CN117807573A - Decentralizing identity verification method and system - Google Patents
Decentralizing identity verification method and system Download PDFInfo
- Publication number
- CN117807573A CN117807573A CN202311772925.3A CN202311772925A CN117807573A CN 117807573 A CN117807573 A CN 117807573A CN 202311772925 A CN202311772925 A CN 202311772925A CN 117807573 A CN117807573 A CN 117807573A
- Authority
- CN
- China
- Prior art keywords
- verification
- decentralised
- identity
- security chip
- verified
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000012795 verification Methods 0.000 title claims abstract description 217
- 238000000034 method Methods 0.000 title claims abstract description 25
- 238000012545 processing Methods 0.000 claims abstract description 18
- 238000013475 authorization Methods 0.000 claims abstract description 7
- 230000008569 process Effects 0.000 claims description 6
- 238000004891 communication Methods 0.000 claims description 4
- 230000009286 beneficial effect Effects 0.000 abstract description 2
- 230000008520 organization Effects 0.000 description 7
- 238000013461 design Methods 0.000 description 4
- 230000003993 interaction Effects 0.000 description 4
- 238000007726 management method Methods 0.000 description 4
- 238000013499 data model Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 238000004458 analytical method Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Abstract
The invention provides a method and a system for verifying a decentralised identity, which relate to the technical field of data security and comprise the following steps: initializing a security chip to generate a decentralised digital identity and a corresponding public and private key pair, and uploading the decentralised digital identity and the corresponding public and private key pair and a hash file obtained by processing to a blockchain network; the security chip sends a decentralised digital identity to the issuer and requests verification of ownership, and then receives a returned verifiable statement; the use direction security chip requests authorization to obtain verifiable statement and information to be verified, and then the self-decentralised digital identity, the verifiable statement and the information to be verified are sent to a verification party for verification; the verification party acquires verification data from the blockchain network to sequentially verify the information to be verified and the verifiable statement, then returns a verification result to the user, and the user acquires the public and private key and the security chip to carry out service chain processing when receiving the verification result. The method has the beneficial effects of being more open in application scene and having the characteristic of privacy protection.
Description
Technical Field
The invention relates to the technical field of data security, in particular to a method and a system for verifying a decentralised identity.
Background
A unified open big data element trading market is constructed, and trusted participant digital identity authentication is required. Traditional central avatar identification is difficult to meet the size and openness of big data element markets. The user is highly concerned about data privacy and right protection for big data transaction, and the open multidimensional application field relates to a wide application scene, and the data right is difficult to identify.
With the blockchain technology, the decentralised identity and transaction system architecture has the characteristic that the data cannot be changed, so that the basic requirement of multi-party data credibility is met; the decentralised digital identity standards provide a decentralised identity interaction protocol (DID).
The Decentralised Identifier (DID) is a protocol standard that enables verifiable, decentralised digital identities. DID refers to any principal (e.g., person, organization, thing, data model, abstract entity, etc.) determined by the controller of the DID. The DID design allows it to be separated from centralized registries, identity providers, and certificate authorities, as compared to typical federated identifiers. In particular, while other parties may be used to help discover information related to the DID, the design enables the controller of the DID to prove control over it without the need for permission of any other party. DID is a URI that associates a DID topic with a DID document, allowing trusted interactions associated with the topic; an encryption algorithm supporting digital identification and encryption and signature in the transaction process; the security chip protects the private key from illegal access, enhances the security of key management and transaction signature, ensures the credibility and controllability of digital identity, and can solve the problem of privacy disclosure from the source.
Existing enterprises generate or use user digitized identities, such as user IDs, in a substantially centralized manner. When the cross-enterprise application is performed, the user has to register digital avatar identifications in the digital products to which each enterprise belongs, so that user identification data which are not communicated with each other among the enterprises are caused, and the enterprises completely have data generated in the use process of the user.
Disclosure of Invention
Aiming at the problems in the prior art, the invention provides a method for verifying a decentralised identity, which comprises the following steps:
step S1, initializing a security chip to generate a decentralised digital identity and a corresponding public and private key pair, and uploading a hash file obtained by processing according to the decentralised digital identity and the decentralised digital identity to a blockchain network;
step S2, the security chip sends the decentralised digital identity to a proving party and requests to verify ownership of the decentralised digital identity, and then receives a verifiable statement returned after the proving party passes verification;
step S3, the security chip passing through the direction verification requests authorization to obtain the verifiable statement and the verification waiting information of the issuer and the security chip, and then the self-decentralised digital identity, the verifiable statement and the verification waiting information are sent to the verifier for verification;
and S4, the verifier acquires verification data from the blockchain network, sequentially verifies the information to be verified and the verifiable statement, then returns a verification result to the user, and acquires the public and private key and the security chip to carry out service chain processing when the user receives the verification result indicating that verification is passed.
Preferably, the decentralizing digital identity further includes a corresponding decentralizing digital identity document, and the step S1 includes:
step S11, initializing the security chip to generate the self-decentralised digital identity and the corresponding public and private key pair;
step S12, the security chip calculates a hash value of the decentralised digital identity document as the hash file, and then uploads the hash file and the decentralised digital identity to an intelligent contract in the blockchain network.
Preferably, the to-be-verified information includes the issuer, the to-be-verified decentralizing identity of the security chip, and a corresponding to-be-verified hash file, and the blockchain network stores a plurality of valid decentralizing identities and corresponding valid hash files, and the step S4 includes:
step S41, the verifier searches whether the valid de-centralized identity identical to the to-be-verified de-centralized identity of the issuer and the security chip exists in the blockchain network:
if yes, taking the effective hash files corresponding to the effective decentralised identity marks as the verification data;
if not, returning the verification result of the identification verification failure to the user;
step S42, the verifier determines whether the valid hash file in the verification data is consistent with the hash file to be verified corresponding to the issuer and the security chip:
if yes, then verifying the validity of the verifiable statement, and returning the verification result of the identification verification to the user when verifying that the verifiable statement is valid;
if not, returning the verification result of the identification verification failure to the user;
step S43, the verifier determines whether the received verification result indicates that verification passes:
if yes, acquiring the public and private key pair, and performing data communication with the security chip to finish the service chain processing;
if not, the method exits.
Preferably, the verifiable statement includes the decentralised avatar identifier of the security chip and the decentralised avatar identifier of the prover, and the verifying the validity of the verifiable statement in step S42 includes:
the verification party sequentially judges whether the decentralised identity of the security chip and the decentralised identity of the issuing party contained in the verifiable statement are consistent with the issuing party and the central avatar to be verified of the security chip contained in the information to be verified:
if yes, the verifiable statement is valid;
if not, the verifiable statement is invalid.
The invention also provides a system for verifying the decentralised identity identifier, which is characterized by comprising the following steps of:
the security chip is used for initializing and generating a decentralised digital identity and a corresponding public and private key pair, and uploading a hash file obtained by processing according to the decentralised digital identity and the decentralised digital identity to a blockchain network;
the issuing party is connected with the security chip and is used for receiving the decentralised digital identity identifier sent by the security chip and a request for verifying ownership of the decentralised digital identity identifier, and then returning a verifiable statement to the security chip after verification is passed;
the user is connected with the security chip and is used for requesting authorization to obtain the verifiable statement and the verification waiting information of the issuer and the security chip from the security chip passing verification, and then sending the self-decentralised digital identity, the verifiable statement and the verification waiting information to the verifier for verification;
and the verification party is connected with the user party and is used for acquiring verification data from the blockchain network to sequentially verify the verification information to be verified and the verification statement after receiving the de-centralized digital identity, the verification statement and the verification information to be verified, which are sent by the user, and then returning a verification result to the user party, wherein the user party acquires the public and private key and the security chip to carry out service chain processing when receiving the verification result which indicates that the verification is passed.
Preferably, the decentralised digital identity further includes a corresponding decentralised digital identity document, and the security chip includes:
the initialization module is used for initializing and generating the self-centering digital identity and the corresponding public and private key pair;
and the data uploading module is connected with the initial call module and is used for calculating the hash value of the decentralised digital identity identification document to serve as the hash file, and then uploading the hash file and the decentralised digital identity identification to an intelligent contract in the blockchain network.
Preferably, the to-be-verified information includes the issuer, to-be-verified decentralizing identity of the security chip and a corresponding to-be-verified hash file, and the blockchain network stores a plurality of valid decentralizing identity and a corresponding valid hash file, and the verifier includes:
the query module is used for searching the effective decentralised identity identifiers which are the same as the decentralised identity identifiers of the issuing party and the security chip from the blockchain network after receiving the decentralised digital identity identifiers, the verifiable statement and the verification information to be verified, wherein the effective hash files corresponding to the effective decentralised identity identifiers are used as verification data, and the verification result of identity verification failure is returned to the user when the effective hash files are not searched;
the first verification module is connected with the query module and is used for generating a verification signal when judging that the effective hash file in the verification data is consistent with the to-be-verified hash file corresponding to the issuer and the security chip, and returning the verification result of the identification verification failure to the user when judging that the effective hash file in the verification data is inconsistent with the to-be-verified hash file corresponding to the issuer and the security chip;
the second verification module is connected with the first verification module and is used for verifying the validity of the verifiable statement when the verification information is received, returning the verification result which indicates that verification passes to the user when the verifiable statement is verified to be valid, and returning the verification result which indicates that verification fails to the user when the verification result which indicates that verification fails to the user is returned to the user.
Preferably, the verifiable claim includes the decentralised avatar identifier of the security chip and the decentralised avatar identifier of the prover, and the second verification module includes:
the first verification unit is used for generating a first verification signal when judging that the decentralised identity of the security chip contained in the verifiable statement is consistent with the decentralised identity of the security chip contained in the to-be-verified information, and returning the verification result representing verification failure to the user when judging that the decentralised identity of the security chip is inconsistent with the to-be-verified decentralised identity of the security chip contained in the to-be-verified information;
and the second verification unit is connected with the first verification unit and is used for returning the verification result representing verification passing to the user when judging that the de-centering identity of the proving party contained in the verifiable statement is consistent with the de-centering identity of the proving party contained in the to-be-verified information, and returning the verification result representing verification failure to the user when judging that the de-centering identity of the proving party contained in the to-be-verified information is inconsistent.
The technical scheme has the following advantages or beneficial effects:
1) The decentralized digital identity is based on a blockchain transaction system architecture, the characteristic that data cannot be changed is achieved, compared with the centralized digital identity, the decentralized digital identity has more open application scenes, and meanwhile has the characteristic of privacy protection, so that the decentralized digital identity is a necessary condition for constructing open data market elements.
2) The DID standard and the encryption algorithm are adopted, so that an off-centered digital identity interaction protocol and encryption and signature in the process of supporting off-centered digital identity identification and transaction are provided;
3) Based on the security chip, the security of key management and data transaction signature is enhanced, the digital identity is ensured to be credible and controllable, and the scheme capable of solving the problem of privacy disclosure from the source is provided.
Drawings
FIG. 1 is a flow chart of a method for decentralizing identity verification in accordance with a preferred embodiment of the present invention;
FIG. 2 is a schematic flow chart of step S1 in a preferred embodiment of the present invention;
FIG. 3 is a schematic flow chart of step S4 in the preferred embodiment of the present invention;
FIG. 4 is a schematic diagram of a comparison between the conventional technology and the present invention in a preferred embodiment of the present invention;
FIG. 5 is a schematic diagram of an off-center avatar identification verification system according to a preferred embodiment of the present invention.
Detailed Description
The invention will now be described in detail with reference to the drawings and specific examples. The present invention is not limited to the embodiment, and other embodiments may fall within the scope of the present invention as long as they conform to the gist of the present invention.
In a preferred embodiment of the present invention, based on the above-mentioned problems existing in the prior art, there is now provided a decentralised identity verification method, comprising:
step S1, initializing and generating a decentralised digital identity and a corresponding public and private key pair by a security chip, and uploading a hash file and the decentralised digital identity which are obtained according to the decentralised digital identity treatment to a blockchain network;
step S2, the security chip sends the decentralised digital identity to the issuer and requests to verify ownership of the decentralised digital identity, and then receives a verifiable statement returned after the issuer passes verification;
step S3, the security chip passing through the direction verification is used for requesting authorization to obtain verifiable statement and verification waiting information of the issuer and the security chip, and then the self-decentralised digital identity, the verifiable statement and the verification waiting information are sent to the verifier for verification;
and S4, the verifier acquires verification data from the blockchain network to sequentially verify the information to be verified and the verifiable statement, then returns a verification result to the user, and the user acquires the public and private key and the security chip to perform service chain processing when receiving the verification result indicating that the verification is passed.
Specifically, the related names in the present embodiment are explained.
And (3) a safety chip: the security chip is a trusted computing unit module, is a device capable of independently generating and encrypting and decrypting keys, is internally provided with an independent input unit, a processing unit and a storage unit, can store private keys and data required by computation, and can process data signatures through elliptic curve algorithm.
The Decentralised Identifier (DID) is a protocol standard that enables verifiable, decentralised digital identities. DID refers to any principal (e.g., person, organization, thing, data model, abstract entity, etc.) determined by the controller of the DID. The DID design allows it to be separated from centralized registries, identity providers, and certificate authorities, as compared to typical federated identifiers. In particular, while other parties may be used to help discover information related to the DID, the design enables the controller of the DID to prove control over it without the need for permission of any other party. DID is a URI that associates a DID topic with a DID document, allowing trusted interactions associated with the topic, specific specification examples of which are: the bid is example 123456789abcdefghi;
the evidence issuing party: the issuer of the verifiable statement may be an institution or an individual. The issuer will firstly verify the ownership of the DID by the entity and secondly issue the verifiable statement to the entity, and the issuer organization provides the verifiable statement issuing service as the issuer issues the verifiable statement. Issuing party authorities, third party applications such as household registration authorities, academic authorities, talent authorities, medical institutions, or third party application websites, mobile APP, etc.;
and (3) verification: the verifier for verifying the statement generally refers to a third party organization, such as a household registration management organization, an academic management organization, a talent organization, a medical institution, or a third party application website, a mobile phone APP, etc., which can be accessed through the DID. The verifier will verify the ownership of the DID by the entity first and the validity of the verifiable claim second. System users refer to consumers of resources and services, and are primarily concerned with activities including DID generation and verification of verifiable claims.
The using method comprises the following steps: third party institutions, mobile phone applications, website applications or other application scenes requiring the digital identity of the practical main body, the validity of the digital identity is verified by the verification main body to be centralized through the verification party, the validity of the verifiable statement is verified, and self subsequent business logic processing is carried out according to the verification result.
In this embodiment, the device configured with the security chip is referred to as a main body, and the self-decentralised digital identity (in accordance with the DID specification) and the public-private key pair corresponding to the decentralised digital identity are initialized in the security chip, and the decentralised digital identity and the public key are sent to the application layer of the device; through the processes, the main body provided with the security chip can automatically complete registration, analysis, update or withdrawal operation of the decentralised digital identity mark through the built-in DID program of the security device, and the whole network uniqueness can be realized without a central registration mechanism.
The blockchain has the technical characteristics of non-falsification, disclosure transparency, convenience in tracking and tracing, and the like, realizes the decentralization digital identity identification based on the blockchain, gives the main body the digital identity identification generated based on the real identity, can effectively solve the safety and privacy problems of the main body identity, and avoids the leakage of the main body data because the decentralization digital identity identification does not contain the main body real data. The decentralised digital identity is the digital identity of the main body, and is controlled by the main body autonomously, so that the communication of the digital identity in each system and the efficient and convenient service expansion can be realized, and the association of the data identity is opened.
The main body applies for a plurality of digital identity certificates with different functions and different scenes to different certificate issuing parties, so that the statement can be verified, the main body digital identity is authenticated in a privacy protection mode, the main body digital identity is communicated with each system, and the service can be effectively and conveniently expanded. Each institution entity can also issue and store certificates and transfer certificates efficiently, so that the operation efficiency is improved.
The verification party can be an independent verification party or a user party in the decentralised network architecture, and the main capability steps of the verification party comprise firstly verifying ownership of the decentralised digital identity mark by a main body and secondly verifying validity of a verifiable statement.
In a preferred embodiment of the present invention, the decentralised digital identity further comprises a corresponding decentralised digital identity document, and step S1 comprises:
step S11, initializing and generating self-centering digital identity identification and a corresponding public and private key pair by the security chip;
in step S12, the security chip calculates the hash value of the decentralized digital identity document as a hash file, and then uploads the hash file and the decentralized digital identity to the intelligent contract in the blockchain network.
Specifically, in this embodiment, the security chip needs to upload the generated decentralized digital identity to an intelligent contract in the blockchain network, and also generates a corresponding document when generating the decentralized digital identity, where in this embodiment, the hash value of the document is obtained by an encryption algorithm such as SM3, SHA-2, SHA-3, or the like and is used as a hash file for verifying the DID ownership by a subsequent verifier;
intelligent contract: in a blockchain network, a smart contract is a series of codes located at a specific address that is used to execute a given protocol so that the results can be determined immediately by the participants without any intermediaries.
In a preferred embodiment of the present invention, the to-be-verified information includes an issuer, a to-be-verified decentralizing identity of a security chip, and a corresponding to-be-verified hash file, and the blockchain network stores a plurality of valid decentralizing identities and corresponding valid hash files, as shown in fig. 3, step S4 includes:
step S41, the verifier searches whether the valid decentralised identity identifier which is the same as the to-be-verified decentralised identity identifier of the issuer and the security chip exists in the blockchain network or not:
if yes, taking the effective hash files corresponding to the effective decentralised identity marks as verification data;
if not, returning a verification result of the identification verification failure to the user;
step S42, the verifier judges whether the valid hash file in the verification data is consistent with the hash file to be verified corresponding to the issuer and the security chip:
if yes, then verifying the validity of the verifiable statement, and returning a verification result of passing the identification verification to the user when the verifiable statement is verified to be valid;
if not, returning a verification result of the identification verification failure to the user;
step S43, the user determines whether the received verification result indicates that the verification is passed:
if yes, acquiring a public and private key pair, and carrying out data communication with the security chip to finish service chain processing;
if not, the method exits.
In a preferred embodiment of the present invention, the verification of validity of the verifiable claim in step S42 includes:
the verification party sequentially judges whether the decentralised identity of the security chip contained in the verifiable statement and the decentralised identity of the issuing party are consistent with the issuing party contained in the information to be verified and the central avatar of the security chip to be verified:
if yes, the validity of the statement can be verified;
if not, the assertion may be verified as invalid.
The decentralised avatar identification verification system provided by the invention has more open application scenes and privacy protection characteristics, and is a necessary condition for constructing open data market elements. Compared with the traditional verification method adopting the centralized digital identity, the method has the same advantages, and the comparison chart is shown in fig. 4.
The invention also provides a system for verifying the decentralised identity identifier, which is characterized by comprising the following steps of:
the security chip 1 is used for initializing and generating a decentralised digital identity and a corresponding public and private key pair, and uploading a hash file obtained by processing according to the decentralised digital identity and the decentralised digital identity to the blockchain network;
the issuer 2 is connected with the security chip 1 and is used for receiving the decentralised digital identity identifier sent by the security chip and verifying the request of ownership of the decentralised digital identity identifier, and then returning a verifiable statement to the security chip after the verification is passed;
the user 3 is connected with the security chip 1 and is used for requesting authorization to obtain a verifiable statement and verification information to be verified of the issuer and the security chip from the security chip passing verification, and then sending the self-decentralised digital identity, the verifiable statement and the verification information to the verifier for verification;
and the verifier 4 is connected with the user 3 and is used for acquiring verification data from the blockchain network to sequentially verify the verification information and the verifiable statement after receiving the de-centralized digital identity, the verifiable statement and the verification information sent by the user, then returning a verification result to the user, and acquiring a public and private key and a security chip to carry out service chain processing when the user receives the verification result indicating that the verification is passed.
In the preferred embodiment of the present invention, the decentralised digital identity further includes a corresponding decentralised digital identity document, and as shown in fig. 5, the security chip 1 includes:
the initialization module 11 is used for initializing and generating self-centering digital identity and a corresponding public and private key pair;
the data uploading module 12 is connected with the initializing module 11 and is used for calculating the hash value of the decentralised digital identity document as a hash file by adopting an SM3 algorithm, an SHA-2 algorithm or an SHA-3 algorithm, and then uploading the hash file and the decentralised digital identity to an intelligent contract in the blockchain network.
In a preferred embodiment of the present invention, the to-be-verified information includes an issuer, a to-be-verified decentralizing identity of a security chip, and a corresponding to-be-verified hash file, and the blockchain network stores a plurality of valid decentralizing identities and corresponding valid hash files, as shown in fig. 5, the verifier 4 includes:
the query module 41 is configured to, after receiving the decentralised digital identity, the verifiable statement and the information to be verified sent by the user, search for an effective decentralised identity identifier identical to the decentralised identity identifier to be verified of the issuer and the security chip from the blockchain network, and when the effective decentralised identity identifier is found, use an effective hash file corresponding to each effective decentralised identity identifier as verification data, and when the effective hash file is not found, return a verification result that the identity verification fails to the user;
the first verification module 42 is connected with the query module 41, and is configured to generate a verification signal when it is determined that the valid hash file in the verification data is consistent with the hash file to be verified corresponding to the issuer and the security chip, and return a verification result for identifying that verification fails to the user when it is determined that the valid hash file in the verification data is inconsistent with the hash file to be verified corresponding to the issuer and the security chip;
the second verification module 43 is connected to the first verification module 42, and is configured to verify the validity of the verifiable statement when verification information is received, return a verification result indicating that verification passes to the user when the verifiable statement is verified to be valid, and return a verification result identifying that verification fails to the user.
In the preferred embodiment of the present invention, the verification statement includes the decentralised avatar identifier of the security chip and the decentralised avatar identifier of the prover, and the second verification module 43 includes, as shown in fig. 5:
a first verification unit 431, configured to generate a first verification signal when it is determined that the identifier of the decentered identity of the security chip included in the verifiable statement is identical to the identifier of the decentered identity of the security chip included in the information to be verified, and return a verification result indicating that verification fails to the user when it is determined that the identifier of the decentered identity of the security chip is inconsistent;
the second verification unit 432 is connected to the first verification unit 431, and is configured to return a verification result indicating that verification is passed to the user when it is determined that the decentralised identity of the issuer included in the verifiable statement is identical to the decentralised identity of the issuer included in the information to be verified, and return a verification result indicating that verification is failed to the user when it is determined that the decentralised identity of the issuer is inconsistent.
The foregoing is merely illustrative of the preferred embodiments of the present invention and is not intended to limit the embodiments and scope of the present invention, and it should be appreciated by those skilled in the art that equivalent substitutions and obvious variations may be made using the description and illustrations herein, which should be included in the scope of the present invention.
Claims (8)
1. A method for de-centralized identity verification, comprising: step S1, initializing a security chip to generate a decentralised digital identity and a corresponding public and private key pair, and uploading a hash file obtained by processing according to the decentralised digital identity and the decentralised digital identity to a blockchain network;
step S2, the security chip sends the decentralised digital identity to a proving party and requests to verify ownership of the decentralised digital identity, and then receives a verifiable statement returned after the proving party passes verification;
step S3, the security chip passing through the direction verification requests authorization to obtain the verifiable statement and the verification waiting information of the issuer and the security chip, and then the self-decentralised digital identity, the verifiable statement and the verification waiting information are sent to the verifier for verification;
and S4, the verifier acquires verification data from the blockchain network, sequentially verifies the information to be verified and the verifiable statement, then returns a verification result to the user, and acquires the public and private key and the security chip to carry out service chain processing when the user receives the verification result indicating that verification is passed.
2. The method for verifying a decentralised identity according to claim 1, wherein the decentralised digital identity further comprises a corresponding decentralised digital identity document, and step S1 comprises:
step S11, initializing the security chip to generate the self-decentralised digital identity and the corresponding public and private key pair;
step S12, the security chip uses the hash value of the decentralised digital identity document as the hash file, and then uploads the hash file and the decentralised digital identity to an intelligent contract in the blockchain network.
3. The method for verifying the decentralised identity according to claim 1, wherein the information to be verified includes the issuer, the identifier to be verified of the security chip and the corresponding hash file to be verified, and the blockchain network stores a plurality of valid decentralised identifiers and corresponding valid hash files, and the step S4 includes:
step S41, the verifier searches whether the valid de-centralized identity identical to the to-be-verified de-centralized identity of the issuer and the security chip exists in the blockchain network:
if yes, taking the effective hash files corresponding to the effective decentralised identity marks as the verification data;
if not, returning the verification result of the identification verification failure to the user;
step S42, the verifier determines whether the valid hash file in the verification data is consistent with the hash file to be verified corresponding to the issuer and the security chip:
if yes, then verifying the validity of the verifiable statement, and returning the verification result of the identification verification to the user when verifying that the verifiable statement is valid;
if not, returning the verification result of the identification verification failure to the user;
step S43, the user determines whether the received verification result indicates that verification passes:
if yes, acquiring the public and private key pair, and performing data communication with the security chip to finish the service chain processing;
if not, the method exits.
4. A method of decentralized identity verification according to claim 3, wherein the verifiable claim comprises the decentralised avatar of the security chip and the decentralised avatar of the prover, and the process of verifying the validity of the verifiable claim in step S42 comprises:
the verification party sequentially judges whether the decentralised identity of the security chip and the decentralised identity of the issuing party contained in the verifiable statement are consistent with the issuing party and the central avatar to be verified of the security chip contained in the information to be verified:
if yes, the verifiable statement is valid;
if not, the verifiable statement is invalid.
5. An off-center identity verification system, wherein an off-center identity verification method according to any one of claims 1-4 is applied, comprising:
the security chip is used for initializing and generating a decentralised digital identity and a corresponding public and private key pair, and uploading a hash file obtained by processing according to the decentralised digital identity and the decentralised digital identity to a blockchain network;
the issuing party is connected with the security chip and is used for receiving the decentralised digital identity identifier sent by the security chip and a request for verifying ownership of the decentralised digital identity identifier, and then returning a verifiable statement to the security chip after verification is passed;
the user is connected with the security chip and is used for requesting authorization to obtain the verifiable statement and the verification waiting information of the issuer and the security chip from the security chip passing verification, and then sending the self-decentralised digital identity, the verifiable statement and the verification waiting information to the verifier for verification;
and the verification party is connected with the user party and is used for acquiring verification data from the blockchain network to sequentially verify the verification information to be verified and the verification statement after receiving the de-centralized digital identity, the verification statement and the verification information to be verified, which are sent by the user, and then returning a verification result to the user party, wherein the user party acquires the public and private key and the security chip to carry out service chain processing when receiving the verification result which indicates that the verification is passed.
6. The decentralised digital identity verification system of claim 5, wherein the decentralised digital identity further comprises a corresponding decentralised digital identity document, and wherein the security chip comprises:
the initialization module is used for initializing and generating the self-centering digital identity and the corresponding public and private key pair;
and the data uploading module is connected with the initializing module and is used for calculating the hash value of the decentralised digital identity identification document to serve as the hash file, and then uploading the hash file and the decentralised digital identity identification to the intelligent contract in the blockchain network.
7. The system according to claim 5, wherein the verification information includes the issuer, the identifier to be verified of the security chip, and the corresponding hash file to be verified, and the blockchain network stores a plurality of valid identifier to be verified and corresponding valid hash files, and the verifier includes:
the query module is used for searching the effective decentralised identity identifiers which are the same as the decentralised identity identifiers of the issuing party and the security chip from the blockchain network after receiving the decentralised digital identity identifiers, the verifiable statement and the verification information to be verified, wherein the effective hash files corresponding to the effective decentralised identity identifiers are used as verification data, and the verification result of identity verification failure is returned to the user when the effective hash files are not searched;
the first verification module is connected with the query module and is used for generating a verification signal when judging that the effective hash file in the verification data is consistent with the to-be-verified hash file corresponding to the issuer and the security chip, and returning the verification result of the identification verification failure to the user when judging that the effective hash file in the verification data is inconsistent with the to-be-verified hash file corresponding to the issuer and the security chip;
the second verification module is connected with the first verification module and is used for verifying the validity of the verifiable statement when the verification information is received, returning the verification result which indicates that verification passes to the user when the verifiable statement is verified to be valid, and returning the verification result which indicates that verification fails to the user when the verification result which indicates that verification fails to the user is returned to the user.
8. The off-center avatar identification verification system of claim 7, wherein the verifiable claim includes the off-center avatar identification of the security chip and the off-center avatar identification of the prover, the second verification module comprises:
the first verification unit is used for generating a first verification signal when judging that the decentralised identity of the security chip contained in the verifiable statement is consistent with the decentralised identity of the security chip contained in the to-be-verified information, and returning the verification result representing verification failure to the user when judging that the decentralised identity of the security chip is inconsistent with the to-be-verified decentralised identity of the security chip contained in the to-be-verified information;
and the second verification unit is connected with the first verification unit and is used for returning the verification result representing verification passing to the user when judging that the de-centering identity of the proving party contained in the verifiable statement is consistent with the de-centering identity of the proving party contained in the to-be-verified information, and returning the verification result representing verification failure to the user when judging that the de-centering identity of the proving party contained in the to-be-verified information is inconsistent.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311772925.3A CN117807573A (en) | 2023-12-21 | 2023-12-21 | Decentralizing identity verification method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311772925.3A CN117807573A (en) | 2023-12-21 | 2023-12-21 | Decentralizing identity verification method and system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117807573A true CN117807573A (en) | 2024-04-02 |
Family
ID=90426661
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311772925.3A Pending CN117807573A (en) | 2023-12-21 | 2023-12-21 | Decentralizing identity verification method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117807573A (en) |
-
2023
- 2023-12-21 CN CN202311772925.3A patent/CN117807573A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11025435B2 (en) | System and method for blockchain-based cross-entity authentication | |
| US11533164B2 (en) | System and method for blockchain-based cross-entity authentication | |
| US11496310B2 (en) | Methods and systems for universal storage and access to user-owned credentials for trans-institutional digital authentication | |
| CN109951489B (en) | Digital identity authentication method, equipment, device, system and storage medium | |
| WO2020192773A1 (en) | Digital identity authentication method, device, apparatus and system, and storage medium | |
| US11055802B2 (en) | Methods and apparatus for implementing identity and asset sharing management | |
| RU2747947C2 (en) | Systems and methods of personal identification and verification | |
| US10084762B2 (en) | Publicly readable blockchain registry of personally identifiable information breaches | |
| CN108667612B (en) | Trust service architecture and method based on block chain | |
| US20200412554A1 (en) | Id as service based on blockchain | |
| US11128604B2 (en) | Anonymous communication system and method for subscribing to said communication system | |
| EP4062351A1 (en) | Know your customer (kyc) and anti-money laundering (aml) verification in a multi-decentralized private blockchains network | |
| WO2019178440A1 (en) | System and method for securing private keys behind a biometric authentication gateway | |
| Guo et al. | Using blockchain to control access to cloud data | |
| US11823194B2 (en) | Decentralized biometric authentication platform | |
| US20210037009A1 (en) | Biometric data sub-sampling during decentralized biometric authentication | |
| US20210044429A1 (en) | Biometric data protection during decentralized biometric authentication | |
| US20200412541A1 (en) | Authentication ledger interactions for decentralized biometric authentication | |
| KR20200016506A (en) | Method for Establishing Anonymous Digital Identity | |
| Hölzl et al. | Real-world identification: towards a privacy-aware mobile eID for physical and offline verification | |
| CN105743883B (en) | A kind of the identity attribute acquisition methods and device of network application | |
| Wang et al. | Not yet another digital ID: privacy-preserving humanitarian aid distribution | |
| Hölzl et al. | Real-world Identification for an Extensible and Privacy-preserving Mobile eID | |
| CN117807573A (en) | Decentralizing identity verification method and system | |
| TWM585941U (en) | Account data processing system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination |