CN117254982B - Digital identity verification method and system based on block chain - Google Patents

Digital identity verification method and system based on block chain Download PDF

Info

Publication number
CN117254982B
CN117254982B CN202311540673.1A CN202311540673A CN117254982B CN 117254982 B CN117254982 B CN 117254982B CN 202311540673 A CN202311540673 A CN 202311540673A CN 117254982 B CN117254982 B CN 117254982B
Authority
CN
China
Prior art keywords
identity
digital
identity verification
blockchain
result
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202311540673.1A
Other languages
Chinese (zh)
Other versions
CN117254982A (en
Inventor
李伟民
刘志乐
孙珂
伍世民
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Sangda Yinluo Technology Co ltd
Original Assignee
Shenzhen Sangda Yinluo Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Sangda Yinluo Technology Co ltd filed Critical Shenzhen Sangda Yinluo Technology Co ltd
Priority to CN202311540673.1A priority Critical patent/CN117254982B/en
Publication of CN117254982A publication Critical patent/CN117254982A/en
Application granted granted Critical
Publication of CN117254982B publication Critical patent/CN117254982B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/22Payment schemes or models
    • G06Q20/223Payment schemes or models based on the use of peer-to-peer networks
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3825Use of electronic signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3829Payment protocols; Details thereof insuring higher security of transaction involving key management
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4014Identity check for transactions
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4014Identity check for transactions
    • G06Q20/40145Biometric identity checks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0861Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/50Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Computer Security & Cryptography (AREA)
  • Accounting & Taxation (AREA)
  • General Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Theoretical Computer Science (AREA)
  • Strategic Management (AREA)
  • Physics & Mathematics (AREA)
  • Finance (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Biomedical Technology (AREA)
  • General Health & Medical Sciences (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

The invention provides a digital identity verification method and a system based on a blockchain, comprising the following steps: acquiring an identity authentication request submitted by a user during transaction, digitally signing the identity authentication request based on a random number generated by a blockchain, and then sending the digital signature to an identity authentication node in the blockchain; invoking an execution contract based on the identity verification node, decrypting the digital signature based on the execution contract to obtain an identity verification certificate, and mapping and comparing the identity verification certificate with registered digital identity information in a blockchain to obtain a digital identity verification result; and feeding back the digital identity verification result to the transaction terminal, and recording and retaining the full-flow parameter of the identity verification in a recording node in the blockchain based on the feedback result. The decentralization of digital identity verification is guaranteed, and during the identity verification, the disclosure and transparency of the digital identity verification result are guaranteed, and the safety and reliability of user identity information are improved.

Description

Digital identity verification method and system based on block chain
Technical Field
The invention relates to the technical field of data processing and data transmission, in particular to a digital identity verification method and system based on a block chain.
Background
With the continuous development of technology, more and more fields relate to digital activities, such as transaction activities and the like, wherein the digital activities are based on digital identities of users, and effective verification of the digital identities is the guarantee of each item of data activity;
at present, when digital identity verification is performed, the traditional identity verification usually depends on a centralized or third-party trust mechanism, such as a bank and the like, when the identity verification is performed, the identity verification information needs to be transmitted to the centralized or third-party trust mechanism for verification, so that the digital identity verification is not public and transparent, and has the phenomenon of falsification or counterfeiting;
therefore, in order to overcome the above-mentioned drawbacks, the present invention provides a digital authentication method and system based on blockchain.
Disclosure of Invention
The invention provides a digital identity verification method and a digital identity verification system based on a blockchain, which are used for acquiring an identity authentication request submitted by a user during transaction, carrying out an identity verification operation through an identity verification node in the blockchain, guaranteeing the decentralization of digital identity verification, and carrying out mapping comparison on an identity verification certificate and registered digital identity information in the blockchain by executing contracts during the identity verification, so that the accuracy of the digital identity verification is improved, and finally, recording a digital identity verification result in the blockchain, guaranteeing the disclosure and transparency of the digital identity verification result and improving the safety and reliability of the user identity information.
The invention provides a digital identity verification method based on a block chain, which comprises the following steps:
step 1: acquiring an identity authentication request submitted by a user during transaction, digitally signing the identity authentication request based on a random number generated by a blockchain, and then sending the digital signature to an identity authentication node in the blockchain;
step 2: invoking an execution contract based on the identity verification node, decrypting the digital signature based on the execution contract to obtain an identity verification certificate, and mapping and comparing the identity verification certificate with registered digital identity information in a blockchain to obtain a digital identity verification result;
step 3: and feeding back the digital identity verification result to the transaction terminal, and recording and retaining the full-flow parameter of the identity verification in a recording node in the blockchain based on the feedback result.
Preferably, in step 1, before acquiring an identity authentication request submitted by a user during a transaction, the method comprises the following steps:
receiving a registration request submitted by a user based on a blockchain, and distributing an information storage node for the user in the blockchain based on the registration request;
analyzing the registration request, extracting basic identity information submitted by a user according to a preset identity information extraction index based on an analysis result, and carrying out format conversion on the basic identity information based on the format requirement of the blockchain on the data to obtain the digital identity of the user;
Splitting the digital identity based on the identity parameter type contained in the basic identity information to obtain sub-digital identities, setting an index mark for each sub-digital identity based on a splitting result, and associating the sub-digital identities of the same user based on the index mark;
storing the associated sub-digital identities in information storage nodes, wherein each user corresponds to one information storage node.
Preferably, in step 1, an authentication request submitted by a user during a transaction is obtained, which includes:
acquiring real-time operation data of a user at a transaction terminal, and analyzing the real-time operation data to obtain operation behavior characteristics of the user at different moments in the transaction terminal;
obtaining resource interaction types of users at different moments based on the operation behavior characteristics, matching the resource interaction types with a preset identity verification reference table, and determining whether the current operation behavior of the users needs identity verification or not based on a matching result;
when the resource interaction type is matched with the preset identity verification reference table, the identity verification is judged to be required, and an identity verification request is generated according to login information of a user on the transaction terminal and the resource interaction type based on a preset request generation rule.
Preferably, in step 1, after performing digital signature on an authentication request based on a random number generated by a blockchain, the digital signature is sent to an authentication node in the blockchain, which includes:
acquiring an acquired identity authentication request, triggering a blockchain based on the identity authentication request, and generating a random number in the blockchain based on a triggering result;
generating an identity authentication key by taking the random number as a key parameter based on a preset encryption strategy, and storing the identity authentication key in a blockchain;
analyzing the obtained identity authentication request, extracting target abstract information and user identification of data to be signed in the identity authentication request based on an analysis result, and determining signature components of the data to be signed in the identity authentication request based on target semantics of the target abstract information, wherein the signature components are at least one type;
extracting component characteristics of each signature component, determining a signature strategy for each signature component based on the component characteristics, and invoking a stored identity authentication key to digitally sign each signature component based on the signature strategy;
and packaging the digital signed identity authentication request, marking the packaged digital signed identity authentication request based on the user identification to obtain the identity information to be verified, and transmitting the identity information to be verified to an identity verification node in the blockchain based on a preset transmission protocol.
Preferably, in step 2, an executing contract is called based on an authentication node, and a digital signature is decrypted based on the executing contract to obtain an authentication certificate, and the authentication certificate is mapped and compared with registered digital identity information in a blockchain to obtain a digital authentication result, which comprises the following steps:
analyzing the received identity authentication request based on the identity authentication node, determining an identity item identifier to be authenticated contained in the identity authentication request, accessing a database server based on the identity item identifier to be authenticated to obtain an identity information type corresponding to the identity item identifier to be authenticated, and generating a contract invoking token based on the identity information type;
calling a corresponding execution contract from a preset contract channel based on a contract calling token, extracting contract attribute of the execution contract, calling a target format conversion rule from a preset contract conversion rule base based on the contract attribute, analyzing the execution contract, determining contract language characteristics of contract language in the execution contract, screening the contract language based on the contract language characteristics, and obtaining a target execution contract language based on a screening result;
Compiling and packaging a target execution contract language based on a target conversion rule, converting the target execution contract language into an execution strategy, butting the execution strategy with corresponding identity items to be verified, and decrypting digital signatures of the identity items to be verified in parallel according to the execution strategy based on a butting result to obtain sub-identity verification certificates;
summarizing all sub-identity verification certificates to obtain the identity verification certificates of the users, simultaneously, retrieving the registered digital identity information in the blockchain, carrying out the same type project mapping on the identity verification certificates and the registered digital identity information, and obtaining the association relation between the identity verification certificates and the registered digital identity information based on the mapping result;
respectively extracting a first identity characteristic vector and a second identity characteristic vector of the identity verification certificate and the registered digital identity information based on the association relation, and determining an included angle cosine value of the first identity characteristic vector and the second identity characteristic vector based on an included angle cosine criterion;
and determining the similarity between the identity verification certificate and the registered digital identity information based on the cosine value of the included angle, and obtaining a digital identity verification result based on the similarity.
Preferably, a blockchain-based digital identity verification method decrypts digital signatures of identity items to be verified in parallel according to an execution strategy based on a docking result, and the method comprises the following steps:
Acquiring an execution strategy corresponding to each identity item to be verified, analyzing the digital signature of the corresponding identity item to be verified based on the execution strategy, and determining an encryption mode of the identity item to be verified in the blockchain based on random numbers based on an analysis result;
determining key characteristics based on an encryption mode, and matching corresponding target key files from a preset key file library based on the key characteristics;
and decrypting the digital signature of the corresponding identity item to be verified based on the target key file to obtain a sub-identity verification certificate corresponding to the digital signature of the identity item to be verified.
Preferably, a blockchain-based digital authentication method obtains a digital authentication result based on similarity, including:
obtaining the similarity between the obtained identity verification certificate and the registered digital identity information, and comparing the similarity with a preset similarity threshold;
if the similarity is greater than or equal to a preset similarity threshold, determining that the digital identity verification result of the user is passed;
if the similarity is smaller than a preset similarity threshold, the digital identity verification result of the user is judged to be failed.
Preferably, in step 3, a digital authentication result is fed back to a transaction terminal, including:
Obtaining a digital identity verification result, determining a result label corresponding to the digital identity verification result based on the result type of the digital identity verification result, and marking the digital identity verification result for the first time based on the result label to obtain a digital identity verification result to be authorized;
determining an authorization type corresponding to the digital identity verification result based on the first marking result, calling an authorization type identifier based on the authorization type and the current access operation characteristic of the user, and marking the digital identity verification result to be authorized for a second time based on the authorization type identifier, wherein the authorization type comprises authorization and rejection;
invoking a target authorization file from a preset authorization file library based on the authorization type identifier, and carrying out association encapsulation on the target authorization file and a second marked digital identity verification result to obtain a data packet to be fed back;
and carrying out uplink communication authorization on the wireless transmission link, feeding back the data packet to be fed back to the transaction terminal based on the wireless transmission link based on the uplink communication authorization result, and displaying the digital identity verification result and the authorization result based on the transaction terminal.
Preferably, in step 3, recording and retaining the full-process authentication parameters in a recording node in the blockchain based on a feedback result, the method comprises the following steps:
Acquiring a feedback process of the digital identity verification result, and when the digital identity verification result is fed back to the transaction terminal, invoking the identity verification full-flow parameters of the identity verification request submitted by the user;
analyzing the full-flow parameters of the identity verification, determining the data characteristics of the full-flow parameters of the identity verification, traversing the record nodes in the blockchain based on the data characteristics, and determining target record nodes based on the traversing result;
recording and retaining the authentication full-flow parameters in a target recording node, generating access indexes of the authentication full-flow parameters based on recording and retaining results, and recording and retaining the access indexes in a preset access index directory in a blockchain.
The invention provides a digital identity verification system based on a block chain, which comprises the following steps:
the request sending module is used for acquiring an identity authentication request submitted by a user during transaction, digitally signing the identity authentication request based on a random number generated by the blockchain and then sending the digital signature to an identity authentication node in the blockchain;
the identity verification module is used for retrieving the execution contract based on the identity verification node, decrypting the digital signature based on the execution contract to obtain an identity verification certificate, and carrying out mapping comparison on the identity verification certificate and the registered digital identity information in the blockchain to obtain a digital identity verification result;
And the data recording module is used for feeding back the digital identity verification result to the transaction terminal, and recording and retaining the whole-process parameter of the identity verification in a recording node in the block chain based on the feedback result.
Compared with the prior art, the invention has the following beneficial effects:
1. the digital identity authentication method has the advantages that the identity authentication request submitted by a user during transaction is acquired, the identity authentication operation is carried out through the identity authentication nodes in the blockchain, the decentralization of digital identity authentication is guaranteed, and during the identity authentication, the digital identity authentication accuracy is improved by carrying out contract mapping comparison on the identity authentication credentials and the registered digital identity information in the blockchain, finally, the digital identity authentication result is recorded in the blockchain, the disclosure and transparency of the digital identity authentication result are guaranteed, and the safety and the reliability of the user identity information are improved.
2. The identity authentication node analyzes the obtained identity authentication request, so that the identity items to be authenticated contained in the identity authentication request are accurately and effectively determined, corresponding execution contracts are called from a preset contract channel according to the identity items to be authenticated, then contract languages in the execution contracts are converted into execution strategies, decryption of the identity items to be authenticated according to the execution strategies is realized, accurate and effective acquisition of sub-identity authentication credentials of a user is realized, finally, the obtained sub-identity authentication credentials are summarized, similar item mapping comparison is carried out on the obtained identity authentication credentials and registered digital identity information in a blockchain, accurate and effective determination of similarity between the identity authentication credentials and the registered digital identity information according to comparison results is realized, accurate and effective authentication of digital identity information of the user according to the similarity is realized, disclosure and transparency of the digital identity authentication results are ensured, and safety and reliability of the identity information of the user are improved.
Additional features and advantages of the invention will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by practice of the invention. The objectives and other advantages of the invention will be realized and attained by the structure particularly pointed out in the written description and claims thereof as well as the appended drawings.
The technical scheme of the invention is further described in detail through the drawings and the embodiments.
Drawings
The accompanying drawings are included to provide a further understanding of the invention and are incorporated in and constitute a part of this specification, illustrate the invention and together with the embodiments of the invention, serve to explain the invention. In the drawings:
FIG. 1 is a flow chart of a blockchain-based digital authentication method in an embodiment of the invention;
FIG. 2 is a flowchart of step 1 of a blockchain-based digital authentication method according to an embodiment of the present invention;
FIG. 3 is a block chain based digital authentication system in accordance with an embodiment of the present invention.
Detailed Description
The preferred embodiments of the present invention will be described below with reference to the accompanying drawings, it being understood that the preferred embodiments described herein are for illustration and explanation of the present invention only, and are not intended to limit the present invention.
Example 1:
the present embodiment provides a blockchain-based digital authentication method, as shown in fig. 1, including:
step 1: acquiring an identity authentication request submitted by a user during transaction, digitally signing the identity authentication request based on a random number generated by a blockchain, and then sending the digital signature to an identity authentication node in the blockchain;
step 2: invoking an execution contract based on the identity verification node, decrypting the digital signature based on the execution contract to obtain an identity verification certificate, and mapping and comparing the identity verification certificate with registered digital identity information in a blockchain to obtain a digital identity verification result;
step 3: and feeding back the digital identity verification result to the transaction terminal, and recording and retaining the full-flow parameter of the identity verification in a recording node in the blockchain based on the feedback result.
In this embodiment, the identity authentication request is submitted to the blockchain by the user when the user performs a transaction in the transaction terminal, and is used for verifying the identity information of the user, so that the user can perform corresponding transaction operations conveniently, for example, when performing transaction payment, the identity information such as the name of the user can be verified, so that the user can perform corresponding payment operations conveniently.
In this embodiment, the random number is a blockchain randomly generated number for generating a corresponding key according to a key generation rule, so as to encrypt an authentication request submitted by a user, so as to ensure that authentication information submitted by the user is not compromised
In this embodiment, the digital signature refers to signing, i.e. encrypting, the authentication request submitted by the user by means of a random number generated by the blockchain, and the purpose of the digital signature is to ensure the uniqueness of the authentication request, thereby ensuring the security of the user information.
In this embodiment, the authentication node is a window for performing authentication in the blockchain, and is configured in advance in the blockchain.
In this embodiment, the execution contract refers to a rule and an algorithm for decrypting after receiving the digital signature of the authentication request by the authentication node in the blockchain, and different encryption policies correspond to different execution contracts.
In this embodiment, the authentication credential refers to a data parameter that can characterize the identity of the user, including the user's real name, obtained by decrypting the digital signature by executing the contract.
In this embodiment, the registration digital identity information refers to digital information that is retained by the user when registering in the blockchain and that characterizes the identity parameters.
In this embodiment, mapping comparison refers to one-to-one comparison of the authentication credentials with the data segments contained in the registered digital identity information, so as to achieve effective authentication of the user identity information.
In this embodiment, the digital authentication result refers to an authentication result of the user identity information obtained by mapping and comparing the authentication credential with the registered digital identity information in the blockchain, and the authentication result includes two cases that the authentication is passed and the authentication is not passed.
In this embodiment, the transaction terminal refers to a main body of a user when performing a transaction, for example, a POS machine, a cash register, and the like.
In this embodiment, the authentication full-flow parameters refer to specific authentication parameters corresponding to all authentication steps corresponding to authentication of an authentication request submitted by a user, such as name authentication, age authentication, and gender authentication.
In this embodiment, the recording node refers to a storage area in the blockchain that can record data and store data, and is set in advance in the blockchain.
The beneficial effects of the technical scheme are as follows: the digital identity authentication method has the advantages that the identity authentication request submitted by a user during transaction is acquired, the identity authentication operation is carried out through the identity authentication nodes in the blockchain, the decentralization of digital identity authentication is guaranteed, and during the identity authentication, the digital identity authentication accuracy is improved by carrying out contract mapping comparison on the identity authentication credentials and the registered digital identity information in the blockchain, finally, the digital identity authentication result is recorded in the blockchain, the disclosure and transparency of the digital identity authentication result are guaranteed, and the safety and the reliability of the user identity information are improved.
Example 2:
on the basis of embodiment 1, the present embodiment provides a digital authentication method based on blockchain, in step 1, before acquiring an authentication request submitted by a user during a transaction, the method includes:
receiving a registration request submitted by a user based on a blockchain, and distributing an information storage node for the user in the blockchain based on the registration request;
analyzing the registration request, extracting basic identity information submitted by a user according to a preset identity information extraction index based on an analysis result, and carrying out format conversion on the basic identity information based on the format requirement of the blockchain on the data to obtain the digital identity of the user;
splitting the digital identity based on the identity parameter type contained in the basic identity information to obtain sub-digital identities, setting an index mark for each sub-digital identity based on a splitting result, and associating the sub-digital identities of the same user based on the index mark;
storing the associated sub-digital identities in information storage nodes, wherein each user corresponds to one information storage node.
In this embodiment, the registration request is identity registration information submitted by the user in the blockchain, and is used to request to store corresponding digital identity information in the blockchain, so that the user can effectively verify the identity of the currently submitted identity verification request when the user performs a transaction.
In this embodiment, the information storage node is set in advance in the blockchain, and is configured to store standard identity information submitted during registration of different users, where the standard identity information is a data parameter that is verified by the user and can characterize the user identity information.
In this embodiment, the preset identity information extraction index is set in advance, and is used for representing the basis for extracting relevant identity information from the registration request submitted by the user, for example, the preset identity information extraction index can be an identity information extraction index related to name and an identity information extraction index related to age and gender.
In this embodiment, the basic identity information refers to related data parameters capable of characterizing the identity of the user, including name, gender, age, and the like.
In this embodiment, the format requirements of the blockchain on the data are known in advance, characterizing the data format that the data needs to present when stored in the blockchain.
In this embodiment, the digital identity refers to data that can be stored in the blockchain after the basic identity information of the user is subjected to data format conversion, for example, text content can be converted into binary data, and the like.
In this embodiment, the identity parameter type refers to a plurality of different item information capable of characterizing the identity of the user, including a name and an age, which are respectively one identity parameter type, included in the basic identity information.
In this embodiment, the sub-digital identities refer to digital identity fragments obtained by splitting digital identities according to identity parameter types, where each sub-digital identity corresponds to one identity parameter type.
In this embodiment, the index identifier refers to a marking symbol capable of characterizing the category of digital identity information of the user, so that it is convenient to correlate all sub-digital identity information of the same user, and also convenient to improve verification efficiency when performing digital identity verification.
The beneficial effects of the technical scheme are as follows: the method comprises the steps of analyzing a registration request submitted by a user, effectively extracting basic identity information of the user, carrying out format conversion on the basic identity information according to the format requirement of the blockchain on data, effectively determining digital identity information of the user, and finally, effectively storing the digital identity in the blockchain after splitting the digital identity according to the identity parameter type contained in the basic identity information, thereby providing traversal and guarantee for digital identity verification.
Example 3:
on the basis of embodiment 1, this embodiment provides a digital authentication method based on blockchain, as shown in fig. 2, in step 1, an authentication request submitted by a user during a transaction is obtained, including:
Step 101: acquiring real-time operation data of a user at a transaction terminal, and analyzing the real-time operation data to obtain operation behavior characteristics of the user at different moments in the transaction terminal;
step 102: obtaining resource interaction types of users at different moments based on the operation behavior characteristics, matching the resource interaction types with a preset identity verification reference table, and determining whether the current operation behavior of the users needs identity verification or not based on a matching result;
step 103: when the resource interaction type is matched with the preset identity verification reference table, the identity verification is judged to be required, and an identity verification request is generated according to login information of a user on the transaction terminal and the resource interaction type based on a preset request generation rule.
In this embodiment, the real-time operation data refers to operation parameters of operation actions performed in real time when the user performs a transaction operation in the transaction terminal, including a payment operation or a face brushing operation, etc.
In this embodiment, the operation behavior features refer to operation features corresponding to the user when performing real-time operation, including types of operations (such as click payment and code scanning payment), and are reference bases for determining whether the user needs to perform an identity authentication request.
In this embodiment, the resource interaction type refers to a transaction behavior type currently performed by the user in the transaction terminal, including ongoing payment resource interaction or commodity addition interaction, and the like.
In this embodiment, the preset authentication reference table is set in advance, and is used for recording all resource interaction types that need to be authenticated.
In this embodiment, the preset request generation rule is set in advance, and is used to generate an identity authentication request according to the current resource interaction type of the user and the login identity of the user.
The beneficial effects of the technical scheme are as follows: the method comprises the steps of analyzing real-time operation data of a user on a transaction terminal, accurately and effectively acquiring operation behavior characteristics of the user, accurately and effectively determining the resource interaction type of the user according to the operation behavior characteristics, matching the resource interaction type with a preset identity verification reference table, accurately and effectively judging whether the user needs identity verification according to a matching result, and finally accurately and reliably generating an identity verification request according to login information of the user and the resource interaction type when the user needs identity verification, so that the identity verification request of the user is conveniently and timely analyzed by a blockchain, the accuracy of digital identity verification is improved, and the safety of the identity information of the user is also improved.
Example 4:
on the basis of embodiment 1, the present embodiment provides a digital authentication method based on a blockchain, in step 1, after performing digital signature on an authentication request based on a random number generated by the blockchain, the method includes:
acquiring an acquired identity authentication request, triggering a blockchain based on the identity authentication request, and generating a random number in the blockchain based on a triggering result;
generating an identity authentication key by taking the random number as a key parameter based on a preset encryption strategy, and storing the identity authentication key in a blockchain;
analyzing the obtained identity authentication request, extracting target abstract information and user identification of data to be signed in the identity authentication request based on an analysis result, and determining signature components of the data to be signed in the identity authentication request based on target semantics of the target abstract information, wherein the signature components are at least one type;
extracting component characteristics of each signature component, determining a signature strategy for each signature component based on the component characteristics, and invoking a stored identity authentication key to digitally sign each signature component based on the signature strategy;
and packaging the digital signed identity authentication request, marking the packaged digital signed identity authentication request based on the user identification to obtain the identity information to be verified, and transmitting the identity information to be verified to an identity verification node in the blockchain based on a preset transmission protocol.
In this embodiment, triggering the blockchain based on the identity authentication request refers to timely sending a corresponding triggering instruction to the blockchain when the identity authentication request is monitored, wherein the triggering instruction is used for indicating the blockchain to timely generate a random number required by a digital signature.
In this embodiment, the preset encryption policy is set in advance, and is a mode or rule for converting the random number generated by the blockchain into an identity authentication key, where the identity authentication key is a basis for digitally signing an identity authentication request submitted by a user, that is, an encryption key.
In this embodiment, the data to be signed refers to the data to be encrypted in the authentication request, including the name, the personal feature, the age, and the like of the user.
In this embodiment, the target digest information refers to a summarized data segment capable of characterizing the subject matter content of the data to be signed.
In this embodiment, the user identifier refers to a mark symbol that can distinguish different users, where the user identifiers corresponding to the different users are different.
In this embodiment, the target semantics refer to specific data content characterized by the target summary information.
In this embodiment, the signature component refers to the kind of data to be digitally signed, including name information, transaction password information, and the like, included in the data to be signed.
In this embodiment, the component features refer to features that can characterize different signature components, including data types, value ranges of data, and the like.
In this embodiment, the signature policy refers to a manner or scheme of digitally signing different signature components, where different signature policies corresponding to different signature components exist, including a location where a signature may be made and a level of the signature.
In this embodiment, the identity information to be verified refers to data that is digitally signed with different signature components in the identity verification request and can be directly transmitted to the identity verification node for digital identity verification after user identification marking.
The beneficial effects of the technical scheme are as follows: the method comprises the steps of generating corresponding random numbers through a block chain in time when an identity authentication request submitted by a user is monitored, so that the corresponding digital signature operation is conveniently carried out on the identity authentication request through the random numbers, converting the random numbers into identity authentication keys according to a preset encryption strategy, simultaneously analyzing the identity authentication request, determining data to be signed, which need to be digitally signed, to accurately and reliably sign the data to be signed through the identity authentication keys, and finally, marking the identity authentication request after the digital signature through a user identifier, thereby realizing safe and reliable transmission of the identity authentication request to an identity authentication node, guaranteeing the reliability of the identity authentication request transmission submitted by the user, improving the accuracy of the identity authentication node in analyzing the identity authentication request, and guaranteeing the safety and reliability of the identity information of the user.
Example 5:
on the basis of embodiment 1, the present embodiment provides a digital authentication method based on blockchain, in step 2, invoking an execution contract based on an authentication node, decrypting a digital signature based on the execution contract to obtain an authentication credential, and mapping and comparing the authentication credential with registered digital identity information in blockchain to obtain a digital authentication result, including:
analyzing the received identity authentication request based on the identity authentication node, determining an identity item identifier to be authenticated contained in the identity authentication request, accessing a database server based on the identity item identifier to be authenticated to obtain an identity information type corresponding to the identity item identifier to be authenticated, and generating a contract invoking token based on the identity information type;
calling a corresponding execution contract from a preset contract channel based on a contract calling token, extracting contract attribute of the execution contract, calling a target format conversion rule from a preset contract conversion rule base based on the contract attribute, analyzing the execution contract, determining contract language characteristics of contract language in the execution contract, screening the contract language based on the contract language characteristics, and obtaining a target execution contract language based on a screening result;
Compiling and packaging a target execution contract language based on a target conversion rule, converting the target execution contract language into an execution strategy, butting the execution strategy with corresponding identity items to be verified, and decrypting digital signatures of the identity items to be verified in parallel according to the execution strategy based on a butting result to obtain sub-identity verification certificates;
summarizing all sub-identity verification certificates to obtain the identity verification certificates of the users, simultaneously, retrieving the registered digital identity information in the blockchain, carrying out the same type project mapping on the identity verification certificates and the registered digital identity information, and obtaining the association relation between the identity verification certificates and the registered digital identity information based on the mapping result;
respectively extracting a first identity characteristic vector and a second identity characteristic vector of the identity verification certificate and the registered digital identity information based on the association relation, and determining an included angle cosine value of the first identity characteristic vector and the second identity characteristic vector based on an included angle cosine criterion;
and determining the similarity between the identity verification certificate and the registered digital identity information based on the cosine value of the included angle, and obtaining a digital identity verification result based on the similarity.
In this embodiment, the identity item identifier to be verified refers to a tag symbol capable of characterizing the type of identity verification required, including a tag symbol corresponding to name information, a tag symbol corresponding to age, and the like.
In this embodiment, the database server is set in advance, and is configured to record identity information types corresponding to different identity item identifiers to be verified, where the identity information types are identity types corresponding to different identity data, such as names, ages, and the like, and each identity information type is one identity information type.
In this embodiment, a contract invoking token is generated according to the identity information type, and is used to invoke a corresponding execution contract, and one kind of invoking token may invoke one kind of execution contract.
In this embodiment, the preset contract channel is set in advance, and is used to store the available execution contracts, that is, to store the spatial area of the execution contracts.
In this embodiment, the contract attribute refers to the kind of data included in the execution contract, the manner in which the execution contract is required to take when executing the contract content, and the like.
In this embodiment, the preset contract conversion rule base is set in advance, and is used to store format conversion rules corresponding to different types of execution contracts.
In this embodiment, the target format conversion rule refers to a conversion rule applicable to an execution contract of a current contract attribute, and is one of preset contract conversion rule libraries, and is used for converting a contract language into an execution language capable of performing execution identity verification, including an execution code and the like, where the contract language is a data content recorded in the execution contract, and may specifically be a binary number and the like.
In this embodiment, the contract language features refer to the number and type of contract languages in the execution contract, the value size condition corresponding to each contract language, and the like, where the type includes whether the execution action language is an invalid definition language or not.
In this embodiment, the target execution contract language refers to data in the contract language capable of performing a specific authentication operation on the authentication request and data defining a specific authentication step.
In this embodiment, the execution policy refers to a scheme and execution steps that enable the authentication operation to be actually performed after format conversion of the target execution contract language.
In this embodiment, the identity item to be verified refers to a data parameter for which identity verification is required.
In this embodiment, the sub-identity verification credential refers to a data parameter representing identity information submitted by a user after decrypting different identity information to be verified by executing a contract.
In this embodiment, the same type of item mapping refers to comparing the authentication credentials with the same type of identity information in the registered digital identity information, including comparing name information in the obtained authentication credentials with digital name information in the registered digital identity information.
In this embodiment, the first identity vector refers to a value that can characterize data in the authentication credential that is related to the user identity information.
In this embodiment, the second identity feature vector refers to a value that can characterize the data in the registered digital identity information that is related to the user identity information.
In this embodiment, the cosine value of the included angle is calculated byWherein->Representing a first identity vector,/->Representing a second identity feature vector.
In this embodiment, determining the similarity between the authentication credential and the registered digital identity information based on the included angle cosine value means that the range of the included angle cosine value is [ -1,1]And the value range of the included angle is 0,]the closer the cosine value of the included angle is to 1, the higher the similarity of the cosine value and the cosine value is.
The beneficial effects of the technical scheme are as follows: the identity authentication node analyzes the obtained identity authentication request, so that the identity items to be authenticated contained in the identity authentication request are accurately and effectively determined, corresponding execution contracts are called from a preset contract channel according to the identity items to be authenticated, then contract languages in the execution contracts are converted into execution strategies, decryption of the identity items to be authenticated according to the execution strategies is realized, accurate and effective acquisition of sub-identity authentication credentials of a user is realized, finally, the obtained sub-identity authentication credentials are summarized, similar item mapping comparison is carried out on the obtained identity authentication credentials and registered digital identity information in a blockchain, accurate and effective determination of similarity between the identity authentication credentials and the registered digital identity information according to comparison results is realized, accurate and effective authentication of digital identity information of the user according to the similarity is realized, disclosure and transparency of the digital identity authentication results are ensured, and safety and reliability of the identity information of the user are improved.
Example 6:
on the basis of embodiment 5, the present embodiment provides a blockchain-based digital identity verification method, which decrypts digital signatures of identity items to be verified in parallel according to an execution policy based on a docking result, including:
acquiring an execution strategy corresponding to each identity item to be verified, analyzing the digital signature of the corresponding identity item to be verified based on the execution strategy, and determining an encryption mode of the identity item to be verified in the blockchain based on random numbers based on an analysis result;
determining key characteristics based on an encryption mode, and matching corresponding target key files from a preset key file library based on the key characteristics;
and decrypting the digital signature of the corresponding identity item to be verified based on the target key file to obtain a sub-identity verification certificate corresponding to the digital signature of the identity item to be verified.
In this embodiment, the encryption method based on the random number is known as a method of digitally signing the authentication request by the random number generated by the blockchain.
In this embodiment, the key characteristics are determined according to the encryption mode, and the characteristics are the identity of the key, the kind of the key, and the like.
In this embodiment, the preset key file library is set in advance, and is used for storing all key files, where the target key file is one of the preset key file libraries, and is a key suitable for decrypting the current digital signature.
The beneficial effects of the technical scheme are as follows: the digital signature of the identity item to be verified is analyzed through the execution strategy corresponding to each identity item to be verified, the accurate and effective determination of the encryption modes of different identity items to be verified is realized, the target key file is matched from the preset key file library through the encryption mode, the accurate and effective decryption of the digital signature of the identity item to be verified through the target key file is realized, the accurate and reliable acquisition of the corresponding sub-identity verification certificate is realized, the basis is provided for the digital identity verification of a user, and the accuracy and the reliability of the digital identity verification are ensured.
Example 7:
on the basis of embodiment 5, the present embodiment provides a blockchain-based digital authentication method, which obtains a digital authentication result based on similarity, including:
obtaining the similarity between the obtained identity verification certificate and the registered digital identity information, and comparing the similarity with a preset similarity threshold;
if the similarity is greater than or equal to a preset similarity threshold, determining that the digital identity verification result of the user is passed;
if the similarity is smaller than a preset similarity threshold, the digital identity verification result of the user is judged to be failed.
In this embodiment, the preset similarity is set in advance, and is used to measure whether the similarity between the authentication credential and the registered digital identity information meets the minimum standard of the authentication requirement, and can be adjusted.
The beneficial effects of the technical scheme are as follows: and comparing the similarity of the identity verification credentials and the registered digital identity information with a preset similarity threshold value, so that whether the digital identity verification result is strictly and effectively judged is realized, and the accuracy and the reliability of the identity verification are improved.
Example 8:
on the basis of embodiment 1, the present embodiment provides a digital authentication method based on blockchain, in step 3, the digital authentication result is fed back to the transaction terminal, including:
obtaining a digital identity verification result, determining a result label corresponding to the digital identity verification result based on the result type of the digital identity verification result, and marking the digital identity verification result for the first time based on the result label to obtain a digital identity verification result to be authorized;
determining an authorization type corresponding to the digital identity verification result based on the first marking result, calling an authorization type identifier based on the authorization type and the current access operation characteristic of the user, and marking the digital identity verification result to be authorized for a second time based on the authorization type identifier, wherein the authorization type comprises authorization and rejection;
Invoking a target authorization file from a preset authorization file library based on the authorization type identifier, and carrying out association encapsulation on the target authorization file and a second marked digital identity verification result to obtain a data packet to be fed back;
and carrying out uplink communication authorization on the wireless transmission link, feeding back the data packet to be fed back to the transaction terminal based on the wireless transmission link based on the uplink communication authorization result, and displaying the digital identity verification result and the authorization result based on the transaction terminal.
In this embodiment, the result types include two types, one for passing authentication and one for failing authentication.
In this embodiment, the result tag is a marking symbol for marking the result type of the digital authentication result, and the result tags corresponding to different result types are different.
In this embodiment, the first marking refers to marking the digital authentication result through the result tag, so that the user and the background management terminal can distinguish the digital authentication result quickly and effectively.
In this embodiment, the digital authentication result to be authorized is data information that needs to be correspondingly authorized after the digital authentication result is marked by the result tag.
In this embodiment, the authorization type is determined according to the result type of the digital identity verification result, including two types of authorization and rejection, where determining the authorization type corresponding to the digital identity verification result based on the first marking result refers to determining that the authorization type is authorization when the first marking result is that the identity verification passes, and otherwise rejecting.
In this embodiment, the access operation feature refers to a subject of the user's current access operation, i.e., an object or the like that needs to be accessed.
In this embodiment, the authorization type identifier is a tag for marking different authorization types, and the authorization type identifiers corresponding to the different authorization types are different.
In this embodiment, the second marking refers to marking the digital authentication result to be authorized with the authorization type identifier, so as to facilitate determining the authorization result from the digital authentication result to be authorized.
In this embodiment, the preset authorization file library is set in advance, and is used for storing different authorization files, where the target authorization file is one of them, and the target authorization file is used for representing a specific authorization range.
In this embodiment, the data packet to be fed back refers to data that can be directly fed back to the transaction terminal, where the data packet is obtained by performing association encapsulation on the target authorization file and the digital authentication result after the second mark.
In this embodiment, the uplink communication authorization refers to authorizing a data transmission direction of the wireless communication link, so as to upload the data packet to be fed back to the transaction terminal.
The beneficial effects of the technical scheme are as follows: the method comprises the steps of analyzing the obtained digital identity verification result, accurately and effectively determining the result type of the digital identity verification result, calling a corresponding result label through the result type, calling a corresponding authorization type identifier according to the result label, performing secondary marking on the digital identity verification result through the result label and the authorization type identifier, finally, carrying out association packaging on the marked digital identity verification result and a corresponding target authorization file to obtain a data packet to be fed back, transmitting the data packet to be fed back to a transaction terminal through a wireless transmission link, displaying the identity verification result and the authorization result to a user through the transaction terminal, and improving the accuracy and reliability of user identity verification.
Example 9:
on the basis of embodiment 1, the present embodiment provides a digital authentication method based on a blockchain, in step 3, recording and retaining the authentication full-flow parameter in a recording node in the blockchain based on a feedback result, including:
Acquiring a feedback process of the digital identity verification result, and when the digital identity verification result is fed back to the transaction terminal, invoking the identity verification full-flow parameters of the identity verification request submitted by the user;
analyzing the full-flow parameters of the identity verification, determining the data characteristics of the full-flow parameters of the identity verification, traversing the record nodes in the blockchain based on the data characteristics, and determining target record nodes based on the traversing result;
recording and retaining the authentication full-flow parameters in a target recording node, generating access indexes of the authentication full-flow parameters based on recording and retaining results, and recording and retaining the access indexes in a preset access index directory in a blockchain.
In this embodiment, the data features refer to the data amount of the authentication whole-flow parameter and the included data category, including the authentication flow parameter corresponding to the name information and the authentication flow parameter corresponding to the age.
In this embodiment, the recording node is set in advance in the blockchain, and is a space region for recording the authentication full-flow parameters.
In this embodiment, the target recording node refers to a recording node adapted to record the current authentication full-flow parameters.
In this embodiment, the access index is a reference basis for enabling quick positioning when accessing the authentication full-flow parameters in the blockchain.
In this embodiment, the preset access index directory is set in advance, and is used to record access indexes of different authentication full-flow parameters, so as to provide a reference basis when the authentication full-flow parameters are called.
The beneficial effects of the technical scheme are as follows: by determining the feedback process of the digital identity verification result, the recording and the retaining of the whole-process parameters of the identity verification in corresponding recording nodes in the blockchain are realized in time after the feedback is finished, the disclosure and the transparency of the digital identity verification result are ensured, and the safety and the reliability of the user identity information are improved.
Example 10:
the present embodiment provides a blockchain-based digital authentication system, as shown in fig. 3, including:
the request sending module is used for acquiring an identity authentication request submitted by a user during transaction, digitally signing the identity authentication request based on a random number generated by the blockchain and then sending the digital signature to an identity authentication node in the blockchain;
the identity verification module is used for retrieving the execution contract based on the identity verification node, decrypting the digital signature based on the execution contract to obtain an identity verification certificate, and carrying out mapping comparison on the identity verification certificate and the registered digital identity information in the blockchain to obtain a digital identity verification result;
And the data recording module is used for feeding back the digital identity verification result to the transaction terminal, and recording and retaining the whole-process parameter of the identity verification in a recording node in the block chain based on the feedback result.
The beneficial effects of the technical scheme are as follows: the digital identity authentication method has the advantages that the identity authentication request submitted by a user during transaction is acquired, the identity authentication operation is carried out through the identity authentication nodes in the blockchain, the decentralization of digital identity authentication is guaranteed, and during the identity authentication, the digital identity authentication accuracy is improved by carrying out contract mapping comparison on the identity authentication credentials and the registered digital identity information in the blockchain, finally, the digital identity authentication result is recorded in the blockchain, the disclosure and transparency of the digital identity authentication result are guaranteed, and the safety and the reliability of the user identity information are improved.
It will be apparent to those skilled in the art that various modifications and variations can be made to the present invention without departing from the spirit or scope of the invention. Thus, it is intended that the present invention also include such modifications and alterations insofar as they come within the scope of the appended claims or the equivalents thereof.

Claims (9)

1. A blockchain-based digital authentication method, comprising:
step 1: acquiring an identity authentication request submitted by a user during transaction, digitally signing the identity authentication request based on a random number generated by a blockchain, and then sending the digital signature to an identity authentication node in the blockchain;
step 2: invoking an execution contract based on the identity verification node, decrypting the digital signature based on the execution contract to obtain an identity verification certificate, and mapping and comparing the identity verification certificate with registered digital identity information in a blockchain to obtain a digital identity verification result;
step 3: feeding back the digital identity verification result to the transaction terminal, and recording and preserving the whole-process parameter of the identity verification in a recording node in the block chain based on the feedback result;
in step 2, an executing contract is fetched based on the authentication node, the digital signature is decrypted based on the executing contract to obtain an authentication credential, and the authentication credential is mapped and compared with registered digital identity information in a blockchain to obtain a digital authentication result, which comprises the following steps:
analyzing the received identity authentication request based on the identity authentication node, determining an identity item identifier to be authenticated contained in the identity authentication request, accessing a database server based on the identity item identifier to be authenticated to obtain an identity information type corresponding to the identity item identifier to be authenticated, and generating a contract invoking token based on the identity information type;
Calling a corresponding execution contract from a preset contract channel based on a contract calling token, extracting contract attribute of the execution contract, calling a target format conversion rule from a preset contract conversion rule base based on the contract attribute, analyzing the execution contract, determining contract language characteristics of contract language in the execution contract, screening the contract language based on the contract language characteristics, and obtaining a target execution contract language based on a screening result;
compiling and packaging a target execution contract language based on a target conversion rule, converting the target execution contract language into an execution strategy, butting the execution strategy with corresponding identity items to be verified, and decrypting digital signatures of the identity items to be verified in parallel according to the execution strategy based on a butting result to obtain sub-identity verification certificates;
summarizing all sub-identity verification certificates to obtain the identity verification certificates of the users, simultaneously, retrieving the registered digital identity information in the blockchain, carrying out the same type project mapping on the identity verification certificates and the registered digital identity information, and obtaining the association relation between the identity verification certificates and the registered digital identity information based on the mapping result;
respectively extracting a first identity characteristic vector and a second identity characteristic vector of the identity verification certificate and the registered digital identity information based on the association relation, and determining an included angle cosine value of the first identity characteristic vector and the second identity characteristic vector based on an included angle cosine criterion;
And determining the similarity between the identity verification certificate and the registered digital identity information based on the cosine value of the included angle, and obtaining a digital identity verification result based on the similarity.
2. The blockchain-based digital authentication method according to claim 1, wherein before acquiring an authentication request submitted by a user at the time of a transaction in step 1, the method comprises:
receiving a registration request submitted by a user based on a blockchain, and distributing an information storage node for the user in the blockchain based on the registration request;
analyzing the registration request, extracting basic identity information submitted by a user according to a preset identity information extraction index based on an analysis result, and carrying out format conversion on the basic identity information based on the format requirement of the blockchain on the data to obtain the digital identity of the user;
splitting the digital identity based on the identity parameter type contained in the basic identity information to obtain sub-digital identities, setting an index mark for each sub-digital identity based on a splitting result, and associating the sub-digital identities of the same user based on the index mark;
storing the associated sub-digital identities in information storage nodes, wherein each user corresponds to one information storage node.
3. The blockchain-based digital authentication method of claim 1, wherein in step 1, obtaining an authentication request submitted by a user at the time of a transaction comprises:
acquiring real-time operation data of a user at a transaction terminal, and analyzing the real-time operation data to obtain operation behavior characteristics of the user at different moments in the transaction terminal;
obtaining resource interaction types of users at different moments based on the operation behavior characteristics, matching the resource interaction types with a preset identity verification reference table, and determining whether the current operation behavior of the users needs identity verification or not based on a matching result;
when the resource interaction type is matched with the preset identity verification reference table, the identity verification is judged to be required, and an identity verification request is generated according to login information of a user on the transaction terminal and the resource interaction type based on a preset request generation rule.
4. The blockchain-based digital authentication method of claim 1, wherein in step 1, the step of digitally signing the authentication request based on the random number generated by the blockchain and then sending the digital signature to the authentication node in the blockchain includes:
Acquiring an acquired identity authentication request, triggering a blockchain based on the identity authentication request, and generating a random number in the blockchain based on a triggering result;
generating an identity authentication key by taking the random number as a key parameter based on a preset encryption strategy, and storing the identity authentication key in a blockchain;
analyzing the obtained identity authentication request, extracting target abstract information and user identification of data to be signed in the identity authentication request based on an analysis result, and determining signature components of the data to be signed in the identity authentication request based on target semantics of the target abstract information, wherein the signature components are at least one type;
extracting component characteristics of each signature component, determining a signature strategy for each signature component based on the component characteristics, and invoking a stored identity authentication key to digitally sign each signature component based on the signature strategy;
and packaging the digital signed identity authentication request, marking the packaged digital signed identity authentication request based on the user identification to obtain the identity information to be verified, and transmitting the identity information to be verified to an identity verification node in the blockchain based on a preset transmission protocol.
5. The blockchain-based digital authentication method according to claim 1, wherein parallel decryption of digital signatures of each identity item to be authenticated according to an execution policy based on a docking result comprises:
acquiring an execution strategy corresponding to each identity item to be verified, analyzing the digital signature of the corresponding identity item to be verified based on the execution strategy, and determining an encryption mode of the identity item to be verified in the blockchain based on random numbers based on an analysis result;
determining key characteristics based on an encryption mode, and matching corresponding target key files from a preset key file library based on the key characteristics;
and decrypting the digital signature of the corresponding identity item to be verified based on the target key file to obtain a sub-identity verification certificate corresponding to the digital signature of the identity item to be verified.
6. The blockchain-based digital authentication method of claim 1, wherein obtaining the digital authentication result based on the similarity includes:
obtaining the similarity between the obtained identity verification certificate and the registered digital identity information, and comparing the similarity with a preset similarity threshold;
if the similarity is greater than or equal to a preset similarity threshold, determining that the digital identity verification result of the user is passed;
If the similarity is smaller than a preset similarity threshold, the digital identity verification result of the user is judged to be failed.
7. The blockchain-based digital authentication method according to claim 1, wherein in step 3, feeding back the digital authentication result to the transaction terminal comprises:
obtaining a digital identity verification result, determining a result label corresponding to the digital identity verification result based on the result type of the digital identity verification result, and marking the digital identity verification result for the first time based on the result label to obtain a digital identity verification result to be authorized;
determining an authorization type corresponding to the digital identity verification result based on the first marking result, calling an authorization type identifier based on the authorization type and the current access operation characteristic of the user, and marking the digital identity verification result to be authorized for a second time based on the authorization type identifier, wherein the authorization type comprises authorization and rejection;
invoking a target authorization file from a preset authorization file library based on the authorization type identifier, and carrying out association encapsulation on the target authorization file and a second marked digital identity verification result to obtain a data packet to be fed back;
and carrying out uplink communication authorization on the wireless transmission link, feeding back the data packet to be fed back to the transaction terminal based on the wireless transmission link based on the uplink communication authorization result, and displaying the digital identity verification result and the authorization result based on the transaction terminal.
8. The blockchain-based digital authentication method according to claim 1, wherein in step 3, recording and retaining the authentication full-flow parameter in a recording node in the blockchain based on the feedback result includes:
acquiring a feedback process of the digital identity verification result, and when the digital identity verification result is fed back to the transaction terminal, invoking the identity verification full-flow parameters of the identity verification request submitted by the user;
analyzing the full-flow parameters of the identity verification, determining the data characteristics of the full-flow parameters of the identity verification, traversing the record nodes in the blockchain based on the data characteristics, and determining target record nodes based on the traversing result;
recording and retaining the authentication full-flow parameters in a target recording node, generating access indexes of the authentication full-flow parameters based on recording and retaining results, and recording and retaining the access indexes in a preset access index directory in a blockchain.
9. A blockchain-based digital authentication system, comprising:
the request sending module is used for acquiring an identity authentication request submitted by a user during transaction, digitally signing the identity authentication request based on a random number generated by the blockchain and then sending the digital signature to an identity authentication node in the blockchain;
The identity verification module is used for retrieving the execution contract based on the identity verification node, decrypting the digital signature based on the execution contract to obtain an identity verification certificate, and carrying out mapping comparison on the identity verification certificate and the registered digital identity information in the blockchain to obtain a digital identity verification result;
the data recording module is used for feeding back a digital identity verification result to the transaction terminal, and recording and preserving the whole-process parameter of the identity verification in a recording node in the block chain based on the feedback result;
wherein, the authentication module includes:
analyzing the received identity authentication request based on the identity authentication node, determining an identity item identifier to be authenticated contained in the identity authentication request, accessing a database server based on the identity item identifier to be authenticated to obtain an identity information type corresponding to the identity item identifier to be authenticated, and generating a contract invoking token based on the identity information type;
calling a corresponding execution contract from a preset contract channel based on a contract calling token, extracting contract attribute of the execution contract, calling a target format conversion rule from a preset contract conversion rule base based on the contract attribute, analyzing the execution contract, determining contract language characteristics of contract language in the execution contract, screening the contract language based on the contract language characteristics, and obtaining a target execution contract language based on a screening result;
Compiling and packaging a target execution contract language based on a target conversion rule, converting the target execution contract language into an execution strategy, butting the execution strategy with corresponding identity items to be verified, and decrypting digital signatures of the identity items to be verified in parallel according to the execution strategy based on a butting result to obtain sub-identity verification certificates;
summarizing all sub-identity verification certificates to obtain the identity verification certificates of the users, simultaneously, retrieving the registered digital identity information in the blockchain, carrying out the same type project mapping on the identity verification certificates and the registered digital identity information, and obtaining the association relation between the identity verification certificates and the registered digital identity information based on the mapping result;
respectively extracting a first identity characteristic vector and a second identity characteristic vector of the identity verification certificate and the registered digital identity information based on the association relation, and determining an included angle cosine value of the first identity characteristic vector and the second identity characteristic vector based on an included angle cosine criterion;
and determining the similarity between the identity verification certificate and the registered digital identity information based on the cosine value of the included angle, and obtaining a digital identity verification result based on the similarity.
CN202311540673.1A 2023-11-20 2023-11-20 Digital identity verification method and system based on block chain Active CN117254982B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202311540673.1A CN117254982B (en) 2023-11-20 2023-11-20 Digital identity verification method and system based on block chain

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202311540673.1A CN117254982B (en) 2023-11-20 2023-11-20 Digital identity verification method and system based on block chain

Publications (2)

Publication Number Publication Date
CN117254982A CN117254982A (en) 2023-12-19
CN117254982B true CN117254982B (en) 2024-02-23

Family

ID=89131775

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202311540673.1A Active CN117254982B (en) 2023-11-20 2023-11-20 Digital identity verification method and system based on block chain

Country Status (1)

Country Link
CN (1) CN117254982B (en)

Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108270571A (en) * 2017-12-08 2018-07-10 西安电子科技大学 Internet of Things identity authorization system and its method based on block chain
CN108810895A (en) * 2018-07-12 2018-11-13 西安电子科技大学 Wireless Mesh netword identity identifying method based on block chain
CN109687965A (en) * 2019-02-18 2019-04-26 哈尔滨工业大学(深圳) The real name identification method of subscriber identity information in a kind of protection network
KR20200065939A (en) * 2018-11-30 2020-06-09 사단법인 전국은행연합회 Apparatus and method for certificate status management based on blockchain and smart contract
KR20200110121A (en) * 2019-09-10 2020-09-23 주식회사 코인플러그 Method and server for managing user identity using blockchain network, and method and terminal for verifying user using user identity based on blockchain network
CA3074806A1 (en) * 2020-03-06 2021-09-06 Vaultie Inc. A system and method for authenticating digitally signed documents
CN115208637A (en) * 2022-06-23 2022-10-18 北京链道科技有限公司 Access control method of block chain intelligent contract
CN115714646A (en) * 2022-11-01 2023-02-24 北京理工大学 Privacy protection user incentive method based on block chain
CN115879074A (en) * 2023-03-08 2023-03-31 天聚地合(苏州)科技股份有限公司 Identity authentication method, device and system based on block chain
CN116319072A (en) * 2023-05-11 2023-06-23 西华大学 Authentication and hierarchical access control integrated method based on blockchain technology
CN116975810A (en) * 2023-02-02 2023-10-31 腾讯科技(深圳)有限公司 Identity verification method, device, electronic equipment and computer readable storage medium

Patent Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108270571A (en) * 2017-12-08 2018-07-10 西安电子科技大学 Internet of Things identity authorization system and its method based on block chain
CN108810895A (en) * 2018-07-12 2018-11-13 西安电子科技大学 Wireless Mesh netword identity identifying method based on block chain
KR20200065939A (en) * 2018-11-30 2020-06-09 사단법인 전국은행연합회 Apparatus and method for certificate status management based on blockchain and smart contract
CN109687965A (en) * 2019-02-18 2019-04-26 哈尔滨工业大学(深圳) The real name identification method of subscriber identity information in a kind of protection network
KR20200110121A (en) * 2019-09-10 2020-09-23 주식회사 코인플러그 Method and server for managing user identity using blockchain network, and method and terminal for verifying user using user identity based on blockchain network
CA3074806A1 (en) * 2020-03-06 2021-09-06 Vaultie Inc. A system and method for authenticating digitally signed documents
CN115208637A (en) * 2022-06-23 2022-10-18 北京链道科技有限公司 Access control method of block chain intelligent contract
CN115714646A (en) * 2022-11-01 2023-02-24 北京理工大学 Privacy protection user incentive method based on block chain
CN116975810A (en) * 2023-02-02 2023-10-31 腾讯科技(深圳)有限公司 Identity verification method, device, electronic equipment and computer readable storage medium
CN115879074A (en) * 2023-03-08 2023-03-31 天聚地合(苏州)科技股份有限公司 Identity authentication method, device and system based on block chain
CN116319072A (en) * 2023-05-11 2023-06-23 西华大学 Authentication and hierarchical access control integrated method based on blockchain technology

Also Published As

Publication number Publication date
CN117254982A (en) 2023-12-19

Similar Documents

Publication Publication Date Title
CN106330850B (en) Security verification method based on biological characteristics, client and server
US8447991B2 (en) Card authentication system
US8756416B2 (en) Checking revocation status of a biometric reference template
US9298902B2 (en) System, method and program product for recording creation of a cancelable biometric reference template in a biometric event journal record
WO2021003977A1 (en) Default information query method and apparatus, and computer device and storage medium
CN110290134A (en) A kind of identity identifying method, device, storage medium and processor
US11949785B1 (en) Biometric authenticated biometric enrollment
CN109768983A (en) Dynamic and Multi dimensional personal identification method, apparatus and system based on block chain
CN109242666A (en) Personal reference method, apparatus and computer equipment are obtained based on block chain
CN113761488A (en) Content network copyright tracing encryption system and encryption method
CN115695048A (en) Secure network data processing method and system
US7739500B2 (en) Method and system for consistent recognition of ongoing digital relationships
CN111770081B (en) Role authentication-based big data confidential file access method
CN116680673B (en) Identity verification method and device for display and computer equipment
CN117254982B (en) Digital identity verification method and system based on block chain
Gkaniatsou et al. Getting to know your card: reverse-engineering the smart-card application protocol data unit
TWI688898B (en) Multi-factor dynamic quick response code authentication system and method
KR100955880B1 (en) Security method in RFID environment, Recording medium and System using by the same
TWI640887B (en) User verification system implemented along with a mobile device and method thereof
US20240013198A1 (en) Validate digital ownerships in immutable databases via physical devices
CN117478439B (en) Network and information security encryption system and method
CN112910883B (en) Data transmission method and device and electronic equipment
CN116308434B (en) Insurance fraud identification method and system
US20240187223A1 (en) Biometric authenticated biometric enrollment
TW201839673A (en) SYSTEM FOR GENERATing AND decrypting two-dimensional codeS AND method THEREOF

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant