CN118074887A - Trust transfer method and system for identity authentication behavior based on block chain technology - Google Patents

Trust transfer method and system for identity authentication behavior based on block chain technology Download PDF

Info

Publication number
CN118074887A
CN118074887A CN202410498033.7A CN202410498033A CN118074887A CN 118074887 A CN118074887 A CN 118074887A CN 202410498033 A CN202410498033 A CN 202410498033A CN 118074887 A CN118074887 A CN 118074887A
Authority
CN
China
Prior art keywords
identity authentication
certificate
identity
service system
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202410498033.7A
Other languages
Chinese (zh)
Inventor
蔡国城
李振裕
郝久月
章锋
李頔
吴瑶
王剑冰
陈思敏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xiamen Zhongdunanxin Technology Co ltd
Original Assignee
Xiamen Zhongdunanxin Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xiamen Zhongdunanxin Technology Co ltd filed Critical Xiamen Zhongdunanxin Technology Co ltd
Priority to CN202410498033.7A priority Critical patent/CN118074887A/en
Publication of CN118074887A publication Critical patent/CN118074887A/en
Pending legal-status Critical Current

Links

Landscapes

  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention discloses a trust transfer method and a trust transfer system for identity authentication behavior based on a blockchain technology. And then, the identity authentication result certificate and the authentication serial number are returned to the first service system and then shared to the second service system through the first service system, so that the second service system can acquire a certificate storage hash abstract from a corresponding service node according to the authentication serial number to verify the identity authentication result certificate. Through the scheme, the user identity authentication efficiency can be effectively improved.

Description

Trust transfer method and system for identity authentication behavior based on block chain technology
Technical Field
The application relates to the field of identity authentication, in particular to a trust transfer method, a trust transfer system, a trust transfer medium and trust transfer equipment for identity authentication based on a blockchain technology.
Background
The identity authentication implementation scheme in the prior art is generally as follows: and each service system collects personal identity information of the user during service handling according to service scene characteristics, and authenticates the authenticity and correctness of the identity information of the user through the authoritative identity authentication platform. As shown in fig. 1, when a user handles a service, the user needs to complete a service flow corresponding to the mechanism 1, specifically, the service system of the mechanism 1 collects personal identity information of the user, initiates a real identity authentication request to an authoritative identity authentication platform, then the authoritative identity authentication platform authenticates the identity information of the user and returns an authentication result, and the service system of the mechanism 1 receives the authentication result and completes the service handling of the system; and finally, feeding back the business handling result to the user by the business system of the mechanism 1. After the business handling process of the organization 1 is completed, the user initiates business handling applications to other organizations (such as the organization 2 and the organization 3 in fig. 1) respectively in the same mode, and each organization involved in the business handling process completes business handling and feeds back the user, so that the whole business handling is finally completed.
The authentication scheme shown in fig. 1 generally has the following drawbacks: (1) The current authoritative identity authentication platform is mainly designed and built in a centralized mode, and when basic public service is provided for each industry, huge access pressure is faced, and certain single-point risk exists; (2) Based on the current service mode, when the user handles a plurality of services, the identity authentication result is difficult to share mutual authentication in a service scene with multiple mechanisms, and the user needs to repeatedly authenticate and authenticate for a plurality of times, so that the whole service handling flow is prolonged, and the time cost is increased.
Disclosure of Invention
In view of the above problems, the present application provides a technical solution for trust transfer of identity authentication behavior based on a blockchain technology, so as to solve the problems of low efficiency, poor user experience, etc. existing in the identity authentication manner of the existing multi-mechanism service system.
To achieve the above object, in a first aspect, the present application provides a trust transfer method for identity authentication behavior based on blockchain technology, which is applicable to a first service system, and the method includes:
Receiving basic identity information of a user, and initiating an identity authentication request to a trusted identity authentication platform, wherein the identity authentication request comprises first identification information of the first service system, the basic identity information of the user and second identification information of at least one second service system, one second service system corresponds to one service node, the trusted identity authentication platform corresponds to a trusted identity authentication node, and the service node and the trusted identity authentication node are located in the same blockchain;
And receiving an identity authentication result certificate and an authentication serial number returned by the trusted identity authentication platform, sharing the identity authentication result certificate and the authentication serial number to the second service system, so that the second service system can acquire a certificate storage hash abstract from the corresponding service node according to the authentication serial number, and completing verification of the identity authentication result certificate according to the certificate storage hash abstract.
The identity authentication result certificate is obtained according to the following mode: verifying the basic identity information of the user by the trusted identity authentication platform, generating a certificate declaration body information containing a basic identity information hash abstract, the first identification information, at least one piece of second identification information and the authentication serial number after verification is passed, and signing the certificate declaration body information to obtain the identity authentication result certificate containing the signature;
the certificate storing hash abstract in the service node is obtained according to the following mode: and carrying out hash calculation on the identity authentication result certificate by the trusted identity authentication platform to obtain a certificate storage certificate hash abstract, uploading the certificate storage certificate hash abstract to the blockchain through the trusted identity authentication node, and sharing the certificate storage certificate hash abstract to at least one service node through the blockchain.
Further, the basic identity information of the user comprises identity profile information or identity composite information, the identity profile information comprises a user name and an identity card number, and the identity composite information comprises the user name, the identity card number, the identity card validity period and the user biological characteristic information.
In a second aspect, the present application provides a trust transfer method for identity authentication behavior based on a blockchain technology, which is applicable to at least one second service system, where each second service system corresponds to a second identification information and corresponds to one service node in the blockchain, and the method includes:
Receiving an identity authentication result certificate and an authentication serial number sent by a first service system, acquiring a certificate storing hash abstract from a corresponding service node according to the authentication serial number, and checking the identity authentication result certificate according to the certificate storing hash abstract, wherein the first service system corresponds to first identification information;
the identity authentication result certificate is obtained according to the following mode: verifying basic identity information of a user received by the first service system by a trusted identity authentication platform, generating a certificate declaration body information containing basic identity information hash abstract, the first identification information, at least one piece of second identification information and the authentication serial number after verification is passed, and signing the certificate declaration body information to obtain the identity authentication result certificate containing signature;
The certificate storing hash abstract in the service node is obtained according to the following mode: and carrying out hash calculation on the identity authentication result certificate by the trusted identity authentication platform to obtain a certificate storage certificate hash abstract, uploading the certificate storage certificate hash abstract to a blockchain through the trusted identity authentication node, and sharing the certificate storage certificate hash abstract to at least one service node through the trusted identity authentication node, wherein the trusted identity authentication node is a blockchain node corresponding to the trusted identity authentication platform.
Further, the verifying the identity authentication result credential according to the credential storage hash digest includes: and firstly checking the certificate storage hash abstract, and checking the identity authentication result certificate after the certificate storage hash abstract passes the check.
In a third aspect, the present application provides a trust transfer method for identity authentication behavior based on blockchain technology, which is applicable to a trusted identity authentication platform, and the method includes the following steps:
Receiving an identity authentication request sent by a first service system, wherein the identity authentication request comprises first identification information of the first service system, basic identity information of a user acquired by the first service system and second identification information of at least one second service system;
Checking the basic identity information of the user, generating a certificate declaration body information containing a hash abstract of the basic identity information, the first identification information, at least one piece of second identification information and an authentication serial number after the basic identity information passes the check, and signing the certificate declaration body information to obtain the identity authentication result certificate containing the signature;
Carrying out hash calculation on the identity authentication result certificate to obtain a certificate storage certificate hash abstract, uploading the certificate storage certificate hash abstract to the blockchain through the trusted identity authentication node, and sharing the certificate storage certificate hash abstract to at least one service node through the blockchain, wherein the service nodes are all service nodes in the same blockchain;
And returning the identity authentication result certificate and the authentication serial number to the first service system, so that the first service system can acquire the certificate storage hash abstract from the service node according to the authentication serial number after sharing the identity authentication result certificate and the authentication serial number to the second service system, and verify the identity authentication result certificate according to the certificate storage hash abstract.
Further, the signing the credential declaration information includes: and signing the certificate declaration information by adopting the certificate issuing private key.
In a fourth aspect, the present application provides a trust transfer system for identity authentication behavior based on a blockchain technology, where the trust transfer system includes a first service system, at least one second service system and a trusted identity authentication platform, the first service system corresponds to first identification information, the second service system corresponds to second identification information, one second service system corresponds to one service node, the trusted identity authentication platform corresponds to a trusted identity authentication node, and the service node and the trusted identity authentication node are located in the same blockchain;
the first service system is used for sending an identity authentication request to the trusted identity authentication platform, and the identity authentication request comprises the first identification information, the basic identity information of the user collected by the first service system and at least one piece of second identification information;
The trusted identity authentication platform is used for verifying basic identity information of the user, generating credential declaration body information containing basic identity information hash abstract, the first identification information, at least one second identification information and an authentication serial number after verification is passed, and signing the credential declaration body information to obtain the identity authentication result credential containing signature; carrying out hash calculation on the identity authentication result certificate to obtain a certificate storage hash abstract, uploading the certificate storage hash abstract to the blockchain through the trusted identity authentication node, and sharing the certificate storage hash abstract to at least one service node through the blockchain;
the first service system is further configured to receive the identity authentication result credential and the authentication serial number sent by the trusted identity authentication platform, and share the identity authentication result credential and the authentication serial number to the second service system;
The second service system is used for acquiring the certificate storing hash abstract from the service node according to the authentication serial number, and verifying the identity authentication result certificate according to the certificate storing hash abstract.
In a fifth aspect, the present application provides a trust transfer method for identity authentication behavior based on blockchain technology, the method being applicable to the trust transfer system according to the fourth aspect of the present application;
the method comprises the following steps:
The first service system sends an identity authentication request to the trusted identity authentication platform, wherein the identity authentication request comprises the first identification information, the basic identity information of the user collected by the first service system and at least one piece of second identification information;
The trusted identity authentication platform verifies the basic identity information of the user, generates credential declaration body information containing basic identity information hash abstract, the first identification information, at least one piece of second identification information and an authentication serial number after verification is passed, and signs the credential declaration body information to obtain the identity authentication result credential containing the signature; carrying out hash calculation on the identity authentication result certificate to obtain a certificate storage hash abstract, uploading the certificate storage hash abstract to the blockchain through the trusted identity authentication node, and sharing the certificate storage hash abstract to at least one service node through the blockchain;
The first service system receives the identity authentication result certificate and the authentication serial number sent by the trusted identity authentication platform, and shares the identity authentication result certificate and the authentication serial number to the second service system;
And the second service system acquires the certificate storage hash abstract from the service node according to the authentication serial number, and verifies the identity authentication result certificate according to the certificate storage hash abstract.
In a sixth aspect, the present application provides a computer readable storage medium having stored thereon a computer program which when executed by a processor implements a trust transfer method for identity authentication actions based on blockchain techniques according to the first, second, third and fifth aspects of the present application.
In a seventh aspect, the present application provides an electronic device, on which a computer program is stored, including a processor and a storage medium, the storage medium having stored thereon a computer program which, when executed by the processor, implements a trust transfer method for identity authentication behavior based on blockchain techniques according to the first, second, third and fifth aspects of the present application.
Different from the prior art, in the above technical scheme, the trust transfer method, system, medium and equipment for identity authentication behavior based on the blockchain technology are provided, the method verifies basic identity information received by a first service system through a trusted identity authentication platform, generates credential declaration body information comprising basic identity information hash abstract, first identification information, at least one second identification information and an authentication serial number, signs the credential declaration body information to obtain the signed identity authentication result credential, and performs hash calculation on the identity authentication result credential to obtain a credential storage hash abstract, and uploads the credential storage hash abstract to the blockchain through the trusted identity authentication node, and shares the credential storage hash abstract to at least one service node through the blockchain. And then, after the identity authentication result certificate and the authentication serial number are returned to the first service system, the identity authentication result certificate and the authentication serial number are shared to the second service system through the first service system, so that the second service system can acquire the certificate storage hash abstract from the corresponding service node according to the authentication serial number to verify the received identity authentication result certificate. The scheme can realize the identity authentication result transmission of the multi-service system based on the blockchain technology and the trusted identity authentication platform, and effectively improves the efficiency and the safety of user identity verification.
The foregoing summary is merely an overview of the present application, and may be implemented according to the text and the accompanying drawings in order to make it clear to a person skilled in the art that the present application may be implemented, and in order to make the above-mentioned objects and other objects, features and advantages of the present application more easily understood, the following description will be given with reference to the specific embodiments and the accompanying drawings of the present application.
Drawings
The drawings are only for purposes of illustrating the principles, implementations, applications, features, and effects of the present application and are not to be construed as limiting the application.
In the drawings of the specification:
FIG. 1 is a flow chart of identity authentication for a multi-mechanism business system according to the prior art;
FIG. 2 is a flow chart of a trust transfer method for identity authentication based on blockchain technology according to an exemplary embodiment of the first aspect of the present application;
FIG. 3 is a flowchart of a trust transfer method for identity authentication based on blockchain technology according to an exemplary embodiment of the second aspect of the present application;
FIG. 4 is a flowchart of a trust transfer method for identity authentication based on blockchain technology according to an exemplary embodiment of a third aspect of the present application;
FIG. 5 is a flowchart of a trust transfer method for identity authentication based on blockchain technology according to an exemplary embodiment of a fifth aspect of the present application;
FIG. 6 is a flowchart of an application scenario of a trust transfer method for identity authentication behavior based on blockchain technology according to an exemplary embodiment of the present application;
FIG. 7 is a flowchart of an application scenario of a trust transfer method for identity authentication behavior based on blockchain technology according to another exemplary embodiment of the present application;
fig. 8 is a schematic diagram of an electronic device according to a first exemplary embodiment of the present application;
reference numerals referred to in the above drawings are explained as follows:
10. An electronic device;
101. A processor;
102. A storage medium.
Detailed Description
In order to describe the possible application scenarios, technical principles, practical embodiments, and the like of the present application in detail, the following description is made with reference to the specific embodiments and the accompanying drawings. The embodiments described herein are only for more clearly illustrating the technical aspects of the present application, and thus are only exemplary and not intended to limit the scope of the present application.
Reference herein to "an embodiment" means that a particular feature, structure, or characteristic described in connection with the embodiment may be included in at least one embodiment of the application. The appearances of the phrase "in various places in the specification are not necessarily all referring to the same embodiment, nor are they particularly limited to independence or relevance from other embodiments. In principle, in the present application, as long as there is no technical contradiction or conflict, the technical features mentioned in each embodiment may be combined in any manner to form a corresponding implementable technical solution.
Unless defined otherwise, technical terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which the present application pertains; the use of related terms herein is for the purpose of describing particular embodiments only and is not intended to limit the application.
In the description of the present application, the term "and/or" is a representation for describing a logical relationship between objects, which means that three relationships may exist, for example a and/or B, representing: there are three cases, a, B, and both a and B. In addition, the character "/" herein generally indicates that the front-to-back associated object is an "or" logical relationship.
In the present application, terms such as "first" and "second" are used merely to distinguish one entity or operation from another entity or operation, and do not necessarily require or imply any actual number, order, or sequence of such entities or operations.
Without further limitation, the use of the terms "comprising," "including," "having," or other like open-ended terms in this application are intended to cover a non-exclusive inclusion, such that a process, method, or article of manufacture that comprises a list of elements does not include additional elements in the process, method, or article of manufacture, but may include other elements not expressly listed or inherent to such process, method, or article of manufacture.
As in the understanding of "review guidelines," the expressions "greater than", "less than", "exceeding" and the like are understood to exclude this number in the present application; the expressions "above", "below", "within" and the like are understood to include this number. Furthermore, in the description of embodiments of the present application, the meaning of "a plurality of" is two or more (including two), and similarly, the expression "a plurality of" is also to be understood as such, for example, "a plurality of" and the like, unless specifically defined otherwise.
In the description of embodiments of the present application, spatially relative terms such as "center," "longitudinal," "transverse," "length," "width," "thickness," "up," "down," "front," "back," "left," "right," "vertical," "horizontal," "vertical," "top," "bottom," "inner," "outer," "clockwise," "counter-clockwise," "axial," "radial," "circumferential," etc., are used herein as a basis for the description of the embodiments or as a basis for the description of the embodiments, and are not intended to indicate or imply that the devices or components referred to must have a particular position, a particular orientation, or be configured or operated in a particular orientation and therefore should not be construed as limiting the embodiments of the present application.
Unless specifically stated or limited otherwise, the terms "mounted," "connected," "affixed," "disposed," and the like as used in the description of embodiments of the application should be construed broadly. For example, the "connection" may be a fixed connection, a detachable connection, or an integral arrangement; the device can be mechanically connected, electrically connected and communicated; it can be directly connected or indirectly connected through an intermediate medium; which may be a communication between two elements or an interaction between two elements. The specific meaning of the above terms in the embodiments of the present application can be understood by those skilled in the art to which the present application pertains according to circumstances.
The application combines the blockchain technology and the identity authentication capability of the trusted identity authentication platform, and realizes the trusted transmission of the identity authentication result among multiple mechanisms while providing trusted identity authentication service for the mechanism, thereby realizing one-time authentication, sharing mutual authentication among multiple mechanisms, reducing the user identity authentication cost of the mechanism, meeting the requirements of industry supervision, simplifying user operation and improving user experience and working efficiency.
As shown in fig. 2, in a first aspect, the present application provides a trust transfer method for identity authentication behavior based on blockchain technology, which is applicable to a first service system, and the method includes:
Step S201 is first entered to receive basic identity information of a user, and an identity authentication request is initiated to a trusted identity authentication platform, wherein the identity authentication request includes first identification information of the first service system, the basic identity information of the user, and second identification information of at least one second service system.
And then, step S202 is carried out to receive an identity authentication result certificate and an authentication serial number returned by the trusted identity authentication platform, and share the identity authentication result certificate and the authentication serial number with the second service system, so that the second service system can acquire a certificate storage certificate hash abstract from the corresponding service node according to the authentication serial number, and complete verification of the identity authentication result certificate according to the certificate storage certificate hash abstract.
In step S201, one of the second service systems corresponds to one service node, the trusted authentication platform corresponds to a trusted authentication node, and the service node and the trusted authentication node are located in the same blockchain.
In step S202, the identity authentication result credential is obtained according to the following manner: and verifying the basic identity information of the user by the trusted identity authentication platform, generating a certificate declaration body information containing the basic identity information hash abstract, the first identification information, at least one piece of second identification information and the authentication serial number after verification is passed, and signing the certificate declaration body information to obtain the identity authentication result certificate containing the signature. Because the identity authentication result certificate is signed by the trusted identity authentication platform, the identity authentication result certificate becomes more authoritative and trusted, and is convenient for the verification of other subsequent service systems. The authentication serial number is generated by the trusted identity authentication platform and corresponds to the identity authentication result certificate.
The certificate storing hash abstract in the service node is obtained according to the following mode: and carrying out hash calculation on the identity authentication result certificate by the trusted identity authentication platform to obtain a certificate storage certificate hash abstract, uploading the certificate storage certificate hash abstract to the blockchain through the trusted identity authentication node, and sharing the certificate storage certificate hash abstract to at least one service node through the blockchain.
It should be noted that the credential hash digest may be a hash digest. Hash computation is a process of converting input data into a fixed-length string or number. The hash function is an algorithm for performing hash computation, accepts an input of an arbitrary length, and generates a hash value of a fixed length by computation. Hash functions are widely used in the fields of information security, data integrity verification, cryptography, etc., and hash algorithms may include MD5, SHA-1, SHA-256, etc.
Further, the basic identity information of the user comprises identity profile information or identity composite information, the identity profile information comprises a user name and an identity card number, and the identity composite information comprises the user name, the identity card number, the identity card validity period and the user biological characteristic information.
The scheme combines the technical characteristics of the blockchain and the existing capability of the trusted identity authentication platform, so that the trusted circulation of the true identity authentication result of the user among the multi-service systems is realized, a trusted data source of the identity is provided for the service systems, one-time authentication is realized, and the distributed independent verification of the multi-party service systems is realized, thereby meeting the supervision requirement. Meanwhile, the user does not need to input basic identity information for many times, so that the disturbance to the user is reduced, the service handling experience is improved, and the service success rate is increased.
As shown in fig. 3, in a second aspect, the present application provides a trust transfer method for identity authentication based on blockchain technology, which is applicable to at least one second service system, where each second service system corresponds to a second identification information and corresponds to a service node in a blockchain, and the method includes:
Firstly, step S301 is carried out to receive an identity authentication result certificate and an authentication serial number sent by a first service system, and a certificate storage hash abstract is obtained from a corresponding service node according to the authentication serial number;
Step S302 is performed to verify the identity authentication result certificate according to the certificate storage hash abstract, and the first service system corresponds to first identification information;
In step S301, the identity authentication result credential is obtained according to the following manner: and verifying the basic identity information of the user received by the first service system by the trusted identity authentication platform, generating a certificate declaration body information containing the basic identity information hash abstract, the first identification information, at least one piece of second identification information and the authentication serial number after verification is passed, and signing the certificate declaration body information to obtain the identity authentication result certificate containing the signature.
The certificate storing hash abstract in the service node is obtained according to the following mode: and carrying out hash calculation on the identity authentication result certificate by the trusted identity authentication platform to obtain a certificate storage certificate hash abstract, uploading the certificate storage certificate hash abstract to a blockchain through the trusted identity authentication node, and sharing the certificate storage certificate hash abstract to at least one service node through the trusted identity authentication node, wherein the trusted identity authentication node is a blockchain node corresponding to the trusted identity authentication platform.
In this embodiment, the number of the second service systems is multiple, one of the second service systems corresponds to one service node in the blockchain, and after the trusted identity authentication platform generates the credential storage hash digest and uploads the credential storage hash digest to the blockchain, the trusted identity authentication node can share the credential storage hash digest with service nodes corresponding to all the second service systems.
Through the scheme, a user only needs to collect basic identity information in the first service system, after the collected basic identity information is verified in the trusted identity authentication platform, the technical characteristics of the blockchain and the existing capability of the trusted identity authentication platform are combined, the certificate storage hash digest corresponding to the identity authentication result certificate is uploaded to the service node in the blockchain corresponding to the second service system, and then the second service system can acquire the certificate storage hash digest from the corresponding service node according to the received authentication serial number, and verify the identity authentication result certificate according to the certificate storage hash digest. The time for requiring the user to input the basic identity information again when the related business of the second business system is handled is saved, so that the identity authentication efficiency is effectively improved.
In some embodiments, the verifying the identity authentication result credential according to the credential storage hash digest includes: and firstly checking the certificate storage hash abstract, and checking the identity authentication result certificate after the certificate storage hash abstract passes the check. In short, the certificate storage hash abstract is obtained from the blockchain for verification, the possibility of tampering of the identity authentication result certificate is eliminated by utilizing the characteristic of decentralization of the blockchain, the accurate identity authentication result certificate is ensured to be received, and then the identity authentication result certificate is verified, so that the identity authentication requirement of a second service system in handling is met. As the identity authentication result certificate has the signature of the trusted identity authentication platform, the certificate declaration body information can be trusted, and the requirement of multi-service scene identity authentication is met.
As shown in fig. 4, in a third aspect, the present application provides a trust transfer method for identity authentication behavior based on blockchain technology, which is applicable to a trusted identity authentication platform, and the method includes the following steps:
Firstly, step S401 is carried out to receive an identity authentication request sent by a first service system, wherein the identity authentication request comprises first identification information of the first service system, basic identity information of a user acquired by the first service system and second identification information of at least one second service system;
Step S402 is then entered to verify the basic identity information of the user, after verification, a certificate declaration body information containing a hash abstract of the basic identity information, the first identification information, at least one piece of second identification information and an authentication serial number is generated, and the certificate declaration body information is signed to obtain the identity authentication result certificate containing the signature;
Step S403 is then carried out to carry out hash computation on the identity authentication result certificate to obtain a certificate storage hash abstract, the certificate storage hash abstract is uploaded to the blockchain through the trusted identity authentication node, and the certificate storage hash abstract is shared to at least one service node through the blockchain, wherein the service nodes are all service nodes in the same blockchain;
And then, step S404 is entered to return the identity authentication result certificate and the authentication serial number to the first service system, so that after the first service system shares the identity authentication result certificate and the authentication serial number to the second service system, the second service system can acquire the certificate storage hash abstract from the service node according to the authentication serial number, and verify the identity authentication result certificate according to the certificate storage hash abstract.
In some embodiments, the signing the credential declaration information includes: and signing the certificate declaration information by adopting the certificate issuing private key, so that the security of the certificate declaration information and the credibility and authority of the identity authentication result certificate can be improved.
In a fourth aspect, the present application provides a trust transfer system for identity authentication behavior based on a blockchain technology, where the trust transfer system includes a first service system, at least one second service system and a trusted identity authentication platform, the first service system corresponds to first identification information, the second service system corresponds to second identification information, one second service system corresponds to one service node, the trusted identity authentication platform corresponds to a trusted identity authentication node, and the service node and the trusted identity authentication node are located in the same blockchain;
the first service system is used for sending an identity authentication request to the trusted identity authentication platform, and the identity authentication request comprises the first identification information, the basic identity information of the user collected by the first service system and at least one piece of second identification information;
The trusted identity authentication platform is used for verifying basic identity information of the user, generating credential declaration body information containing basic identity information hash abstract, the first identification information, at least one second identification information and an authentication serial number after verification is passed, and signing the credential declaration body information to obtain the identity authentication result credential containing signature; carrying out hash calculation on the identity authentication result certificate to obtain a certificate storage hash abstract, uploading the certificate storage hash abstract to the blockchain through the trusted identity authentication node, and sharing the certificate storage hash abstract to at least one service node through the blockchain;
the first service system is further configured to receive the identity authentication result credential and the authentication serial number sent by the trusted identity authentication platform, and share the identity authentication result credential and the authentication serial number to the second service system;
The second service system is used for acquiring the certificate storing hash abstract from the service node according to the authentication serial number, and verifying the identity authentication result certificate according to the certificate storing hash abstract.
In a fifth aspect, as shown in fig. 5, the present application provides a trust transfer method for identity authentication based on blockchain technology, the method being applicable to the trust transfer system according to the fourth aspect of the present application;
the method comprises the following steps:
Firstly, step S501 is entered, a first service system sends an identity authentication request to the trusted identity authentication platform, wherein the identity authentication request comprises the first identification information, the basic identity information of a user collected by the first service system and at least one piece of second identification information;
Then, entering a step S502, wherein the trusted identity authentication platform verifies the basic identity information of the user, generates credential declaration body information containing a hash abstract of the basic identity information, the first identification information, at least one second identification information and an authentication serial number after the verification is passed, and signs the credential declaration body information to obtain the identity authentication result credential containing the signature; carrying out hash calculation on the identity authentication result certificate to obtain a certificate storage hash abstract, uploading the certificate storage hash abstract to the blockchain through the trusted identity authentication node, and sharing the certificate storage hash abstract to at least one service node through the blockchain;
Then, step S503 is entered, the first service system receives the identity authentication result certificate and the authentication serial number sent by the trusted identity authentication platform, and shares the identity authentication result certificate and the authentication serial number to the second service system;
and then, the step S504 is carried out, the second service system obtains the certificate storage hash abstract from the service node according to the authentication serial number, and verifies the identity authentication result certificate according to the certificate storage hash abstract.
In this embodiment, the first service system is an initiator of identity authentication, and the second service system is a sharing party of identity authentication, that is, after a user only needs to input basic identity information in the first service system, the second service system does not need to collect the basic identity information of the user through the method disclosed by the application, and by receiving the identity authentication result certificate sent by the first service system and acquiring the certificate storage hash digest from the corresponding blockchain service node, the identity authentication operation required during handling the related flow of the second service system can be completed, thereby realizing the transmission of the identity authentication result in a plurality of service systems and effectively improving the identity authentication efficiency.
In this embodiment, the first identification information is unique identification information corresponding to the first service system, the second identification information is unique identification information corresponding to the second service system, and the first identification information and/or the second identification information may be letters, numbers, character strings, two-dimensional codes, and the like.
The scheme combines the technical characteristics of the blockchain and the existing capability of the trusted identity authentication platform, so that the trusted circulation of the true identity authentication result of the user among the multi-service systems is realized, a trusted data source of the identity is provided for the service systems, one-time authentication is realized, and the distributed independent verification of the multi-party service systems is realized, thereby meeting the supervision requirement. Meanwhile, the user does not need to input basic identity information for many times, so that the disturbance to the user is reduced, the service handling experience is improved, and the service success rate is increased.
As shown in fig. 6, in some embodiments, the shared delivery system includes a business system, an authoritative identity authentication platform (i.e., the trusted identity authentication platform described above), a business system node (i.e., the business node described above), an authoritative identity authentication platform node (i.e., the trusted identity node described above), and a blockchain. The service systems include a service system 1, a service system 2 and a service system 3, wherein the service system 1 is a first service system described in the foregoing, and the service system 2 and the service system 3 are second service systems described in the foregoing (here, only three service systems are taken as an example, and the number of service systems is not limited, and in other embodiments, the number of second service systems may be 1 or may exceed 2).
As shown in fig. 6, the actual authentication result credential flow is as follows:
(1) The service system 1 collects identity information of natural persons and service system identifiers (the identifiers of the service system 1 of a real identity authentication initiator and the identifiers of the service systems 2 and 3 of the sharing party of authentication results) initiate real identity authentication to the authoritative identity authentication platform;
(2) The authoritative identity authentication platform performs true identity authentication on natural identity information, after authentication is passed, a true identity authentication result credential (namely, the identity credential described above comprises the identifications of the service systems 1,2 and 3) is issued and signed, and the signed identity authentication result credential is the identity authentication result credential described above;
(3) The authoritative identity authentication platform distributes a true identity authentication result evidence (namely, a hash digest is obtained by carrying out hash calculation on the identity authentication result evidence) to the blockchain through an authoritative identity authentication platform node;
(4) The blockchain sends the certificate of the true identity authentication result to the sharing party node (namely the service system node 2 corresponding to the service system 2 and the service system node 3 corresponding to the service system 3) through the authoritative identity authentication platform node according to the identification of the sharing party service system;
(5) The authoritative identity authentication platform returns an authentication result and an authentication serial number to the identity authentication initiator service system 1;
(6) The initiator service system 1 transmits the authentication serial number and the signed identity authentication result certificate to the sharing party service system 2 and the sharing party service system 3;
(7) The sharing party service systems 2 and 3 respectively acquire the evidence of the true identity authentication result on the blockchain from the corresponding service system nodes according to the service system identification and the authentication serial number;
(8) The sharing party service systems 2 and 3 verify the certificate of the true identity authentication result of the authoritative identity authentication platform, verify the certificate signature of the identity authentication result after the verification is passed, and carry out subsequent service flow after the verification is passed, so as to finish the trust transfer among multiple institutions of user identity authentication behaviors.
As shown in fig. 7, the following discussion is developed with respect to the embodiment shown in fig. 6 in connection with a specific application scenario, and the flow of the credential flow of the true identity authentication result is as follows:
(1) Acquiring identity profile information (such as certificate number and name) or composite information (such as certificate number and name and validity period) and portrait information of a user through a client of a service system (namely the service system 1) of the financial institution 1, selecting a real identity authentication result by a financial institution 2 and a financial institution 3 of a credential sharing party by the service system of the financial institution 1, and initiating a real identity authentication request to an authoritative identity authentication platform;
(2) The authority identity authentication platform performs true identity authentication on submitted identity information of a user, after authentication is passed, a true identity authentication result credential (namely identity credential comprising DID information of financial institutions 1,2 and 3) is issued, and the authority identity authentication result credential (comprising DID information of financial institutions 1,2 and 3) is signed by using an authority identity authentication platform private key to obtain an identity authentication result credential, and as the result comprises the signature of the authority identity authentication platform, authority credibility of the identity credential can be proved;
(3) The authority identity authentication platform performs hash calculation on the identity authentication result certificate to obtain a certificate, and issues the certificate corresponding to the true identity authentication result certificate containing the signature to the blockchain through the corresponding blockchain node (namely the authority identity authentication platform node);
(4) The blockchain shares the certificate storage credentials corresponding to the true identity authentication result credentials containing the signature to blockchain nodes of the financial institutions 2 and 3;
(5) The authoritative identity authentication platform returns the identity authentication result certificate and the authentication serial number to the real identity authentication initiator financial institution 1;
(6) The sponsor financial institution 1 transmits the authoritative certification serial number sharing to the financial institution 2 and the financial institution 3;
(7) The financial institution 2 and the financial institution 3 acquire the certificate of the true identity authentication result on the blockchain according to the authentication serial number;
(8) The financial institutions 2 and 3 verify the certificate of the true identity authentication result of the authoritative identity authentication platform, and verify the signature after the verification is passed, so that the trust transfer of the user identity authentication behavior result is completed.
In a sixth aspect, the present application also provides a computer readable storage medium having stored thereon a computer program which when executed by the processor implements the trust transfer method of identity authentication behavior based on blockchain technology according to the first, second, third and fifth aspects of the present application.
Wherein the computer readable storage medium may be volatile memory or nonvolatile memory, or may include both volatile and nonvolatile memory.
The non-volatile Memory may be a Read Only Memory (ROM), a programmable Read Only Memory (PROM, programmable Read Only Memory), an erasable programmable Read Only Memory (EPROM, erasable Programmable Read Only Memory), an electrically erasable programmable Read Only Memory (EEPROM, ELECTRICALLY ERASABLE PROGRAMMABLE READ ONLY MEMORY), a magnetic random access Memory (FRAM, ferromagnetic random access Memory), a Flash Memory (Flash Memory), a magnetic surface Memory, an optical disk, or a compact disk Read Only (CD ROM, compact Disc Read Only Memory); the magnetic surface memory may be a disk memory or a tape memory.
The volatile memory may be a random access memory (RAM, random Access Memory) which acts as an external cache. By way of example, and not limitation, many forms of RAM are available, such as static random access memory (SRAM, static Random Access Memory), synchronous static random access memory (SSRAM, synchronous Static Random Access Memory), dynamic random access memory (DRAM, dynamic Random Access Memory), synchronous dynamic random access memory (SDRAM, synchronous Dynamic Random Access Memory), double data rate synchronous dynamic random access memory (ddr SDRAM, double Data Rate Synchronous Dynamic Random Access Memory), enhanced synchronous dynamic random access memory (ESDRAM, enhanced Synchronous Dynamic Random Access Memory), synchronous link dynamic random access memory (SLDRAM, syncLink Dynamic Random Access Memory), direct memory bus random access memory (DRRAM, direct Rambus Random Access Memory). The computer-readable storage media described in connection with the embodiments of the present invention are intended to comprise these and any other suitable types of memory.
As shown in fig. 8, in a seventh aspect, the present application provides an electronic device 10, including a processor 101 and a storage medium 102, where a computer program is stored, where the computer program, when executed by the processor, implements a trust transfer method for identity authentication behavior based on blockchain technology according to the first aspect, the second aspect, the third aspect, and the fifth aspect of the present application.
In some embodiments, the Processor may be implemented in software, hardware, firmware, or a combination thereof, and may use at least one of a Circuit, a single or multiple integrated circuits for Application SPECIFIC INTEGRATED (ASIC), a digital signal Processor (DIGITAL SIGNAL Processor, DSP), a digital signal processing device (DIGITAL SIGNAL Processing Device, DSPD), a programmable logic device (Programmable Logic Device, PLD), a field programmable gate array (Field Programmable GATE ARRAY, FPGA), a central Processor (Central Processing Unit, CPU), a controller, a microcontroller, a microprocessor, or any combination thereof, so that the Processor may perform some or all of the steps in the trust transfer method for identity authentication based on blockchain technology described in various embodiments of the present application.
Finally, it should be noted that, although the embodiments have been described in the text and the drawings, the scope of the application is not limited thereby. The technical scheme generated by replacing or modifying the equivalent structure or equivalent flow by utilizing the content recorded in the text and the drawings of the specification based on the essential idea of the application, and the technical scheme of the embodiment directly or indirectly implemented in other related technical fields are included in the patent protection scope of the application.

Claims (10)

1. A trust transfer method for identity authentication behavior based on a blockchain technology, which is suitable for a first service system, the method comprising:
Receiving basic identity information of a user, and initiating an identity authentication request to a trusted identity authentication platform, wherein the identity authentication request comprises first identification information of the first service system, the basic identity information of the user and second identification information of at least one second service system, one second service system corresponds to one service node, the trusted identity authentication platform corresponds to a trusted identity authentication node, and the service node and the trusted identity authentication node are located in the same blockchain;
Receiving an identity authentication result certificate and an authentication serial number returned by the trusted identity authentication platform, sharing the identity authentication result certificate and the authentication serial number to the second service system, so that the second service system can acquire a certificate storage hash abstract from the corresponding service node according to the authentication serial number, and completing verification of the identity authentication result certificate according to the certificate storage hash abstract;
the identity authentication result certificate is obtained according to the following mode: verifying the basic identity information of the user by the trusted identity authentication platform, generating a certificate declaration body information containing a basic identity information hash abstract, the first identification information, at least one piece of second identification information and the authentication serial number after verification is passed, and signing the certificate declaration body information to obtain the identity authentication result certificate containing the signature;
the certificate storing hash abstract in the service node is obtained according to the following mode: and carrying out hash calculation on the identity authentication result certificate by the trusted identity authentication platform to obtain a certificate storage certificate hash abstract, uploading the certificate storage certificate hash abstract to the blockchain through the trusted identity authentication node, and sharing the certificate storage certificate hash abstract to at least one service node through the blockchain.
2. The method for trust transfer of blockchain technology based identity authentication behavior of claim 1, wherein the user's basic identity information includes identity profile information or identity composite information, the identity profile information including a user name and an identity document number, the identity composite information including a user name, an identity document number, an identity document validity period, and user biometric information.
3. A trust transfer method for identity authentication based on blockchain technology, which is applicable to at least one second service system, wherein each second service system corresponds to second identification information and corresponds to one service node in a blockchain, and the method comprises:
Receiving an identity authentication result certificate and an authentication serial number sent by a first service system, acquiring a certificate storing hash abstract from a corresponding service node according to the authentication serial number, and checking the identity authentication result certificate according to the certificate storing hash abstract, wherein the first service system corresponds to first identification information;
the identity authentication result certificate is obtained according to the following mode: verifying basic identity information of a user received by the first service system by a trusted identity authentication platform, generating a certificate declaration body information containing basic identity information hash abstract, the first identification information, at least one piece of second identification information and the authentication serial number after verification is passed, and signing the certificate declaration body information to obtain the identity authentication result certificate containing signature;
The certificate storing hash abstract in the service node is obtained according to the following mode: and carrying out hash calculation on the identity authentication result certificate by the trusted identity authentication platform to obtain a certificate storage certificate hash abstract, uploading the certificate storage certificate hash abstract to a blockchain through the trusted identity authentication node, and sharing the certificate storage certificate hash abstract to at least one service node through the trusted identity authentication node, wherein the trusted identity authentication node is a blockchain node corresponding to the trusted identity authentication platform.
4. The method for trust transfer of identity authentication based on blockchain technology as in claim 3, wherein verifying the identity authentication result credential from the credential storage hash digest comprises:
And firstly checking the certificate storage hash abstract, and checking the identity authentication result certificate after the certificate storage hash abstract passes the check.
5. A trust transfer method for identity authentication behavior based on a blockchain technology, which is suitable for a trusted identity authentication platform, and is characterized by comprising the following steps:
Receiving an identity authentication request sent by a first service system, wherein the identity authentication request comprises first identification information of the first service system, basic identity information of a user acquired by the first service system and second identification information of at least one second service system;
Checking the basic identity information of the user, generating a certificate declaration body information containing a hash abstract of the basic identity information, the first identification information, at least one piece of second identification information and an authentication serial number after the basic identity information passes the check, and signing the certificate declaration body information to obtain the identity authentication result certificate containing the signature;
Carrying out hash calculation on the identity authentication result certificate to obtain a certificate storage certificate hash abstract, uploading the certificate storage certificate hash abstract to the blockchain through a trusted identity authentication node, and sharing the certificate storage certificate hash abstract to at least one service node through the blockchain, wherein the service nodes are all service nodes in the same blockchain;
And returning the identity authentication result certificate and the authentication serial number to the first service system, so that the first service system can acquire the certificate storage hash abstract from the service node according to the authentication serial number after sharing the identity authentication result certificate and the authentication serial number to the second service system, and verify the identity authentication result certificate according to the certificate storage hash abstract.
6. The blockchain technology based trust delivery method of identity authentication behavior of claim 5, wherein signing the credential declaration body information comprises:
and signing the certificate declaration information by adopting the certificate issuing private key.
7. The trust transfer system for the identity authentication behavior based on the blockchain technology is characterized by comprising a first service system, at least one second service system and a trusted identity authentication platform, wherein the first service system corresponds to first identification information, the second service system corresponds to second identification information, one second service system corresponds to one service node, the trusted identity authentication platform corresponds to a trusted identity authentication node, and the service node and the trusted identity authentication node are positioned in the same blockchain;
the first service system is used for sending an identity authentication request to the trusted identity authentication platform, and the identity authentication request comprises the first identification information, the basic identity information of the user collected by the first service system and at least one piece of second identification information;
The trusted identity authentication platform is used for verifying basic identity information of the user, generating credential declaration body information containing basic identity information hash abstract, the first identification information, at least one second identification information and an authentication serial number after verification is passed, and signing the credential declaration body information to obtain the identity authentication result credential containing signature; carrying out hash calculation on the identity authentication result certificate to obtain a certificate storage hash abstract, uploading the certificate storage hash abstract to the blockchain through the trusted identity authentication node, and sharing the certificate storage hash abstract to at least one service node through the blockchain;
the first service system is further configured to receive the identity authentication result credential and the authentication serial number sent by the trusted identity authentication platform, and share the identity authentication result credential and the authentication serial number to the second service system;
The second service system is used for acquiring the certificate storing hash abstract from the service node according to the authentication serial number, and verifying the identity authentication result certificate according to the certificate storing hash abstract.
8. A trust transfer method for identity authentication based on blockchain technology, wherein the method is applicable to the trust transfer system as claimed in claim 7;
the method comprises the following steps:
The first service system sends an identity authentication request to the trusted identity authentication platform, wherein the identity authentication request comprises the first identification information, the basic identity information of the user collected by the first service system and at least one piece of second identification information;
The trusted identity authentication platform verifies the basic identity information of the user, generates credential declaration body information containing basic identity information hash abstract, the first identification information, at least one piece of second identification information and an authentication serial number after verification is passed, and signs the credential declaration body information to obtain the identity authentication result credential containing the signature; carrying out hash calculation on the identity authentication result certificate to obtain a certificate storage hash abstract, uploading the certificate storage hash abstract to the blockchain through the trusted identity authentication node, and sharing the certificate storage hash abstract to at least one service node through the blockchain;
The first service system receives the identity authentication result certificate and the authentication serial number sent by the trusted identity authentication platform, and shares the identity authentication result certificate and the authentication serial number to the second service system;
And the second service system acquires the certificate storage hash abstract from the service node according to the authentication serial number, and verifies the identity authentication result certificate according to the certificate storage hash abstract.
9. A computer readable storage medium having stored thereon a computer program, wherein the program when executed by a processor implements a trust transfer method of identity authentication behavior based on blockchain technology as in any of claims 1-6 or 8.
10. An electronic device having stored thereon a computer program comprising a processor and a storage medium having stored thereon a computer program which, when executed by the processor, implements a trust transfer method of identity authentication behavior based on blockchain technology as in any of claims 1-6 or 8.
CN202410498033.7A 2024-04-24 2024-04-24 Trust transfer method and system for identity authentication behavior based on block chain technology Pending CN118074887A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202410498033.7A CN118074887A (en) 2024-04-24 2024-04-24 Trust transfer method and system for identity authentication behavior based on block chain technology

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202410498033.7A CN118074887A (en) 2024-04-24 2024-04-24 Trust transfer method and system for identity authentication behavior based on block chain technology

Publications (1)

Publication Number Publication Date
CN118074887A true CN118074887A (en) 2024-05-24

Family

ID=91109926

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202410498033.7A Pending CN118074887A (en) 2024-04-24 2024-04-24 Trust transfer method and system for identity authentication behavior based on block chain technology

Country Status (1)

Country Link
CN (1) CN118074887A (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2023178941A1 (en) * 2022-03-21 2023-09-28 南京大学 Digital-asset confirmation method based on hash algorithm, and digital asset tracing method based on hash algorithm
CN116886357A (en) * 2023-07-04 2023-10-13 华南理工大学 Distributed digital identity authentication method, device and medium for mobile platform
CN117435671A (en) * 2023-09-27 2024-01-23 四川新网银行股份有限公司 Legal prosecution and certification system based on blockchain technology and operation method

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2023178941A1 (en) * 2022-03-21 2023-09-28 南京大学 Digital-asset confirmation method based on hash algorithm, and digital asset tracing method based on hash algorithm
CN116886357A (en) * 2023-07-04 2023-10-13 华南理工大学 Distributed digital identity authentication method, device and medium for mobile platform
CN117435671A (en) * 2023-09-27 2024-01-23 四川新网银行股份有限公司 Legal prosecution and certification system based on blockchain technology and operation method

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
董贵山等: "基于区块链的身份管理认证研究", 《计算机科学》, vol. 45, no. 11, 15 November 2018 (2018-11-15), pages 52 - 59 *
韩菊茹等: "基于区块链的可信日志存储与验证系统", 《计算机工程》, vol. 45, no. 05, 15 May 2019 (2019-05-15), pages 13 - 17 *

Similar Documents

Publication Publication Date Title
EP3665858B1 (en) Verification of interactions system and method
CN111859348B (en) Identity authentication method and device based on user identification module and block chain technology
US11764947B2 (en) Systems and methods for storage, generation and verification of tokens used to control access to a resource
Schröder et al. Verifiable data streaming
KR101543711B1 (en) Lightweight Group Signature System and Schemes with Short Signatures
US10817967B2 (en) Method for controlling the identity of a user by means of a blockchain
CN105264819A (en) Minimal disclosure credential verification and revocation
EP1322087A2 (en) Public key infrastructure token issuance and binding
EP3629519B1 (en) System and method for generating one-time data signatures
Brunner et al. SPROOF: A Platform for Issuing and Verifying Documents in a Public Blockchain.
Abraham et al. Revocable and offline-verifiable self-sovereign identities
US9860069B2 (en) Group signature using a pseudonym
US10797885B1 (en) Systems and methods for privacy preserving distributed ledger consensus
CN111881483B (en) Resource account binding method, device, equipment and medium based on blockchain
US20230319103A1 (en) Identifying denial-of-service attacks
JP2023503607A (en) Method and device for automatic digital certificate verification
KR102465467B1 (en) The decentralized user data storage and sharing system based on DID
CN113474804A (en) Transaction and account verification method, device and storage medium of digital currency
Das et al. A secure blockchain-enabled vehicle identity management framework for intelligent transportation systems
US20230163977A1 (en) Digital signatures
CN117280346A (en) Method and apparatus for generating, providing and forwarding trusted electronic data sets or certificates based on electronic files associated with a user
US20240121109A1 (en) Digital signatures
CN118074887A (en) Trust transfer method and system for identity authentication behavior based on block chain technology
CN114503509B (en) Key-value mapping commitment system and method
CN114846765B (en) Method and apparatus for providing decentralised identity verification

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination