CN117240516A - Signing method and device based on alliance chain, electronic equipment and storage medium - Google Patents

Signing method and device based on alliance chain, electronic equipment and storage medium Download PDF

Info

Publication number
CN117240516A
CN117240516A CN202311097075.1A CN202311097075A CN117240516A CN 117240516 A CN117240516 A CN 117240516A CN 202311097075 A CN202311097075 A CN 202311097075A CN 117240516 A CN117240516 A CN 117240516A
Authority
CN
China
Prior art keywords
information
vehicle
public key
user
verifiable
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202311097075.1A
Other languages
Chinese (zh)
Inventor
姜皓哲
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Bank of China Ltd
Original Assignee
Bank of China Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Bank of China Ltd filed Critical Bank of China Ltd
Priority to CN202311097075.1A priority Critical patent/CN117240516A/en
Publication of CN117240516A publication Critical patent/CN117240516A/en
Pending legal-status Critical Current

Links

Landscapes

  • Traffic Control Systems (AREA)

Abstract

The application discloses a signing method, device, electronic equipment and storage medium based on a alliance chain, which can be applied to the field of blockchain, distributed field or finance field. In the method, a signing application of a first user is received, wherein the signing application carries a first verifiable credential; acquiring a first public key corresponding to the first DID, and decrypting the first verifiable certificate based on the first public key to acquire account information; verifying account information to obtain an account verification result; when the account verification result represents verification pass, encrypting the first verifiable credential by using a second private key corresponding to the second DID to obtain a second verifiable credential; and signing with the first user when the vehicle verification result sent by the road network center server represents verification pass. Therefore, based on the distributed storage mode of the alliance chain, the identity information and the vehicle information of the user are stored in advance, the safety of the user information is improved, the application of the digital identity of the decentralization identification is simplified, and the ETC signing efficiency is improved.

Description

Signing method and device based on alliance chain, electronic equipment and storage medium
Technical Field
The present application relates to the field of blockchain technologies, and in particular, to a signing method and apparatus based on a coalition chain, an electronic device, and a storage medium.
Background
With the rapid development of intelligent traffic, electronic toll collection systems (Electronic Toll Collection, ETC) are becoming popular, and users pay fee deduction online by using ETC when traveling at high speed, thus avoiding the trouble of cash transaction.
At present, ETC has two handling modes of online and offline, in the online handling process, a user needs to register at both a bank and a road network center, and all needs to upload certificate information (such as identity information, license plate information and travel license information) required by handling, so that the signing process is complicated, and signing overtime or signing errors are very easy to occur; in the online under-transaction process, the complicated certificate information verification is removed, and staff is easy to error in the input process, so that signing failure is caused, and in sum, the efficiency of the conventional ETC signing method is lower.
Disclosure of Invention
The application provides a signing method, a signing device, electronic equipment and a storage medium based on a alliance chain, which can improve ETC signing efficiency and bring good experience to users.
In a first aspect, the present application provides a signing method based on a federation chain, which is applied to a bank server in a federation chain system, where the federation chain system further includes a client, a road network center server, and a federation chain network, and the method includes:
receiving a subscription application of a first user corresponding to the client, wherein the subscription application carries a first verifiable credential, the first verifiable credential comprises identity information, vehicle information and account information of the first user, and the first verifiable credential is obtained by encrypting the identity information, the vehicle information and the account information based on a first private key corresponding to a first decentralised identification DID;
acquiring a first public key corresponding to the first DID from the alliance chain network, and decrypting the first verifiable credential based on the first public key to acquire the account information;
verifying the account information to obtain an account verification result;
when the account verification result represents verification, encrypting the first verifiable certificate by using a second private key corresponding to a second DID to obtain a second verifiable certificate, so that the road network center server verifies the vehicle information based on the driving license information of the first user to obtain a vehicle verification result;
And when the vehicle verification result represents verification pass, signing the contract with the first user corresponding to the client.
Optionally, before the receiving the subscription application of the first user corresponding to the client, the method further includes:
receiving a first random number challenge initiated by the client, wherein the first random number challenge carries the first DID, the first public key and a first random number;
after the first random number is successfully verified, the first DID and the first public key are stored in the alliance chain network.
Optionally, after the account information is verified, and an account verification result is obtained, the method further includes:
and initiating a second random number challenge to the road network center server so that the road network center server performs random number verification, wherein the second random number challenge carries the second DID, the second public key and the second random number.
Optionally, the identity information and the vehicle information are pre-stored to the coalition chain network.
Optionally, the federated chain network includes a third party authority, the method further comprising:
receiving a third party subscription application of the third party institution, wherein the third party subscription application carries third party identity information and third party account information;
And signing with the third party organization when the third party account information passes verification, and binding the third party identity information with the third party account information.
In a second aspect, the present application further provides a signing method based on a federation chain, which is applied to a road network center server in a federation chain system, where the federation chain system further includes a bank server, a client, and a federation chain network, and the method includes:
acquiring a first public key and a second public key from the alliance chain network, wherein a first decentralised identification DID corresponds to a first private key and the first public key, and a second DID corresponds to a second private key and the second public key;
decrypting a second verifiable credential according to the second public key to obtain a first verifiable credential, wherein the second verifiable credential is obtained by encrypting the first verifiable credential based on the second private key, the first verifiable credential comprises identity information, vehicle information and account information of a first user, and the first verifiable credential is obtained by encrypting the identity information, the vehicle information and the account information based on the first private key;
decrypting the first verifiable credential according to the first public key to obtain the vehicle information;
Verifying the vehicle information according to the driving license information of the first user to obtain a vehicle verification result;
and when the vehicle verification result represents verification pass, sending the vehicle verification result to the bank server so that the bank server can sign the first user corresponding to the client.
Optionally, the method further comprises:
generating OBU information of a vehicle-mounted electronic tag, uploading the OBU information to the alliance chain network and binding the vehicle information;
and obtaining OBU equipment according to the OBU information, and sending the OBU equipment to the first user.
In a third aspect, the present application further provides a signing device based on a federation chain, which is applied to a bank server in a federation chain system, where the federation chain system further includes a client, a road network center server, and a federation chain network, and the device includes:
the receiving unit is used for receiving a subscription application of a first user corresponding to the client, wherein the subscription application carries a first verifiable certificate, the first verifiable certificate comprises identity information, vehicle information and account information of the first user, and the first verifiable certificate is obtained by encrypting the identity information, the vehicle information and the account information based on a first private key corresponding to a first decentralization identifier DID;
The decryption unit is used for acquiring a first public key corresponding to the first DID from the alliance chain network, and decrypting the first verifiable certificate based on the first public key to acquire the account information;
the verification unit is used for verifying the account information to obtain an account verification result;
the encryption unit is used for encrypting the first verifiable certificate by using a second private key corresponding to a second DID when the account verification result represents verification pass, so as to obtain a second verifiable certificate, and the road network center server can obtain the second verifiable certificate and verify the vehicle information based on the driving license information of the first user to obtain a vehicle verification result;
and the signing unit is used for signing the first user corresponding to the client when the vehicle verification result represents verification pass.
Optionally, the device further comprises a security verification unit, wherein the security verification unit is specifically configured to:
receiving a first random number challenge initiated by the client, wherein the first random number challenge carries the first DID, the first public key and a first random number;
after the first random number is successfully verified, the first DID and the first public key are stored in the alliance chain network.
Optionally, the security verification unit is further configured to:
and initiating a second random number challenge to the road network center server so that the road network center server performs random number verification, wherein the second random number challenge carries the second DID, the second public key and the second random number.
Optionally, the identity information and the vehicle information are pre-stored to the coalition chain network.
Optionally, the federation chain network includes a third party authority, and the signing unit is further configured to:
receiving a third party subscription application of the third party institution, wherein the third party subscription application carries third party identity information and third party account information;
and signing with the third party organization when the third party account information passes verification, and binding the third party identity information with the third party account information.
In a fourth aspect, the present application further provides a signing device based on a federation chain, which is applied to a road network center server in a federation chain system, where the federation chain system further includes a bank server, a client, and a federation chain network, and the device includes:
the acquisition unit is used for acquiring a first public key and a second public key from the alliance chain network, wherein the first decentralised identification DID corresponds to the first private key and the first public key, and the second DID corresponds to the second private key and the second public key;
The first decryption unit is used for decrypting a second verifiable credential according to the second public key to obtain a first verifiable credential, the second verifiable credential is obtained by encrypting the first verifiable credential based on the second private key, the first verifiable credential comprises identity information, vehicle information and account information of a first user, and the first verifiable credential is obtained by encrypting the identity information, the vehicle information and the account information based on the first private key;
a second decryption unit, configured to decrypt the first verifiable credential according to the first public key to obtain the vehicle information;
the verification unit is used for verifying the vehicle information according to the driving license information of the first user to obtain a vehicle verification result;
and the sending unit is used for sending the vehicle verification result to the bank server when the vehicle verification result represents verification pass so that the bank server signs up with the first user corresponding to the client and binds the vehicle information with the account information.
Optionally, the sending unit is further configured to:
generating OBU information of a vehicle-mounted electronic tag, uploading the OBU information to the alliance chain network and binding the vehicle information;
And obtaining OBU equipment according to the OBU information, and sending the OBU equipment to the first user.
In a fifth aspect, the present application further provides a federation chain system, where the federation chain system includes a bank server, a road network center server, a client, and a federation chain network, where the federation chain network includes a bank node, a user node, and a road network center node, where the user node corresponds to the client, the bank node corresponds to the bank server, and the road network center node corresponds to the road network center server.
In a sixth aspect, the present application also provides an electronic device, including a processor and a memory:
the memory is used for storing a computer program;
the processor is configured to execute the method provided in the first aspect or the second aspect according to the computer program.
In a seventh aspect, the present application also provides a computer readable storage medium for storing a computer program for performing the method provided in the first or second aspect above.
From this, the application has the following beneficial effects:
the application provides a signing method, a signing device, electronic equipment and a storage medium based on a alliance chain, which are applied to a bank server in an alliance chain system, wherein the alliance chain system also comprises a client, a road network center server and an alliance chain network, and the method comprises the following steps: receiving a signing application of a first user corresponding to a client, wherein the signing application carries a first verifiable credential, the first verifiable credential comprises identity information, vehicle information and account information of the first user, and the first verifiable credential is obtained by encrypting the identity information, the vehicle information and the account information based on a first private key corresponding to a first decentralised identification DID; acquiring a first public key corresponding to the first DID from the alliance chain network, and decrypting the first verifiable credential based on the first public key to acquire account information; verifying account information to obtain an account verification result; when the account verification result represents verification pass, encrypting the first verifiable credential by using a second private key corresponding to the second DID to obtain a second verifiable credential, so that the road network center server verifies the vehicle information based on the driving license information of the first user to obtain a vehicle verification result; when the vehicle verification result represents that the verification passes, signing is conducted on the first user corresponding to the client, and the vehicle information is bound with the account information. Thus, through the signing method provided by the embodiment of the application, on one hand, the non-tamper-evident property of the credentials can be verified, the damage to the interests of both transaction parties is avoided, and in addition, the zero knowledge proving characteristic of the credentials can be verified, so that the privacy leakage of users is avoided while the verifiability is met, and the dual requirements of privacy and verifiability are met to a certain extent; on the other hand, based on the distributed storage mode of the alliance chain, the identity information and the vehicle information of the user are stored in advance, so that the safety and the stability of the user information are improved, the application of the digital identity of the decentralization identification simplifies signing and authentication processes, the signing efficiency of ETC is improved, and good experience is brought to the user.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings required for the description of the embodiments will be briefly described below, and it is apparent that the drawings in the following description are only some embodiments described in the present application, and other drawings may be obtained according to these drawings for those of ordinary skill in the art.
FIG. 1 is a flow chart of a signing method based on a alliance chain in an embodiment of the application;
FIG. 2 is a flowchart of another signing method based on a federation chain according to an embodiment of the present application;
FIG. 3 is a flowchart of another signing method based on a federation chain according to an embodiment of the present application;
fig. 4 is a schematic structural diagram of a signing device 400 based on a federation chain according to an embodiment of the present application;
fig. 5 is a schematic structural diagram of another signing device 500 based on a federation chain according to an embodiment of the present application;
fig. 6 is a schematic structural diagram of an electronic device 600 according to an embodiment of the present application.
Detailed Description
The plurality of the embodiments of the present application is greater than or equal to two. It should be noted that, in the description of the embodiments of the present application, the terms "first," "second," and the like are used for distinguishing between the descriptions and not necessarily for indicating or implying a relative importance, or alternatively, for indicating or implying a sequential order.
It should be noted that, the user information (including but not limited to user equipment information, user personal information, etc.) and the data (including but not limited to data for analysis, stored data, presented data, etc.) related to the present application are information and data authorized by the user or sufficiently authorized by each party, and the collection, use and processing of the related data need to comply with the related laws and regulations and standards of the related country and region.
It should be noted that, the signing method, device, electronic equipment and storage medium based on the alliance chain can be used in the blockchain field, the distributed field or the financial field. The method and the device can be used in any field except the blockchain field, the distributed field and the financial field, and the above is only an example and is not limited to the application field of the signing method, the signing device, the electronic equipment and the storage medium based on the alliance chain.
In order that the above-recited objects, features and advantages of the present application will become more readily apparent, a more particular description of embodiments of the application will be rendered by reference to the appended drawings and appended drawings. It is to be understood that the specific embodiments described herein are merely illustrative of the application and are not limiting thereof. In addition, for convenience of description, only a part, not all, of the structures related to the present application are shown in the drawings.
At present, the ETC signing process is complex, and the signing method is low in efficiency. Specifically, in the online transaction process, the user needs to register at both a bank and a road network center, and all the certificate information (such as identity information, license plate information and driving license information) needed by transaction is required to be uploaded, so that the signing process is complicated, and signing overtime or signing errors are easy to occur; in the online under-transaction process, a user submits information of an identity card, a driving license and a bank card at a bank and fills out an application form, and after the vehicle information is checked and passed by a network center, OBU equipment is taken, and the complicated certificate information verification is removed, so that staff is easy to have errors in the input process, and signing failure is caused.
Based on the above, the application provides a signing method, a signing device, an electronic device and a storage medium based on a alliance chain, which are applied to a bank server in an alliance chain system, wherein the alliance chain system also comprises a client, a road network center server and an alliance chain network, and the method comprises the following steps: receiving a signing application of a first user corresponding to a client, wherein the signing application carries a first verifiable credential, the first verifiable credential comprises identity information, vehicle information and account information of the first user, and the first verifiable credential is obtained by encrypting the identity information, the vehicle information and the account information based on a first private key corresponding to a first decentralised identification DID; acquiring a first public key corresponding to the first DID from the alliance chain network, and decrypting the first verifiable credential based on the first public key to acquire account information; verifying account information to obtain an account verification result; when the account verification result represents verification pass, encrypting the first verifiable credential by using a second private key corresponding to the second DID to obtain a second verifiable credential, so that the road network center server verifies the vehicle information based on the driving license information of the first user to obtain a vehicle verification result; when the vehicle verification result represents that the verification passes, signing is conducted on the first user corresponding to the client, and the vehicle information is bound with the account information.
Thus, according to the signing method provided by the embodiment of the application, on one hand, by utilizing the non-falsifiability of the verifiable credentials, a blacklist user of malicious debt and other actions can be identified as soon as possible, and the blacklist user is shared to other nodes on the alliance chain network, so that the interests of both transaction parties are prevented from being damaged; on the other hand, based on the distributed storage mode of the alliance chain, the identity information and the vehicle information of the user are stored in advance, the safety and the stability of the user information are improved, the application of the digital identity of the decentralization identification simplifies signing and authentication processes, and when the user intends to sign up a certain bank, the user only needs to acquire related information from the alliance chain network and provide the related information to a bank server, so that the signing efficiency of ETC is improved, and good experience is brought to the user.
First, terms that may be involved in the present application will be explained:
1) Distributed identity, also known as distributed identity, is based on the digital identity of the blockchain.
2) The alliance chain (Consortium Blockchain) refers to a blockchain with a plurality of institutions participating in management together, each institution runs one or more nodes, and data of each node only allows different institutions in the alliance chain to read, write and send transactions and records transaction data together.
3) The verifiable credential (Verifiable Credential) is a tamper-resistant credential signed and encrypted by a issuer, and has the characteristics of cryptographic security, privacy protection and machine-readable.
4) The decentralised avatar identifier (Decentralized Identity, DID), a globally unique, verifiable, self-righting novel identity identifier, is a core component of decentralised digital identity and decentralised public key infrastructure construction.
5) The road network center is an ETC issue authentication and supervision platform, and usually signs a landing protocol with a cooperative bank to increase the development speed of ETC users.
6) An On Board Unit (OBU) device is a device for microwave communication with a high-speed intersection On a vehicle, and is a physical carrier for ETC fee deduction.
In order to facilitate understanding of the specific implementation of the subscription method based on the federation chain provided by the embodiment of the present application, the following description will be given with reference to the accompanying drawings.
It should be noted that, the main body implementing the signing method based on the coalition chain may be the signing device based on the coalition chain provided by the embodiment of the present application, and may also be carried in an electronic device or a functional module of the electronic device. The electronic device in the embodiment of the present application may be any device capable of implementing the subscription method based on the federation chain in the embodiment of the present application, for example, may be an internet of things (Internet ofThings, ioT) device.
Referring to fig. 1, fig. 1 is a flowchart of a signing method based on a federation chain, which may be applied to a signing device based on a federation chain, for example, the signing device based on a federation chain 400 shown in fig. 4, or the signing device based on a federation chain may be a functional module integrated in the electronic device 600 shown in fig. 6.
In the embodiment of the application, the bank server applied to the alliance chain system further comprises a client, a road network center server and an alliance chain network, and the method can comprise the following steps:
s101: receiving a subscription application of a first user corresponding to a client, wherein the subscription application carries a first verifiable certificate, the first verifiable certificate comprises identity information, vehicle information and account information of the first user, and the first verifiable certificate is obtained by encrypting the identity information, the vehicle information and the account information based on a first private key corresponding to a first decentralization identification DID.
It should be noted that, the client may be a client of the first user, or may be a client of a banking service hall; the account information refers to account information (such as a bank card account or a passbook account) for deduction, and a bank reserved mobile phone number corresponding to the account information can be provided in consideration of actual scene requirements; the vehicle information may include, but is not limited to, vehicle information, driver's license information, and travel license information; the identity information (e.g., identification card number) and the vehicle information (e.g., license plate number, vehicle color) are information that is audited (e.g., third party authority) and pre-stored to the coalition chain network, where pre-storing may refer to the user storing the identity information and the vehicle information when the coalition chain is registered. The combined information of the identity information and the vehicle information serves as a globally unique ID identification in the coalition chain network, that is, a first DID, which corresponds to the first user, and which is an identifier of the combined information of the identity information and the vehicle information.
In some implementations, to further improve the security of the transaction process, the vehicle information may be encrypted according to the first private key to obtain encrypted vehicle information, and then the identity information, the encrypted vehicle information, and the account information may be encrypted according to the first private key to obtain the first verifiable credential.
It should be noted that, the private key corresponding to each node is stored locally, the node itself is directly used, the public key is stored in the uplink after being challenged by the random number and verified safely, and other nodes can query the corresponding public key on the alliance chain network through the DID; the first DID corresponds to the first private key and the first public key, where the first public key in the client needs to be uploaded to the federation chain network after verifying that both communication parties are connected securely, that is, before S101, the method provided by the embodiment of the present application may further include: receiving a first random number challenge initiated by a client, wherein the first random number challenge carries a first DID, a first public key and a first random number; after the first random number is successfully authenticated, the first DID and the first public key are stored to the federated chain network.
In other implementations, the bank server corresponds to the second DID, that is, the second DID is an identifier of the bank server, the first random challenge may also be initiated by the bank server using the second DID, specifically, the bank server initiates the first random challenge to the client, where the first random challenge carries the second DID and the first random, the client queries the federation chain network to obtain a second public key corresponding to the second DID, encrypts the first DID, the first public key, and the first random number with the first private key and returns the encrypted first public key to the bank server, the bank server verifies the first random number successfully, that is, proves information security of both parties, the bank party approves the information related to the first user, and stores the first DID and the first public key of the first user to the federation chain network for obtaining by other nodes.
S102: and acquiring a first public key corresponding to the first DID from the alliance chain network, and decrypting the first verifiable certificate based on the first public key to acquire account information.
It should be noted that, based on the characteristic that the verifiable certificate has zero knowledge proof, the account information here may be non-specific account information, and the bank server may verify whether the account information of the first user is correct without acquiring specific actual information included in the account information.
S103: and verifying the account information to obtain an account verification result.
It should be noted that, when verifying account information, the bank server need not obtain the specific content of the account information, and only needs to verify the account information to obtain the account verification result.
In some implementations, in order to verify whether the communication between the bank server and the road network center server is secure, after S103, the method provided by the embodiment of the present application may further include: and initiating a second random number challenge to the road network center server so that the road network center server performs random number verification, wherein the second random number challenge carries a second DID, a second public key and a second random number.
S104: when the account verification result represents verification pass, the first verifiable credential is encrypted by using a second private key corresponding to the second DID to obtain a second verifiable credential, so that the road network center server verifies the vehicle information based on the driving license information of the first user to obtain a vehicle verification result.
In some implementations, the second verifiable credential may also be obtained by encrypting the account verification result and the first verifiable credential according to the second private key, without affecting the implementation of the embodiments of the present application.
In other implementations, if the account verification result is failed, returning to the user subscription application sending stage, and only if the account verification result is passed, sending a request for vehicle information verification to the road network center server.
In other implementations, to prevent the validation voucher from being counterfeited, the second validation voucher may also carry a digital signature and a timestamp of the banking server.
S105: when the vehicle verification result represents that the verification passes, signing is conducted on the first user corresponding to the client, and the vehicle information is bound with the account information.
When the vehicle verification result is characterized to be passed, the verification of the information required by the first user is completed, and after the signing is completed, the bank server returns the signing information to the road network center server to complete synchronization. In addition, after the first user signs up successfully, a logout application can be sent to the bank server to logout ETC, and broadcast in the alliance chain network after logout is completed.
In some implementations, to expand the application scenario of ETC, the coalition chain network may further include a third party authority corresponding to the third node, which may be, for example, a gas station or a parking lot. Then, before the third party authority accesses the federation chain network, the method provided by the embodiment of the present application may further include: receiving a third-party signing application of a third-party institution, wherein the third-party signing application carries third-party identity information and third-party account information; when the verification of the third party account information is passed, signing with the third party institution, and binding the third party identity information with the third party account information.
In addition, before the third party organization makes a subscription application, a random number challenge is performed to verify whether the communication between the two parties is safe, specifically, the bank server initiates a third random number challenge to the third party organization, and after the verification is successful, the third DID (combination of the third party identity information and the third party account information) and the third public key are uploaded to the alliance chain network, and the third DID corresponds to the third public key. In the actual application scene, the first user authorizes the third party mechanism, the first user drives into the third party mechanism, the ETC automatic fee deduction function is triggered, the account information corresponding to the first user is deducted, and the third party account information is added. It should be noted that, in the embodiment of the present application, the usage scenario of the ETC is enlarged, so that the ETC is not limited to the fee deduction of the high-speed toll station, and the permission is provided to access the third party mechanism, thereby improving the usage feeling of the user.
Thus, through the method provided by the embodiment of the application, the identity information and the vehicle information of the user are stored in advance based on the distributed storage mode of the alliance chain, and the application of the digital identity of the decentralization identification simplifies the signing and authentication flow, when the user intends to sign up for a certain bank, only related information is required to be acquired from the alliance chain network and provided for a bank server, so that the signing efficiency of ETC is improved; in addition, the access of the third party mechanism expands the application scene of ETC, increases the coverage of ETC, and brings good experience to users.
Referring to fig. 2, fig. 2 is a flowchart of another signing method based on a federation chain according to an embodiment of the present application, where the method may be applied to a signing device based on a federation chain, and the signing device based on a federation chain may be, for example, the signing device based on a federation chain 500 shown in fig. 5, or the signing device based on a federation chain may also be a functional module integrated into the electronic device 600 shown in fig. 6.
In the embodiment of the application, the road network center server applied to the alliance chain system further comprises a bank server, a client and an alliance chain network, and the method comprises the following steps:
S201: the method comprises the steps of obtaining a first public key and a second public key from a alliance chain network, wherein a first decentralised identification DID corresponds to the first private key and the first public key, and a second DID corresponds to the second private key and the second public key.
S202: decrypting the second verifiable credential according to the second public key to obtain a first verifiable credential, wherein the second verifiable credential is obtained by encrypting the first verifiable credential based on the second private key, the first verifiable credential comprises identity information, vehicle information and account information of the first user, and the first verifiable credential is obtained by encrypting the identity information, the vehicle information and the account information based on the first private key.
S203: the first verifiable credential is decrypted according to the first public key to obtain vehicle information.
S204: and verifying the vehicle information according to the driving license information of the first user to obtain a vehicle verification result.
It should be noted that, the road network center server may obtain the stored driver license information (or driving license information) corresponding to the first user, and verify the vehicle information through the driver license information, so as to verify that the applicant of ETC is consistent with the owner of the motor vehicle. Of course, the road network center server can also obtain other information capable of achieving the verification purpose, and the implementation of the embodiment of the application is not affected.
S205: and when the vehicle verification result represents verification pass, the vehicle verification result is sent to the bank server so that the bank server signs up with the first user corresponding to the client.
In addition, the central server in the road network can receive the subscription information or the cancellation information sent by the bank server through the alliance chain network so as to complete synchronization.
In some implementations, the method provided by the embodiments of the present application may further include generating OBU information of the vehicle-mounted electronic tag, uploading the OBU information to the coalition chain network, and binding the vehicle information; and obtaining the OBU equipment according to the OBU information, and sending the OBU equipment to the first user. In this way, the association of the OBU information and the account information can be completed through the vehicle information, and money can be deducted rapidly when the user uses ETC.
Referring to fig. 3, fig. 3 is a flow chart of another signing method based on a federation chain according to an embodiment of the present application. The federated link system 2 includes a federated link network 1, a client 21, a bank server 22, a road network center server 23 and a third party authority 24, where the federated link network 1 includes a user node 11, a bank node 11, a road network center node 13 and a third party node 14, the user node 11 corresponds to the client 21, the third party node 14 corresponds to the third party authority 24, the bank node 12 corresponds to the bank server 22, the road network center node 13 corresponds to the road network center server 23, the client 21, the bank server 22, the road network center server 23 and the third party authority 24 can implement interaction through information stored by corresponding nodes in the federated link network 1, and the following specifically describes a flowchart of an embodiment of the federated link system 2 and the federated link network 1, for example, may include the following steps:
S301: the first user uploads the identity information, the vehicle information to the coalition chain network 1 through the client 21.
S302: the first user sends a subscription application to the bank server 22 through the client 21, wherein the subscription application carries a first verifiable credential, and the first verifiable credential comprises identity information, vehicle information and account information.
S303: the account verification passes and the bank server 22 sends a second verifiable credential to the road network center server 23.
S304: the road network center server 23 transmits a message that the vehicle authentication passes to the bank server 22.
S305: the bank server 22 sends a message of successful subscription to the first user corresponding to the client 21.
S306: the road network center server 23 sends the OBU device to the first user corresponding to the client 21, uploads the OBU information to the coalition chain network 1, and binds with the vehicle information of the first user.
S311: the third party authority 24 uploads the third identity information, the third account information to the coalition chain network 1.
S312: the third party authority 24 sends a third party subscription request to the bank server 22, the third party subscription request carrying third party identity information and third party account information.
S313: the bank server 22 sends a message to the third party authority 24 that the subscription was successful.
Referring to fig. 4, an embodiment of the present application further provides a signing device 400 based on a federation chain, which is applied to a bank server in a federation chain system, the federation chain system further including a client, a road network center server, and a federation chain network, the device 400 including,
a receiving unit 401, configured to receive a subscription application of a first user corresponding to the client, where the subscription application carries a first verifiable credential, where the first verifiable credential includes identity information, vehicle information, and account information of the first user, and the first verifiable credential is obtained by encrypting the identity information, the vehicle information, and the account information based on a first private key corresponding to a first decentralised identifier DID;
a decryption unit 402, configured to obtain a first public key corresponding to the first DID from the federation chain network, decrypt the first verifiable credential based on the first public key to obtain the account information;
a verification unit 403, configured to verify the account information to obtain an account verification result;
an encryption unit 404, configured to encrypt the first verifiable credential with a second private key corresponding to a second DID when the account verification result indicates that verification passes, obtain a second verifiable credential, so that the road network center server obtains the second verifiable credential, and verify the vehicle information based on the driving license information of the first user, to obtain a vehicle verification result;
And the signing unit 405 is configured to sign a sign of the first user corresponding to the client when the vehicle verification result indicates that the verification is passed.
Optionally, the apparatus 400 further comprises a security verification unit, specifically configured to:
receiving a first random number challenge initiated by the client, wherein the first random number challenge carries the first DID, the first public key and a first random number;
after the first random number is successfully verified, the first DID and the first public key are stored in the alliance chain network.
Optionally, the security verification unit is further configured to:
and initiating a second random number challenge to the road network center server so that the road network center server performs random number verification, wherein the second random number challenge carries the second DID, the second public key and the second random number.
Optionally, the identity information and the vehicle information are pre-stored to the coalition chain network.
Optionally, the federation chain network includes a third party authority, and the signing unit 405 is further configured to:
receiving a third party subscription application of the third party institution, wherein the third party subscription application carries third party identity information and third party account information;
And signing with the third party organization when the third party account information passes verification, and binding the third party identity information with the third party account information.
It should be noted that, the specific implementation manner and the achieved technical effect of the apparatus 400 may be referred to as related description in the method shown in fig. 1.
Referring to fig. 5, the embodiment of the present application further provides a signing device 500 based on a federation chain, which is applied to a road network center server in a federation chain system, where the federation chain system further includes a bank server, a client, and a federation chain network, and the device 500 includes:
an obtaining unit 501, configured to obtain a first public key and a second public key from the federation chain network, where a first decentralised identifier DID corresponds to a first private key and the first public key, a second DID corresponds to a second private key and the second public key, the second DID is an identifier of the bank server, and the first DID is an identifier of combined information of the identity information and the vehicle information;
a first decryption unit 502, configured to decrypt a second verifiable credential according to the second public key to obtain a first verifiable credential, where the second verifiable credential is obtained by encrypting the first verifiable credential based on the second private key, the first verifiable credential includes identity information, vehicle information, and account information of a first user, and the first verifiable credential is obtained by encrypting the identity information, the vehicle information, and the account information based on the first private key;
A second decryption unit 503, configured to decrypt the first verifiable credential according to the first public key to obtain the vehicle information;
a verification unit 504, configured to verify the vehicle information according to the driver license information of the first user, and obtain a vehicle verification result;
and the sending unit 505 is configured to send the vehicle verification result to the bank server when the vehicle verification result indicates that the verification passes, so that the bank server signs up with the first user corresponding to the client, and binds the vehicle information to the account information.
Optionally, the sending unit 505 is further configured to:
generating OBU information of a vehicle-mounted electronic tag, uploading the OBU information to the alliance chain network and binding the vehicle information;
and obtaining OBU equipment according to the OBU information, and sending the OBU equipment to the first user.
It should be noted that, the specific implementation manner and the achieved technical effect of the apparatus 500 may be referred to as related description in the method shown in fig. 2.
In addition, an embodiment of the present application further provides an electronic device 600, as shown in fig. 6, where the electronic device 600 includes a processor 601 and a memory 602:
The memory 602 is used for storing a computer program;
the processor 601 is arranged to execute the method provided in fig. 1 or fig. 2 according to the computer program.
In addition, the embodiment of the application also provides a computer readable storage medium for storing a computer program for executing the method provided by the embodiment of the application.
From the above description of embodiments, it will be apparent to those skilled in the art that all or part of the steps of the above described example methods may be implemented in software plus general hardware platforms. Based on such understanding, the technical solution of the present application may be embodied in the form of a software product, which may be stored in a storage medium, such as a read-only memory (ROM)/RAM, a magnetic disk, an optical disk, etc., and includes several instructions for causing a computer device (which may be a personal computer, a server, or a network communication device such as a router) to perform the method according to the embodiments or some parts of the embodiments of the present application.
In this specification, each embodiment is described in a progressive manner, and identical and similar parts of each embodiment are all referred to each other, and each embodiment mainly describes differences from other embodiments. In particular, for the device embodiments, since they are substantially similar to the method embodiments, the description is relatively simple, and reference is made to the description of the method embodiments for relevant points. The apparatus embodiments described above are merely illustrative, in which the modules illustrated as separate components may or may not be physically separate, and the components shown as modules may or may not be physical modules, i.e., may be located in one place, or may be distributed over a plurality of network elements. Some or all of the modules may be selected according to actual needs to achieve the objective of the embodiment. Those of ordinary skill in the art will understand and implement the present application without undue burden.
The foregoing is merely a preferred embodiment of the present application and is not intended to limit the scope of the present application. It should be noted that modifications and adaptations to the present application may occur to one skilled in the art without departing from its scope.

Claims (11)

1. The signing method based on the alliance chain is characterized by being applied to a bank server in an alliance chain system, wherein the alliance chain system further comprises a client, a road network center server and an alliance chain network, and the method comprises the following steps:
receiving a subscription application of a first user corresponding to the client, wherein the subscription application carries a first verifiable credential, the first verifiable credential comprises identity information, vehicle information and account information of the first user, and the first verifiable credential is obtained by encrypting the identity information, the vehicle information and the account information based on a first private key corresponding to a first decentralised identification DID;
acquiring a first public key corresponding to the first DID from the alliance chain network, and decrypting the first verifiable credential based on the first public key to acquire the account information;
Verifying the account information to obtain an account verification result;
when the account verification result represents verification, encrypting the first verifiable certificate by using a second private key corresponding to a second DID to obtain a second verifiable certificate, so that the road network center server verifies the vehicle information based on the driving license information of the first user to obtain a vehicle verification result;
and when the vehicle verification result represents verification pass, signing the contract with the first user corresponding to the client.
2. The method of claim 1, wherein prior to receiving the subscription application of the first user corresponding to the client, the method further comprises:
receiving a first random number challenge initiated by the client, wherein the first random number challenge carries the first DID, the first public key and a first random number;
after the first random number is successfully verified, the first DID and the first public key are stored in the alliance chain network.
3. The method according to claim 1, wherein after said verifying said account information, obtaining an account verification result, the method further comprises:
And initiating a second random number challenge to the road network center server so that the road network center server performs random number verification, wherein the second random number challenge carries the second DID, the second public key and the second random number.
4. The method of claim 1, wherein the identity information and the vehicle information are pre-stored to the coalition chain network.
5. The method of claim 1, the federated chain system comprising a third party authority, the method further comprising:
receiving a third party subscription application of the third party institution, wherein the third party subscription application carries third party identity information and third party account information;
and signing with the third party organization when the third party account information passes verification, and binding the third party identity information with the third party account information.
6. The signing method based on the alliance chain is characterized by being applied to a road network center server in an alliance chain system, wherein the alliance chain system further comprises a bank server, a client and an alliance chain network, and the method comprises the following steps:
acquiring a first public key and a second public key from the alliance chain network, wherein a first decentralised identification DID corresponds to a first private key and the first public key, and a second DID corresponds to a second private key and the second public key;
Decrypting a second verifiable credential according to the second public key to obtain a first verifiable credential, wherein the second verifiable credential is obtained by encrypting the first verifiable credential based on the second private key, the first verifiable credential comprises identity information, vehicle information and account information of a first user, and the first verifiable credential is obtained by encrypting the identity information, the vehicle information and the account information based on the first private key;
decrypting the first verifiable credential according to the first public key to obtain the vehicle information;
verifying the vehicle information according to the driving license information of the first user to obtain a vehicle verification result;
and when the vehicle verification result representation verification passes, sending the vehicle verification result to the bank server so that the bank server signs up with the first user corresponding to the client.
7. The method of claim 6, wherein the method further comprises:
generating OBU information of a vehicle-mounted electronic tag, uploading the OBU information to the alliance chain network and binding the vehicle information;
and obtaining OBU equipment according to the OBU information, and sending the OBU equipment to the first user.
8. A subscription apparatus based on a federation chain, which is applied to a bank server in a federation chain system, the federation chain system further comprising a client, a road network center server, and a federation chain network, the apparatus comprising:
the receiving unit is used for receiving a subscription application of a first user corresponding to the client, wherein the subscription application carries a first verifiable certificate, the first verifiable certificate comprises identity information, vehicle information and account information of the first user, and the first verifiable certificate is obtained by encrypting the identity information, the vehicle information and the account information based on a first private key corresponding to a first decentralization identifier DID;
the decryption unit is used for acquiring a first public key corresponding to the first DID from the alliance chain network, and decrypting the first verifiable certificate based on the first public key to acquire the account information;
the verification unit is used for verifying the account information to obtain an account verification result;
the encryption unit is used for encrypting the first verifiable certificate by using a second private key corresponding to a second DID when the account verification result represents verification pass, so as to obtain a second verifiable certificate, and the road network center server can obtain the second verifiable certificate and verify the vehicle information based on the driving license information of the first user to obtain a vehicle verification result;
And the signing unit is used for signing the first user corresponding to the client when the vehicle verification result represents verification pass.
9. A signing device based on a federation chain, which is characterized by being applied to a road network center server in a federation chain system, wherein the federation chain system further comprises a bank server, a client and a federation chain network, and the device comprises:
the acquisition unit is used for acquiring a first public key and a second public key from the alliance chain network, wherein the first decentralised identification DID corresponds to the first private key and the first public key, and the second DID corresponds to the second private key and the second public key;
the first decryption unit is used for decrypting a second verifiable credential according to the second public key to obtain a first verifiable credential, the second verifiable credential is obtained by encrypting the first verifiable credential based on the second private key, the first verifiable credential comprises identity information, vehicle information and account information of a first user, and the first verifiable credential is obtained by encrypting the identity information, the vehicle information and the account information based on the first private key;
a second decryption unit, configured to decrypt the first verifiable credential according to the first public key to obtain the vehicle information;
The verification unit is used for verifying the vehicle information according to the driving license information of the first user to obtain a vehicle verification result;
and the sending unit is used for sending the vehicle verification result to the bank server when the vehicle verification result represents verification pass so that the bank server signs up with the first user corresponding to the client.
10. An electronic device comprising a memory and a processor;
the memory is used for storing a computer program or instructions;
the processor is configured to invoke a computer program or instructions stored in the memory to cause the litigation platform to perform the method of any of the above claims 1-5, or 6-7.
11. A computer readable storage medium having instructions stored therein which, when run on a computer, cause the computer to perform the method of any of the preceding claims 1-5, or 6-7.
CN202311097075.1A 2023-08-29 2023-08-29 Signing method and device based on alliance chain, electronic equipment and storage medium Pending CN117240516A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202311097075.1A CN117240516A (en) 2023-08-29 2023-08-29 Signing method and device based on alliance chain, electronic equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202311097075.1A CN117240516A (en) 2023-08-29 2023-08-29 Signing method and device based on alliance chain, electronic equipment and storage medium

Publications (1)

Publication Number Publication Date
CN117240516A true CN117240516A (en) 2023-12-15

Family

ID=89092165

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202311097075.1A Pending CN117240516A (en) 2023-08-29 2023-08-29 Signing method and device based on alliance chain, electronic equipment and storage medium

Country Status (1)

Country Link
CN (1) CN117240516A (en)

Similar Documents

Publication Publication Date Title
US10829088B2 (en) Identity management for implementing vehicle access and operation management
CN106899570B (en) The processing method of two dimensional code, apparatus and system
US11568396B2 (en) Method for using and revoking authentication information and blockchain-based server using the same
CN106327184B (en) A kind of mobile intelligent terminal payment system and method based on secure hardware isolation
CN106302510B (en) Authorization method, system, mobile terminal and the server of virtual key
CN112165382B (en) Software authorization method and device, authorization server side and terminal equipment
CN108650220B (en) Method and equipment for issuing and acquiring mobile terminal certificate and automobile end chip certificate
CN108881167A (en) A kind of intelligent contract of finite field block catenary system
CN105376208B (en) Secure data verification method, system and computer readable storage medium
CN103888252A (en) UID, PID, and APPID-based control application access permission method
CN101841525A (en) Secure access method, system and client
CN105681340B (en) A kind of application method and device of digital certificate
CN112448946B (en) Log auditing method and device based on block chain
CN110674531A (en) Residence information management method, device, server and medium based on block chain
CN107609878A (en) A kind of safety certifying method and system of shared automobile
CN102693478A (en) Trading method of bid security during bidding procedure and system thereof
CN112073967B (en) Method and device for downloading identity certificate of mobile phone shield equipment and electronic equipment
CN106027254A (en) Secret key use method for identity card reading terminal in identity card authentication system
CN112446701B (en) Identity authentication method, equipment and storage device based on blockchain
CN109102575B (en) Method and system for realizing post-payment electronic ticket
CN109600338B (en) Trusted identity management service method and system
CN111147501A (en) Bluetooth key inquiry method and device
CN106027474A (en) Identity card reading terminal in identity card authentication system
CN117240516A (en) Signing method and device based on alliance chain, electronic equipment and storage medium
Gudymenko et al. A simple and secure e-ticketing system for intelligent public transportation based on NFC

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination