05-27 | 2022-05-27 | Data processing method, device, equipment, medium and product |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117176354A (en) |
-
2022
- 2022-05-27 CN CN202210598416.2A patent/CN117176354A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110377239B (en) | Data signature method, device, server, system and storage medium | |
| US11030297B2 (en) | Systems and methods for device and user authorization | |
| US10083291B2 (en) | Automating internet of things security provisioning | |
| CN111556006B (en) | Third-party application system login method, device, terminal and SSO service platform | |
| CN108259438B (en) | Authentication method and device based on block chain technology | |
| JP6574168B2 (en) | Terminal identification method, and method, system, and apparatus for registering machine identification code | |
| JP6054457B2 (en) | Private analysis with controlled disclosure | |
| CN105187431B (en) | Login method, server, client and the communication system of third-party application | |
| CN108769230B (en) | Transaction data storage method, device, server and storage medium | |
| US11539526B2 (en) | Method and apparatus for managing user authentication in a blockchain network | |
| CN112651011B (en) | Login verification method, device and equipment for operation and maintenance system and computer storage medium | |
| WO2015143855A1 (en) | Method, apparatus and system for accessing data resources | |
| CN108876669B (en) | Course notarization system and method applied to multi-platform education resource sharing | |
| CN111753014B (en) | Identity authentication method and device based on block chain | |
| CN109492424B (en) | Data asset management method, data asset management device, and computer-readable medium | |
| CN112000744A (en) | Signature method and related equipment | |
| CN116527372B (en) | Internet-based data security interaction system and method | |
| CN110545274A (en) | Method, device and system for UMA service based on people and evidence integration | |
| CN112311779A (en) | Data access control method and device applied to block chain system | |
| CN113129008B (en) | Data processing method, device, computer readable medium and electronic equipment | |
| CN111698196A (en) | Authentication method and micro-service system | |
| US20230403154A1 (en) | Verifier credential determination by a registrant | |
| CN106888200B (en) | Identification association method, information sending method and device | |
| CN115550067B (en) | Industrial Internet interoperation method, system and equipment based on distributed identification | |
| JP2004070814A (en) | Server security management method, device and program |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |