WO2020108152A1 - Method, device and electronic equipment for preventing misuse of identity data - Google Patents

Method, device and electronic equipment for preventing misuse of identity data Download PDF

Info

Publication number
WO2020108152A1
WO2020108152A1 PCT/CN2019/111584 CN2019111584W WO2020108152A1 WO 2020108152 A1 WO2020108152 A1 WO 2020108152A1 CN 2019111584 W CN2019111584 W CN 2019111584W WO 2020108152 A1 WO2020108152 A1 WO 2020108152A1
Authority
WO
WIPO (PCT)
Prior art keywords
identity data
user
identity
smart contract
applicable scope
Prior art date
Application number
PCT/CN2019/111584
Other languages
French (fr)
Chinese (zh)
Inventor
栗志果
Original Assignee
阿里巴巴集团控股有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 阿里巴巴集团控股有限公司 filed Critical 阿里巴巴集团控股有限公司
Publication of WO2020108152A1 publication Critical patent/WO2020108152A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints

Definitions

  • One or more embodiments of this specification relate to the field of blockchain technology, and in particular, to a method and device for preventing misuse of identity data, and electronic equipment.
  • biometrics has been widely used in various scenarios to achieve efficient and accurate identity verification.
  • the website can identify and verify the user by collecting identity data such as the user's face image and based on the corresponding face recognition and other technical means In order to provide related business functions for the verified identity information.
  • one or more embodiments of this specification provide a method, device and electronic device for preventing misuse of identity data.
  • a method for preventing misuse of identity data is proposed, which is applied to a blockchain node.
  • the method includes:
  • the smart contract is used to add restriction information related to the applicable scope to the identity data.
  • a device for preventing misuse of identity data is proposed for use in a blockchain node.
  • the device includes:
  • An obtaining unit obtaining the user's identity data, so as to authenticate the user according to the identity data
  • a calling unit calls a smart contract, and the smart contract is used to add restriction information related to the applicable scope to the identity data.
  • an electronic device including:
  • Memory for storing processor executable instructions
  • the processor executes the executable instruction to implement the method as described in the above embodiment.
  • FIG. 1 is a flowchart of a method for preventing misuse of identity data according to an exemplary embodiment.
  • FIG. 2 is a schematic diagram of a house rental scenario provided by an exemplary embodiment.
  • FIG. 3 is a schematic diagram of implementing real person authentication provided by an exemplary embodiment.
  • FIG. 4 is a schematic diagram of an anti-misuse processing for identity data provided by an exemplary embodiment.
  • FIG. 5 is a schematic structural diagram of an apparatus provided by an exemplary embodiment.
  • FIG. 6 is a block diagram of an apparatus provided by an exemplary embodiment.
  • the steps of the corresponding method are not necessarily performed in the order shown and described in this specification.
  • the method may include more or fewer steps than described in this specification.
  • the single step described in this specification may be decomposed into multiple steps for description in other embodiments; and the multiple steps described in this specification may also be combined into a single step in other embodiments. description.
  • FIG. 1 is a flowchart of a method for preventing misuse of identity data according to an exemplary embodiment. As shown in Figure 1, this method is applied to blockchain nodes and can include the following steps:
  • Step 102 Obtain the user's identity data to authenticate the user according to the identity data.
  • the user's identity data can be obtained and identity authentication can be implemented, which is not limited in this specification.
  • identity data of the user may be obtained when the preset service request initiated by the user has identity restrictions.
  • the identity authentication method may include any of the following: face recognition, real person authentication, etc., which is not limited in this specification.
  • the acquired identity data may include the face image of the user.
  • the acquired identity data may include face images, face videos, certificate images, audio (such as a specific verification code read out by the user, etc.), etc.
  • the electronic device can be configured as a blockchain node in the blockchain network, for example, the electronic device can include a server, PC, tablet Various types of computers, mobile phones, etc.
  • blockchain nodes can be carried on any form of electronic equipment, and this manual does not limit this.
  • Step 104 Determine the applicable scope of the user's declaration of the identity data.
  • the electronic device used by the user may display several alternatives, respectively corresponding to the applicable scope of application; and the user may select one or more alternatives as the application of the declared identity data range.
  • user audio, audio information contained in the user video, display content in the user video, etc. may be obtained, and the audio content or video display content may be analyzed to determine the user's application for the identity data declaration range. For example, when the user audio includes "this authentication is only used for XXX business" and so on, it indicates that the user declares that his identity data is only used for this "XXX business".
  • step 106 a smart contract is invoked, and the smart contract is used to add restriction information related to the applicable scope to the identity data.
  • the actual application scenario of the identity data can be compared with the restriction information, and the authenticity of the identity data can be determined if the two are consistent , So as to prevent the identity data from being misused or maliciously used in other scenarios.
  • the restriction information can still restrict the identity data, which helps to improve the security of the identity data.
  • the operation of adding the restriction information by calling the smart contract can be implemented automatically and efficiently on the one hand, and can avoid the unreliability caused by human participation and ensure loyalty on the other hand Implement the operation of adding restricted information.
  • the smart contract may send a processing instruction to the local device or the external device, so that the local device or the external device (which can transmit the identity data and the applicable range of information to the external device) can respond to the processing instruction, thereby identifying the identity Add the corresponding restriction information to the data.
  • a smart contract may be used to confirm whether the applicable scope is consistent with the predefined applicable scope in the smart contract.
  • one or more application scopes can be predefined in the smart contract, and when the application scope declared by the user is consistent with the predefined application scope in the smart contract, the application scope declared by the user can be determined to be valid, and the corresponding can be added accordingly Restricted information; and when the scope of application declared by the user is inconsistent with the predefined scope of application in the smart contract, it indicates that there may be user operation errors or other abnormal conditions, and it can be determined that the scope of application declared by the user is invalid.
  • the smart contract in the case where the blockchain node obtains its identity data based on the preset business request initiated by the user, the smart contract can be used to confirm the business that corresponds to the preset business request Whether the scope is consistent; when the confirmation is consistent, the applicable scope declared by the user can be determined to be valid, and corresponding restriction information can be added accordingly; and when the confirmation is inconsistent, indicating that there may be a user's operation error or other abnormal conditions, the judgment may be determined The application scope declared by the user is invalid.
  • the identity data may be visual information
  • the visual information may include image information, video information, etc., which is not limited in this specification.
  • the restriction information may include: a watermark added to the identity data to characterize the applicable range, that is, a digital watermark or an electronic watermark.
  • an identity authentication result may be generated, the identity authentication result includes the identity data and result information, and the identity authentication result and/or the digital summary information of the identity authentication result are recorded in a block Chain, so as to make the data on the blockchain publicly searchable and non-tamperable, so that the identity verification result or its digital summary can be verified from the blockchain at any time in the subsequent process.
  • the identity authentication result by recording the identity authentication result locally on the blockchain node and recording the digital summary information (such as the hash value) of the identity authentication result on the blockchain, based on the unique mapping relationship between the identity authentication result and the digital summary information , You can verify the corresponding identity authentication results based on the digital summary information, and at the same time avoid the public record of identity authentication results (especially identity data and other content) in the blockchain, which helps improve security and privacy.
  • the digital summary information such as the hash value
  • a transaction can be issued to the blockchain to record the identity authentication result or its digital summary information on the blockchain.
  • the transfer described in this specification refers to a piece of data that is created by the client of the blockchain and needs to be finally released to the distributed database of the blockchain.
  • a narrowly defined transaction refers to a value transfer issued by the user to the blockchain; for example, in the traditional Bitcoin blockchain network, the transaction can be a transfer initiated by the user in the blockchain.
  • the generalized transaction refers to a piece of business data with business intent published by the user to the blockchain; for example, the operator can build an alliance chain based on actual business needs, relying on the alliance chain to deploy some other types that have nothing to do with value transfer Online business (for example, rental business, vehicle scheduling business, insurance claims business, credit service, medical service, etc.), and in this type of alliance chain, the transaction can be a business with business intent issued by the user in the alliance chain Message or business request.
  • value transfer Online business for example, rental business, vehicle scheduling business, insurance claims business, credit service, medical service, etc.
  • FIG. 2 is a schematic diagram of a house rental scenario provided by an exemplary embodiment.
  • the mobile phone 21 can be run through the APP client of the house rental platform or the website that loads the house rental platform To provide user A with a house rental function.
  • the house leasing platform can authenticate user A to facilitate the effective management of user A’s personal identity, timely discover possible risks (such as intercepting risk users, etc.) and ensure subsequent signing The lease agreement and other agreements are true and effective.
  • the house rental platform may initiate a call request to a server 22 with real person authentication capability to call the real person authentication service provided by the server 22.
  • the server 22 may belong to the enterprise of the house rental platform, or the server 22 may belong to the third-party enterprise, which is not limited in this specification.
  • the server 22 can also provide a real-person authentication service and an identity data anti-misuse scheme based on this specification to other platforms, which is not limited in this specification.
  • FIG. 3 is a schematic diagram of implementing real person authentication provided by an exemplary embodiment.
  • the mobile phone 21 can collect an image of the user A through the camera module, so that the collected picture or video includes the face image of the user A, the image of the user A holding a valid certificate (such as an ID card), the user A executes the corresponding action image according to the instructions as identity data for user A, and the identity data is uploaded to the server 22 by the mobile phone 21, so that the server 22 can be based on face detection, face recognition, OCR certificate recognition, living body detection A variety of technical means, etc., to implement real person authentication for user A.
  • a valid certificate such as an ID card
  • the server 22 After the real person authentication is completed, the server 22 will obtain the relevant identity data of the user A, such as the face image shown on the right side of FIG. 3 or the image of the user A holding a valid certificate mentioned above. At the same time, after completing the real person authentication, the server 22 will also feedback the authentication result to the housing rental platform, and the authentication result usually contains not only the result information of "passed authentication” or "failed authentication", but also the above-mentioned identity data .
  • both the server 22 and the house rental platform have the opportunity to obtain the user A's identity data, making it possible for the server 22 and the house rental platform to misuse or maliciously steal the user A's identity data and apply it to real person authentication in other scenarios In the process of signing the agreement, etc., it will cause adverse effects.
  • FIG. 4 is a schematic diagram of an anti-misuse process for identity data provided by an exemplary embodiment.
  • user A in the process of real person authentication, can declare the applicable scope of the identity data generated at the time.
  • the server 22 can display the applicable scope confirmation interface to the user A through the mobile phone 21.
  • the applicable scope confirmation interface Contains alternatives corresponding to several predefined application ranges, so that user A can choose from the alternatives or provide a new custom application range, or server 22 does not need to provide an application range confirmation interface, but user A directly declares the corresponding Scope of application.
  • the user A can enter text on the mobile phone 21 to form the scope of application in the form of text. Or, user A may issue a voice indicating the applicable range, such as reading the alternatives passed in the applicable range confirmation interface, or user A may organize the voice content by itself.
  • the mobile phone 21 can be directly uploaded to the server 22; when the applicable scope is in voice form, the mobile phone 21 can obtain the corresponding text content through voice recognition, and upload the recognized text content to the server 22, or The mobile phone 21 can directly upload the voice to the server 22 for the server 22 to perform voice recognition and corresponding processing.
  • a client of the blockchain is configured on the server 22, that is, the server 22 itself belongs to a blockchain node in the blockchain network. Therefore, the server 22 can call a pre-generated smart contract, and the smart contract can check the applicable scope declared by the user A.
  • the smart contract may be pre-defined with several optional application ranges, and the smart contract may compare the application range declared by user A with the above optional application range; when the application range declared by user A does not belong to the optional application range When, you can output the failed test.
  • the smart contract can separately determine the applicable scope declared by user A and the current business scenario, for example, when the applicable scope declared by user A is "only for house rental", and the identity data is called by the house rental platform to the real person Generated by the authentication service, that is, the current business belongs to the "house rental", smart contract can determine that the scope of application declared by user A matches the current business belongs to the scene; and if the scope of application declared by user A is "only for house rental ", the current business belongs to the scene "house sales", the smart contract can determine that the scope of application declared by the user A does not match the current business belongs to the scene, the smart contract can output failed test.
  • the server 22 may request the user A to re-state the applicable scope of the identity data; if the output of the smart contract fails the verification within a given number of times (such as 3 times), the server 22 may determine A real person authentication fails, regardless of whether it has actually passed the real person authentication, and the server 22 should delete the user A's identity data and avoid providing the user A's identity data to the house rental platform.
  • the smart contract can only check the applicable scope declared by user A according to the predefined optional scope; or, the smart contract can only check the applicable scope declared by user A according to the scenario of the current business; or, the smart contract
  • the predefined optional application range and the current business scenario can be considered at the same time. Of course, the actual operation may not be implemented at the same time. For example, the predefined optional application range can be considered first, and then the current business scenario is considered.
  • the smart contract when the smart contract determines that the scope of application declared by user A passes the test, the smart contract can output a processing instruction for the identity data of user A, thereby adding restriction information related to the scope of declaration of user A to the identity data of user A, such as A digital watermark such as "only for house rental" can be added to the face image shown in FIG. 3, thereby forming a face image shown on the right side of FIG.
  • restriction information such as a digital watermark
  • user A's identity data when applied to other scenes, it can be quickly identified based on the digital watermark in the identity data, thereby refusing to process or facilitating retrospectively.
  • the server 22 may return a real person authentication result of the identity data to the house rental platform, the authentication result includes the result information and the identity data added with limited information, which can prevent the identity data from being misused by the house rental platform Or malicious misappropriation.
  • the server 22 can also record the authentication result into the blockchain, on the one hand, it can ensure that the authentication result cannot be tampered with, and on the other hand, it is convenient to query the blockchain ledger afterwards to trace the authentication result.
  • the server 22 can generate digital summary information (such as a hash value) of the authentication result, and record the digital summary information into the blockchain, which can also be traced back.
  • FIG. 5 is a schematic structural diagram of a device provided by an exemplary embodiment. Please refer to FIG. 5.
  • the device includes a processor 502, an internal bus 504, a network interface 506, a memory 508, and a non-volatile memory 510.
  • the processor 502 reads the corresponding computer program from the non-volatile memory 510 into the memory 508 and then runs it to form a device for preventing misuse of identity data at a logical level.
  • one or more embodiments of this specification do not exclude other implementations, such as a logic device or a combination of software and hardware, etc., that is to say, the execution body of the following processing flow is not limited to each
  • the logic unit may also be a hardware or logic device.
  • the device for preventing misuse of identity data is applied to a blockchain node.
  • the device may include:
  • the obtaining unit 61 obtains the user's identity data to authenticate the user according to the identity data;
  • the determining unit 62 determines the applicable scope of the user's declaration of the identity data
  • the calling unit 63 calls a smart contract, and the smart contract is used to add restriction information related to the applicable scope to the identity data.
  • the acquiring unit 61 is specifically configured to: when the preset service request initiated by the user has an identity restriction, acquire the identity data of the user;
  • the smart contract is also used to confirm whether the applicable scope is consistent with the business scope corresponding to the preset business request.
  • the smart contract is also used to confirm whether the applicable scope is consistent with the predefined applicable scope in the smart contract.
  • the restriction information includes: a watermark added to the identity data to characterize the applicable range.
  • Optional also includes:
  • the generating unit 64 generates an identity authentication result, and the identity authentication result includes the identity data and result information;
  • the recording unit 65 records the identity authentication result and/or the digital summary information of the identity authentication result on the blockchain.
  • the identity authentication method includes any one of the following: face recognition and real person authentication.
  • the system, device, module or unit explained in the above embodiments may be specifically implemented by a computer chip or entity, or implemented by a product with a certain function.
  • a typical implementation device is a computer, and the specific form of the computer may be a personal computer, a laptop computer, a cellular phone, a camera phone, a smart phone, a personal digital assistant, a media player, a navigation device, an email sending and receiving device, and a game control Desk, tablet computer, wearable device, or any combination of these devices.
  • the computer includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
  • processors CPUs
  • input/output interfaces network interfaces
  • memory volatile and non-volatile memory
  • the memory may include non-permanent memory, random access memory (RAM) and/or non-volatile memory in computer-readable media, such as read only memory (ROM) or flash memory (flash RAM). Memory is an example of computer-readable media.
  • RAM random access memory
  • ROM read only memory
  • flash RAM flash random access memory
  • Computer-readable media including permanent and non-permanent, removable and non-removable media, can store information by any method or technology.
  • the information may be computer readable instructions, data structures, modules of programs, or other data.
  • Examples of computer storage media include, but are not limited to, phase change memory (PRAM), static random access memory (SRAM), dynamic random access memory (DRAM), other types of random access memory (RAM), read-only memory (ROM), electrically erasable programmable read-only memory (EEPROM), flash memory or other memory technologies, read-only compact disc read-only memory (CD-ROM), digital versatile disc (DVD) or other optical storage, Magnetic tape cassettes, magnetic disk storage, quantum memory, graphene-based storage media or other magnetic storage devices or any other non-transmission media can be used to store information that can be accessed by computing devices.
  • computer-readable media does not include temporary computer-readable media (transitory media), such as modulated data signals and carrier waves.
  • first, second, third, etc. may use the terms first, second, third, etc. to describe various information, the information should not be limited to these terms. These terms are only used to distinguish the same type of information from each other.
  • first information may also be referred to as second information, and similarly, the second information may also be referred to as first information.
  • word "if” as used herein may be interpreted as "when” or “when” or “in response to a determination”.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

Disclosed are a method and device as well as a kind of electronic equipment for preventing the misuse of identity data, applicable to blockchain nodes. The method comprises the following steps: obtaining identity data of a user for performing identity authentication on the user according to the identity data (102); determining an application scope stated by the user for the identity data (104); revoking an intelligent contract, the intelligent contract being used to add on the identity data restrictive information related to the application scope (106).

Description

身份数据的防误用方法及装置、电子设备Method and device for preventing misuse of identity data, and electronic equipment 技术领域Technical field
本说明书一个或多个实施例涉及区块链技术领域,尤其涉及一种身份数据的防误用方法及装置、电子设备。One or more embodiments of this specification relate to the field of blockchain technology, and in particular, to a method and device for preventing misuse of identity data, and electronic equipment.
背景技术Background technique
在相关技术中,生物特征识别技术已经被广泛应用于各种场景下,以用于实现高效、准确的身份验证。例如,当用户希望使用某一网站提供的相关业务功能时,该网站可以通过采集该用户的人脸图像等身份数据,并基于相应的人脸识别等技术手段,对该用户进行身份识别与验证,从而针对验证后的身份信息提供相关业务功能。In related technologies, biometrics has been widely used in various scenarios to achieve efficient and accurate identity verification. For example, when a user wishes to use related business functions provided by a website, the website can identify and verify the user by collecting identity data such as the user's face image and based on the corresponding face recognition and other technical means In order to provide related business functions for the verified identity information.
发明内容Summary of the invention
有鉴于此,本说明书一个或多个实施例提供一种身份数据的防误用方法及装置、电子设备。In view of this, one or more embodiments of this specification provide a method, device and electronic device for preventing misuse of identity data.
为实现上述目的,本说明书一个或多个实施例提供技术方案如下:To achieve the above purpose, one or more embodiments of this specification provide technical solutions as follows:
根据本说明书一个或多个实施例的第一方面,提出了一种身份数据的防误用方法,应用于区块链节点,该方法包括:According to a first aspect of one or more embodiments of this specification, a method for preventing misuse of identity data is proposed, which is applied to a blockchain node. The method includes:
获取用户的身份数据,以根据所述身份数据对所述用户进行身份认证;Acquiring the user's identity data to authenticate the user according to the identity data;
确定所述用户为所述身份数据申明的适用范围;Determine the applicable scope of the user's declaration of the identity data;
调用智能合约,所述智能合约被用于为所述身份数据添加与所述适用范围相关的限制信息。Invoking a smart contract, the smart contract is used to add restriction information related to the applicable scope to the identity data.
根据本说明书一个或多个实施例的第二方面,提出了一种身份数据的防误用装置,应用于区块链节点,该装置包括:According to a second aspect of one or more embodiments of this specification, a device for preventing misuse of identity data is proposed for use in a blockchain node. The device includes:
获取单元,获取用户的身份数据,以根据所述身份数据对所述用户进行身份认证;An obtaining unit, obtaining the user's identity data, so as to authenticate the user according to the identity data;
确定单元,确定所述用户为所述身份数据申明的适用范围;A determining unit to determine the applicable scope of the user's declaration of the identity data;
调用单元,调用智能合约,所述智能合约被用于为所述身份数据添加与所述适用范围相关的限制信息。A calling unit calls a smart contract, and the smart contract is used to add restriction information related to the applicable scope to the identity data.
根据本说明书一个或多个实施例的第三方面,提出了一种电子设备,包括:According to a third aspect of one or more embodiments of this specification, an electronic device is provided, including:
处理器;processor;
用于存储处理器可执行指令的存储器;Memory for storing processor executable instructions;
其中,所述处理器通过运行所述可执行指令以实现如上述实施例中所述的方法。Wherein, the processor executes the executable instruction to implement the method as described in the above embodiment.
附图说明BRIEF DESCRIPTION
图1是一示例性实施例提供的一种身份数据的防误用方法的流程图。FIG. 1 is a flowchart of a method for preventing misuse of identity data according to an exemplary embodiment.
图2是一示例性实施例提供的一种房屋租赁场景的示意图。FIG. 2 is a schematic diagram of a house rental scenario provided by an exemplary embodiment.
图3是一示例性实施例提供的一种实施实人认证的示意图。FIG. 3 is a schematic diagram of implementing real person authentication provided by an exemplary embodiment.
图4是一示例性实施例提供的一种针对身份数据进行防误用处理的示意图。FIG. 4 is a schematic diagram of an anti-misuse processing for identity data provided by an exemplary embodiment.
图5是一示例性实施例提供的一种设备的结构示意图。FIG. 5 is a schematic structural diagram of an apparatus provided by an exemplary embodiment.
图6是一示例性实施例提供的一种装置的框图。6 is a block diagram of an apparatus provided by an exemplary embodiment.
具体实施方式detailed description
这里将详细地对示例性实施例进行说明,其示例表示在附图中。下面的描述涉及附图时,除非另有表示,不同附图中的相同数字表示相同或相似的要素。以下示例性实施例中所描述的实施方式并不代表与本说明书一个或多个实施例相一致的所有实施方式。相反,它们仅是与如所附权利要求书中所详述的、本说明书一个或多个实施例的一些方面相一致的装置和方法的例子。Exemplary embodiments will be described in detail here, examples of which are shown in the drawings. When referring to the drawings below, unless otherwise indicated, the same numerals in different drawings represent the same or similar elements. The implementations described in the following exemplary embodiments do not represent all implementations consistent with one or more embodiments of this specification. Rather, they are merely examples of devices and methods consistent with some aspects of one or more embodiments of this specification as detailed in the appended claims.
需要说明的是:在其他实施例中并不一定按照本说明书示出和描述的顺序来执行相应方法的步骤。在一些其他实施例中,其方法所包括的步骤可以比本说明书所描述的更多或更少。此外,本说明书中所描述的单个步骤,在其他实施例中可能被分解为多个步骤进行描述;而本说明书中所描述的多个步骤,在其他实施例中也可能被合并为单个步骤进行描述。It should be noted that in other embodiments, the steps of the corresponding method are not necessarily performed in the order shown and described in this specification. In some other embodiments, the method may include more or fewer steps than described in this specification. In addition, the single step described in this specification may be decomposed into multiple steps for description in other embodiments; and the multiple steps described in this specification may also be combined into a single step in other embodiments. description.
图1是一示例性实施例提供的一种身份数据的防误用方法的流程图。如图1所示,该方法应用于区块链节点,可以包括以下步骤:FIG. 1 is a flowchart of a method for preventing misuse of identity data according to an exemplary embodiment. As shown in Figure 1, this method is applied to blockchain nodes and can include the following steps:
步骤102,获取用户的身份数据,以根据所述身份数据对所述用户进行身份认证。Step 102: Obtain the user's identity data to authenticate the user according to the identity data.
在一实施例中,当存在针对用户实施身份认证的需求时,即可获取该用户的身份数据并实施身份认证,本说明书并不对此进行限制。比如,可以在该用户发起的预设业务请求存在身份限制时,获取该用户的身份数据。In an embodiment, when there is a need to implement identity authentication for a user, the user's identity data can be obtained and identity authentication can be implemented, which is not limited in this specification. For example, the identity data of the user may be obtained when the preset service request initiated by the user has identity restrictions.
在一实施例中,身份认证的方式可以包括以下任一:人脸识别、实人认证等,本说明书并不对此进行限制。当身份认证为人脸识别形式时,获取的身份数据可以包括该用户的人脸图像。当身份认证为实人认证时,获取的身份数据可以包括人脸图像、人脸视频、证件图像、音频(比如由用户读出一段特定的验证码等)等。In an embodiment, the identity authentication method may include any of the following: face recognition, real person authentication, etc., which is not limited in this specification. When the identity authentication is in the form of face recognition, the acquired identity data may include the face image of the user. When the identity authentication is real person authentication, the acquired identity data may include face images, face videos, certificate images, audio (such as a specific verification code read out by the user, etc.), etc.
在一实施例中,通过在电子设备上安装、运行区块链的客户端,可以将该电子设备配置为区块链网络中的区块链节点,比如该电子设备可以包括服务器、PC、平板电脑、手机等各种类型;换言之,区块链节点可以承载于任意形式的电子设备上,本说明书并不对此进行限制。In an embodiment, by installing and running a blockchain client on an electronic device, the electronic device can be configured as a blockchain node in the blockchain network, for example, the electronic device can include a server, PC, tablet Various types of computers, mobile phones, etc. In other words, blockchain nodes can be carried on any form of electronic equipment, and this manual does not limit this.
步骤104,确定所述用户为所述身份数据申明的适用范围。Step 104: Determine the applicable scope of the user's declaration of the identity data.
在一实施例中,用户使用的电子设备上可以展示出若干备选项,分别对应于可选的适用范围;而用户可以对一个或多个备选项进行选取,以作为其申明的身份数据的适用范围。In an embodiment, the electronic device used by the user may display several alternatives, respectively corresponding to the applicable scope of application; and the user may select one or more alternatives as the application of the declared identity data range.
在一实施例中,可以获取用户音频、用户视频中包含的音频信息、用户视频中的展示内容等,并通过对该音频内容或视频展示内容进行分析,以确定出用户为身份数据申明的适用范围。例如,当用户音频包括“本次认证仅用于XXX业务”等内容时,表明用户申明其身份数据仅用于该“XXX业务”。In one embodiment, user audio, audio information contained in the user video, display content in the user video, etc. may be obtained, and the audio content or video display content may be analyzed to determine the user's application for the identity data declaration range. For example, when the user audio includes "this authentication is only used for XXX business" and so on, it indicates that the user declares that his identity data is only used for this "XXX business".
步骤106,调用智能合约,所述智能合约被用于为所述身份数据添加与所述适用范围相关的限制信息。In step 106, a smart contract is invoked, and the smart contract is used to add restriction information related to the applicable scope to the identity data.
在一实施例中,通过为身份数据添加与适用范围相关的限制信息,可以将身份数据的实际应用场景与该限制信息进行比较,并在确认两者一致的情况下认定身份数据的真实有效性,从而避免该身份数据被误用或恶意应用于其他场景下。同时,基于身份数据与限制信息之间的关联性,即便身份数据发生泄露,该限制信息仍然可以对身份数据进行限制,有助于提升该身份数据的安全性。In one embodiment, by adding restriction information related to the scope of application to the identity data, the actual application scenario of the identity data can be compared with the restriction information, and the authenticity of the identity data can be determined if the two are consistent , So as to prevent the identity data from being misused or maliciously used in other scenarios. At the same time, based on the correlation between the identity data and the restriction information, even if the identity data is leaked, the restriction information can still restrict the identity data, which helps to improve the security of the identity data.
在一实施例中,由于智能合约的内容公开可见,使得通过调用智能合约来添加限制信息的操作,一方面可以自动化地高效实施,另一方面可以避免人为参与而造成的不可靠性、确保忠实地实施对限制信息的添加操作。In one embodiment, because the content of the smart contract is publicly visible, the operation of adding the restriction information by calling the smart contract can be implemented automatically and efficiently on the one hand, and can avoid the unreliability caused by human participation and ensure loyalty on the other hand Implement the operation of adding restricted information.
在一实施例中,智能合约可以向本地设备或外部设备发送处理指令,使得本地设备或外部设备(可将身份数据和适用范围的信息传输至外部设备)可以响应于该处理指令,从而为身份数据添加相应的限制信息。In an embodiment, the smart contract may send a processing instruction to the local device or the external device, so that the local device or the external device (which can transmit the identity data and the applicable range of information to the external device) can respond to the processing instruction, thereby identifying the identity Add the corresponding restriction information to the data.
在一实施例中,智能合约可以被用于确认:所述适用范围与所述智能合约中预定义的适用范围是否一致。换言之,智能合约中可以预定义一种或多种适用范围,而当用户申明的适用范围与智能合约中预定义的适用范围一致时,可以判定该用户申明的适用范围有效、可以据此添加相应的限制信息;而当用户申明的适用范围与智能合约中预定义的适用范围不一致时,表明可能存在用户操作失误或其他异常情况,可以判定该用户申明的适用范围无效。In an embodiment, a smart contract may be used to confirm whether the applicable scope is consistent with the predefined applicable scope in the smart contract. In other words, one or more application scopes can be predefined in the smart contract, and when the application scope declared by the user is consistent with the predefined application scope in the smart contract, the application scope declared by the user can be determined to be valid, and the corresponding can be added accordingly Restricted information; and when the scope of application declared by the user is inconsistent with the predefined scope of application in the smart contract, it indicates that there may be user operation errors or other abnormal conditions, and it can be determined that the scope of application declared by the user is invalid.
在一实施例中,在区块链节点是基于用户发起的预设业务请求而获取其身份数据的情况下,智能合约可以被用于确认所述适用范围与所述预设业务请求对应的业务范围是否一致;当确认为一致时,可以判定该用户申明的适用范围有效、可以据此添加相应的限制信息;而当确认为不一致时,表明可能存在用户操作失误或其他异常情况,可以判定该用户申明的适用范围无效。In an embodiment, in the case where the blockchain node obtains its identity data based on the preset business request initiated by the user, the smart contract can be used to confirm the business that corresponds to the preset business request Whether the scope is consistent; when the confirmation is consistent, the applicable scope declared by the user can be determined to be valid, and corresponding restriction information can be added accordingly; and when the confirmation is inconsistent, indicating that there may be a user's operation error or other abnormal conditions, the judgment may be determined The application scope declared by the user is invalid.
在一实施例中,所述身份数据可以为可视化信息,比如该可视化信息可以包括图像信息、视频信息等,本说明书并不对此进行限制。相应地,限制信息可以包括:在所述身份数据中添加的、用于表征所述适用范围的水印,即数字水印或电子水印。In an embodiment, the identity data may be visual information, for example, the visual information may include image information, video information, etc., which is not limited in this specification. Accordingly, the restriction information may include: a watermark added to the identity data to characterize the applicable range, that is, a digital watermark or an electronic watermark.
在一实施例中,可以生成身份认证结果,所述身份认证结果中包含所述身份数据和结果信息,并将所述身份认证结果和/或所述身份认证结果的数字摘要信息记录于区块链,从而利用区块链上的数据公开可查、不可篡改的特性,使得后续过程中能够随时从区块链中查证该身份认证结果或其数字摘要。其中,通过将身份认证结果记录在区块链节点本地、将身份认证结果的数字摘要信息(如哈希值)记录于区块链,那么基于身份认证结果与数字摘要信息之间的唯一映射关系,可以根据该数字摘要信息对相应的身份认证结果进行验证,同时可以避免将身份认证结果(尤其是身份数据等内容)公开记录于区块链中,有助于提升安全性与隐私性。In one embodiment, an identity authentication result may be generated, the identity authentication result includes the identity data and result information, and the identity authentication result and/or the digital summary information of the identity authentication result are recorded in a block Chain, so as to make the data on the blockchain publicly searchable and non-tamperable, so that the identity verification result or its digital summary can be verified from the blockchain at any time in the subsequent process. Among them, by recording the identity authentication result locally on the blockchain node and recording the digital summary information (such as the hash value) of the identity authentication result on the blockchain, based on the unique mapping relationship between the identity authentication result and the digital summary information , You can verify the corresponding identity authentication results based on the digital summary information, and at the same time avoid the public record of identity authentication results (especially identity data and other content) in the blockchain, which helps improve security and privacy.
在一实施例中,可以通过向区块链中发布一笔交易,从而将身份认证结果或其数字摘要信息记录于区块链。在本说明书中所描述的交易(transfer),是指通过区块链的客户端创建,并需要最终发布至区块链的分布式数据库中的一笔数据。其中,区块链中的交易,存在狭义的交易以及广义的交易之分。狭义的交易是指用户向区块链发布的一笔价值转移;例如,在传统的比特币区块链网络中,交易可以是用户在区块链中发起的一 笔转账。而广义的交易是指用户向区块链发布的一笔具有业务意图的业务数据;例如,运营方可以基于实际的业务需求搭建一个联盟链,依托于联盟链部署一些与价值转移无关的其它类型的在线业务(比如,租房业务、车辆调度业务、保险理赔业务、信用服务、医疗服务等),而在这类联盟链中,交易可以是用户在联盟链中发布的一笔具有业务意图的业务消息或者业务请求。In an embodiment, a transaction can be issued to the blockchain to record the identity authentication result or its digital summary information on the blockchain. The transfer described in this specification refers to a piece of data that is created by the client of the blockchain and needs to be finally released to the distributed database of the blockchain. Among them, there are transactions in the narrow sense and transactions in the broad sense in the blockchain. A narrowly defined transaction refers to a value transfer issued by the user to the blockchain; for example, in the traditional Bitcoin blockchain network, the transaction can be a transfer initiated by the user in the blockchain. The generalized transaction refers to a piece of business data with business intent published by the user to the blockchain; for example, the operator can build an alliance chain based on actual business needs, relying on the alliance chain to deploy some other types that have nothing to do with value transfer Online business (for example, rental business, vehicle scheduling business, insurance claims business, credit service, medical service, etc.), and in this type of alliance chain, the transaction can be a business with business intent issued by the user in the alliance chain Message or business request.
为了便于理解,下面以房屋租赁场景为例,对本说明书的技术方案进行详细描述。图2是一示例性实施例提供的一种房屋租赁场景的示意图。如图2所示,假定用户A使用手机21(或其他类型的电子设备,本说明书并不对此进行限制),该手机21上可以通过运行房屋租赁平台的APP客户端或加载房屋租赁平台的网站,以向用户A提供房屋租赁功能。在实施房屋租赁的过程中,房屋租赁平台可以对用户A进行实人认证,以便于对用户A的个人真实身份进行有效管理,及时发现可能存在的风险(如拦截风险用户等),确保后续签订的租赁合同等协议真实有效。For ease of understanding, the technical solution of this specification will be described in detail below by taking a house rental scenario as an example. FIG. 2 is a schematic diagram of a house rental scenario provided by an exemplary embodiment. As shown in FIG. 2, assuming that user A uses mobile phone 21 (or other types of electronic devices, this specification does not limit this), the mobile phone 21 can be run through the APP client of the house rental platform or the website that loads the house rental platform To provide user A with a house rental function. In the process of implementing house leasing, the house leasing platform can authenticate user A to facilitate the effective management of user A’s personal identity, timely discover possible risks (such as intercepting risk users, etc.) and ensure subsequent signing The lease agreement and other agreements are true and effective.
在一实施例中,房屋租赁平台可以通过向具有实人认证能力的服务器22发起调用请求,以调用该服务器22提供的实人认证服务。其中,服务器22可以归属于房屋租赁平台的所属企业,或者服务器22可以归属于第三方企业,本说明书并不对此进行限制。类似地,该服务器22还可以向其他平台提供实人认证服务和基于本说明书的身份数据防误用方案,本说明书并不对此进行限制。In an embodiment, the house rental platform may initiate a call request to a server 22 with real person authentication capability to call the real person authentication service provided by the server 22. Among them, the server 22 may belong to the enterprise of the house rental platform, or the server 22 may belong to the third-party enterprise, which is not limited in this specification. Similarly, the server 22 can also provide a real-person authentication service and an identity data anti-misuse scheme based on this specification to other platforms, which is not limited in this specification.
图3是一示例性实施例提供的一种实施实人认证的示意图。如图3所示,手机21可以通过摄像头模组对用户A进行图像采集,使得采集到的图片或视频中包含用户A的人脸图像、用户A手持有效证件(如身份证)的图像、用户A按照指令执行相应动作的图像等,以作为针对用户A的身份数据,并由手机21将身份数据上传至服务器22,使得服务器22可以基于人脸检测、人脸识别、OCR证件识别、活体检测等多种技术手段,对用户A实施实人认证。FIG. 3 is a schematic diagram of implementing real person authentication provided by an exemplary embodiment. As shown in FIG. 3, the mobile phone 21 can collect an image of the user A through the camera module, so that the collected picture or video includes the face image of the user A, the image of the user A holding a valid certificate (such as an ID card), the user A executes the corresponding action image according to the instructions as identity data for user A, and the identity data is uploaded to the server 22 by the mobile phone 21, so that the server 22 can be based on face detection, face recognition, OCR certificate recognition, living body detection A variety of technical means, etc., to implement real person authentication for user A.
在完成实人认证后,服务器22将获得用户A的相关身份数据,比如图3右侧所示的人脸图像或上述的用户A手持有效证件的图像等。同时,在完成实人认证后,服务器22还会将认证结果反馈至房屋租赁平台,而该认证结果中通常不仅包含“通过认证”或“未通过认证”的结果信息,还包含上述的身份数据。换言之,服务器22与房屋租赁平台都有机会获得用户A的身份数据,使得服务器22与房屋租赁平台都有可能误用或恶意盗用用户A的身份数据,将其应用于其他场景下的实人认证、协议签订等过程中,从而造成不良影响。After the real person authentication is completed, the server 22 will obtain the relevant identity data of the user A, such as the face image shown on the right side of FIG. 3 or the image of the user A holding a valid certificate mentioned above. At the same time, after completing the real person authentication, the server 22 will also feedback the authentication result to the housing rental platform, and the authentication result usually contains not only the result information of "passed authentication" or "failed authentication", but also the above-mentioned identity data . In other words, both the server 22 and the house rental platform have the opportunity to obtain the user A's identity data, making it possible for the server 22 and the house rental platform to misuse or maliciously steal the user A's identity data and apply it to real person authentication in other scenarios In the process of signing the agreement, etc., it will cause adverse effects.
为此,需要针对用户A的身份数据进行防误用处理,以避免被误用或恶意盗用至其他场景中。例如,图4是一示例性实施例提供的一种针对身份数据进行防误用处理的示意图。如图4所示,在实人认证的过程中,用户A可以申明当次产生的身份数据的适用范围,比如服务器22可以通过手机21向用户A展示适用范围确认界面,该适用范围确认界面中包含对应于若干预定义的适用范围的备选项,使得用户A可以从备选项中进行选择或者提供新的自定义适用范围,或者服务器22无需提供适用范围确认界面,而直接由用户A申明相应的适用范围。For this reason, it is necessary to perform anti-misuse processing on user A's identity data to avoid misuse or malicious misappropriation into other scenarios. For example, FIG. 4 is a schematic diagram of an anti-misuse process for identity data provided by an exemplary embodiment. As shown in FIG. 4, in the process of real person authentication, user A can declare the applicable scope of the identity data generated at the time. For example, the server 22 can display the applicable scope confirmation interface to the user A through the mobile phone 21. The applicable scope confirmation interface Contains alternatives corresponding to several predefined application ranges, so that user A can choose from the alternatives or provide a new custom application range, or server 22 does not need to provide an application range confirmation interface, but user A directly declares the corresponding Scope of application.
在申明适用范围的过程中,用户A可以在手机21上进行文字输入,以形成文字形式的适用范围。或者,用户A可以发出用于表示适用范围的语音,比如阅读适用范围确认界面中通过的备选项,或者由用户A自行组织语音内容。当适用范围为文字形式时,手机21可以直接上传至服务器22;当适用范围为语音形式时,手机21可以通过语音识别得到相应的文本内容,并将识别后的文本内容上传至服务器22,或者手机21可以直接将语音上传至服务器22,以由服务器22进行语音识别和相应处理。In the process of declaring the scope of application, the user A can enter text on the mobile phone 21 to form the scope of application in the form of text. Or, user A may issue a voice indicating the applicable range, such as reading the alternatives passed in the applicable range confirmation interface, or user A may organize the voice content by itself. When the applicable scope is in text form, the mobile phone 21 can be directly uploaded to the server 22; when the applicable scope is in voice form, the mobile phone 21 can obtain the corresponding text content through voice recognition, and upload the recognized text content to the server 22, or The mobile phone 21 can directly upload the voice to the server 22 for the server 22 to perform voice recognition and corresponding processing.
服务器22上配置有区块链的客户端,即服务器22本身属于区块链网络中的区块链节点。因此,该服务器22可以调用预先生成的智能合约,该智能合约可以对用户A申明的适用范围进行检验。例如,该智能合约中可以预先定义有若干可选适用范围,而智能合约可以将用户A申明的适用范围与上述的可选适用范围进行比较;当用户A申明的适用范围不属于可选适用范围时,可以输出未通过检验。再例如,该智能合约可以分别确定用户A申明的适用范围以及当前业务的所属场景,比如当用户A申明的适用范围为“仅用于房屋租赁”,而身份数据是由房屋租赁平台调用实人认证服务而产生,即当前业务的所属场景为“房屋租赁”,智能合约可以判定用户A申明的适用范围匹配于当前业务的所属场景;而如果用户A申明的适用范围为“仅用于房屋租赁”、当前业务的所属场景为“房屋买卖”,智能合约可以判定用户A申明的适用范围不匹配当前业务的所属场景,智能合约可以输出未通过检验。A client of the blockchain is configured on the server 22, that is, the server 22 itself belongs to a blockchain node in the blockchain network. Therefore, the server 22 can call a pre-generated smart contract, and the smart contract can check the applicable scope declared by the user A. For example, the smart contract may be pre-defined with several optional application ranges, and the smart contract may compare the application range declared by user A with the above optional application range; when the application range declared by user A does not belong to the optional application range When, you can output the failed test. As another example, the smart contract can separately determine the applicable scope declared by user A and the current business scenario, for example, when the applicable scope declared by user A is "only for house rental", and the identity data is called by the house rental platform to the real person Generated by the authentication service, that is, the current business belongs to the "house rental", smart contract can determine that the scope of application declared by user A matches the current business belongs to the scene; and if the scope of application declared by user A is "only for house rental ", the current business belongs to the scene "house sales", the smart contract can determine that the scope of application declared by the user A does not match the current business belongs to the scene, the smart contract can output failed test.
当智能合约输出未通过检验时,服务器22可以要求用户A重新申明身份数据的适用范围;如果在给定的次数(如3次)内,智能合约均输出未通过检验,服务器22可以判定对用户A实人认证失败,而不论实际上是否已通过实人认证,且服务器22应当删除用户A的身份数据,并且避免将用户A的身份数据提供至房屋租赁平台。When the output of the smart contract fails the verification, the server 22 may request the user A to re-state the applicable scope of the identity data; if the output of the smart contract fails the verification within a given number of times (such as 3 times), the server 22 may determine A real person authentication fails, regardless of whether it has actually passed the real person authentication, and the server 22 should delete the user A's identity data and avoid providing the user A's identity data to the house rental platform.
智能合约可以仅根据预定义的可选适用范围,对用户A申明的适用范围进行检验;或者,智能合约可以仅根据当前业务的所属场景,对用户A申明的适用范围进行检验; 或者,智能合约可以同时考虑预定义的可选适用范围和当前业务的所属场景,当然实际操作中不一定同时实施,比如可以先考虑预定义的可选适用范围、再考虑当前业务的所属场景。总之,当智能合约确定用户A申明的适用范围通过检验后,智能合约可以输出针对用户A的身份数据的处理指令,从而在用户A的身份数据中添加与其申明的适用范围相关的限制信息,比如可以在如图3所示的人脸图像中添加诸如“仅用于房屋租赁”等数字水印,从而形成如图4右侧所示的人脸图像。The smart contract can only check the applicable scope declared by user A according to the predefined optional scope; or, the smart contract can only check the applicable scope declared by user A according to the scenario of the current business; or, the smart contract The predefined optional application range and the current business scenario can be considered at the same time. Of course, the actual operation may not be implemented at the same time. For example, the predefined optional application range can be considered first, and then the current business scenario is considered. In short, when the smart contract determines that the scope of application declared by user A passes the test, the smart contract can output a processing instruction for the identity data of user A, thereby adding restriction information related to the scope of declaration of user A to the identity data of user A, such as A digital watermark such as "only for house rental" can be added to the face image shown in FIG. 3, thereby forming a face image shown on the right side of FIG.
通过在身份数据中添加诸如数字水印等限制信息,使得当用户A的身份数据被应用于其他场景时,可以根据该身份数据中的数字水印而快速辨识,从而拒绝办理或者便于事后追溯。By adding restriction information such as a digital watermark to the identity data, when user A's identity data is applied to other scenes, it can be quickly identified based on the digital watermark in the identity data, thereby refusing to process or facilitating retrospectively.
在一实施例中,服务器22可以向房屋租赁平台返回对身份数据的实人认证结果,该认证结果中包含结果信息和添加有限制信息的身份数据,可以避免该身份数据被房屋租赁平台误用或恶意盗用。而服务器22还可以将该认证结果记录至区块链中,这样一方面可以确保认证结果无法被篡改,另一方面便于事后查询区块链账本而对该认证结果进行追溯。当然,如果认证结果的数据量较大,服务器22可以生成该认证结果的数字摘要信息(如哈希值),并将该数字摘要信息记录至区块链中,同样可以实现事后追溯。In an embodiment, the server 22 may return a real person authentication result of the identity data to the house rental platform, the authentication result includes the result information and the identity data added with limited information, which can prevent the identity data from being misused by the house rental platform Or malicious misappropriation. The server 22 can also record the authentication result into the blockchain, on the one hand, it can ensure that the authentication result cannot be tampered with, and on the other hand, it is convenient to query the blockchain ledger afterwards to trace the authentication result. Of course, if the data volume of the authentication result is large, the server 22 can generate digital summary information (such as a hash value) of the authentication result, and record the digital summary information into the blockchain, which can also be traced back.
图5是一示例性实施例提供的一种设备的示意结构图。请参考图5,在硬件层面,该设备包括处理器502、内部总线504、网络接口506、内存508以及非易失性存储器510,当然还可能包括其他业务所需要的硬件。处理器502从非易失性存储器510中读取对应的计算机程序到内存508中然后运行,在逻辑层面上形成身份数据的防误用装置。当然,除了软件实现方式之外,本说明书一个或多个实施例并不排除其他实现方式,比如逻辑器件抑或软硬件结合的方式等等,也就是说以下处理流程的执行主体并不限定于各个逻辑单元,也可以是硬件或逻辑器件。FIG. 5 is a schematic structural diagram of a device provided by an exemplary embodiment. Please refer to FIG. 5. At the hardware level, the device includes a processor 502, an internal bus 504, a network interface 506, a memory 508, and a non-volatile memory 510. Of course, it may include hardware required for other services. The processor 502 reads the corresponding computer program from the non-volatile memory 510 into the memory 508 and then runs it to form a device for preventing misuse of identity data at a logical level. Of course, in addition to the software implementation, one or more embodiments of this specification do not exclude other implementations, such as a logic device or a combination of software and hardware, etc., that is to say, the execution body of the following processing flow is not limited to each The logic unit may also be a hardware or logic device.
请参考图6,在软件实施方式中,该身份数据的防误用装置应用于区块链节点,该装置可以包括:Please refer to FIG. 6. In the software implementation, the device for preventing misuse of identity data is applied to a blockchain node. The device may include:
获取单元61,获取用户的身份数据,以根据所述身份数据对所述用户进行身份认证;The obtaining unit 61 obtains the user's identity data to authenticate the user according to the identity data;
确定单元62,确定所述用户为所述身份数据申明的适用范围;The determining unit 62 determines the applicable scope of the user's declaration of the identity data;
调用单元63,调用智能合约,所述智能合约被用于为所述身份数据添加与所述适用范围相关的限制信息。The calling unit 63 calls a smart contract, and the smart contract is used to add restriction information related to the applicable scope to the identity data.
可选的,所述获取单元61具体用于:当所述用户发起的预设业务请求存在身份限制 时,获取所述用户的身份数据;Optionally, the acquiring unit 61 is specifically configured to: when the preset service request initiated by the user has an identity restriction, acquire the identity data of the user;
其中,所述智能合约还被用于确认所述适用范围与所述预设业务请求对应的业务范围是否一致。Wherein, the smart contract is also used to confirm whether the applicable scope is consistent with the business scope corresponding to the preset business request.
可选的,所述智能合约还被用于确认:所述适用范围与所述智能合约中预定义的适用范围是否一致。Optionally, the smart contract is also used to confirm whether the applicable scope is consistent with the predefined applicable scope in the smart contract.
可选的,当所述身份数据为可视化信息时,所述限制信息包括:在所述身份数据中添加的、用于表征所述适用范围的水印。Optionally, when the identity data is visual information, the restriction information includes: a watermark added to the identity data to characterize the applicable range.
可选的,还包括:Optional, also includes:
生成单元64,生成身份认证结果,所述身份认证结果中包含所述身份数据和结果信息;The generating unit 64 generates an identity authentication result, and the identity authentication result includes the identity data and result information;
记录单元65,将所述身份认证结果和/或所述身份认证结果的数字摘要信息记录于区块链。The recording unit 65 records the identity authentication result and/or the digital summary information of the identity authentication result on the blockchain.
可选的,所述身份认证的方式包括以下任一:人脸识别、实人认证。Optionally, the identity authentication method includes any one of the following: face recognition and real person authentication.
上述实施例阐明的系统、装置、模块或单元,具体可以由计算机芯片或实体实现,或者由具有某种功能的产品来实现。一种典型的实现设备为计算机,计算机的具体形式可以是个人计算机、膝上型计算机、蜂窝电话、相机电话、智能电话、个人数字助理、媒体播放器、导航设备、电子邮件收发设备、游戏控制台、平板计算机、可穿戴设备或者这些设备中的任意几种设备的组合。The system, device, module or unit explained in the above embodiments may be specifically implemented by a computer chip or entity, or implemented by a product with a certain function. A typical implementation device is a computer, and the specific form of the computer may be a personal computer, a laptop computer, a cellular phone, a camera phone, a smart phone, a personal digital assistant, a media player, a navigation device, an email sending and receiving device, and a game control Desk, tablet computer, wearable device, or any combination of these devices.
在一个典型的配置中,计算机包括一个或多个处理器(CPU)、输入/输出接口、网络接口和内存。In a typical configuration, the computer includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
内存可能包括计算机可读介质中的非永久性存储器,随机存取存储器(RAM)和/或非易失性内存等形式,如只读存储器(ROM)或闪存(flash RAM)。内存是计算机可读介质的示例。The memory may include non-permanent memory, random access memory (RAM) and/or non-volatile memory in computer-readable media, such as read only memory (ROM) or flash memory (flash RAM). Memory is an example of computer-readable media.
计算机可读介质包括永久性和非永久性、可移动和非可移动媒体可以由任何方法或技术来实现信息存储。信息可以是计算机可读指令、数据结构、程序的模块或其他数据。计算机的存储介质的例子包括,但不限于相变内存(PRAM)、静态随机存取存储器(SRAM)、动态随机存取存储器(DRAM)、其他类型的随机存取存储器(RAM)、只读存储器(ROM)、电可擦除可编程只读存储器(EEPROM)、快闪记忆体或其他内存技术、 只读光盘只读存储器(CD-ROM)、数字多功能光盘(DVD)或其他光学存储、磁盒式磁带、磁盘存储、量子存储器、基于石墨烯的存储介质或其他磁性存储设备或任何其他非传输介质,可用于存储可以被计算设备访问的信息。按照本文中的界定,计算机可读介质不包括暂存电脑可读媒体(transitory media),如调制的数据信号和载波。Computer-readable media, including permanent and non-permanent, removable and non-removable media, can store information by any method or technology. The information may be computer readable instructions, data structures, modules of programs, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), static random access memory (SRAM), dynamic random access memory (DRAM), other types of random access memory (RAM), read-only memory (ROM), electrically erasable programmable read-only memory (EEPROM), flash memory or other memory technologies, read-only compact disc read-only memory (CD-ROM), digital versatile disc (DVD) or other optical storage, Magnetic tape cassettes, magnetic disk storage, quantum memory, graphene-based storage media or other magnetic storage devices or any other non-transmission media can be used to store information that can be accessed by computing devices. As defined in this article, computer-readable media does not include temporary computer-readable media (transitory media), such as modulated data signals and carrier waves.
还需要说明的是,术语“包括”、“包含”或者其任何其他变体意在涵盖非排他性的包含,从而使得包括一系列要素的过程、方法、商品或者设备不仅包括那些要素,而且还包括没有明确列出的其他要素,或者是还包括为这种过程、方法、商品或者设备所固有的要素。在没有更多限制的情况下,由语句“包括一个……”限定的要素,并不排除在包括所述要素的过程、方法、商品或者设备中还存在另外的相同要素。It should also be noted that the terms "include", "include" or any other variant thereof are intended to cover non-exclusive inclusion, so that a process, method, commodity or device that includes a series of elements includes not only those elements, but also includes Other elements not explicitly listed, or include elements inherent to this process, method, commodity, or equipment. Without more restrictions, the element defined by the sentence "include one..." does not exclude that there are other identical elements in the process, method, commodity, or equipment that includes the element.
上述对本说明书特定实施例进行了描述。其它实施例在所附权利要求书的范围内。在一些情况下,在权利要求书中记载的动作或步骤可以按照不同于实施例中的顺序来执行并且仍然可以实现期望的结果。另外,在附图中描绘的过程不一定要求示出的特定顺序或者连续顺序才能实现期望的结果。在某些实施方式中,多任务处理和并行处理也是可以的或者可能是有利的。The foregoing describes specific embodiments of the present specification. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims may be performed in a different order than in the embodiments and still achieve the desired results. In addition, the processes depicted in the drawings do not necessarily require the particular order shown or sequential order to achieve the desired results. In some embodiments, multitasking and parallel processing are also possible or may be advantageous.
在本说明书一个或多个实施例使用的术语是仅仅出于描述特定实施例的目的,而非旨在限制本说明书一个或多个实施例。在本说明书一个或多个实施例和所附权利要求书中所使用的单数形式的“一种”、“所述”和“该”也旨在包括多数形式,除非上下文清楚地表示其他含义。还应当理解,本文中使用的术语“和/或”是指并包含一个或多个相关联的列出项目的任何或所有可能组合。The terminology used in one or more embodiments of this specification is for the purpose of describing particular embodiments only, and is not intended to limit one or more embodiments of this specification. The singular forms "a", "said" and "the" used in one or more embodiments of the present specification and the appended claims are also intended to include the majority forms unless the context clearly indicates other meanings. It should also be understood that the term "and/or" as used herein refers to and includes any or all possible combinations of one or more associated listed items.
应当理解,尽管在本说明书一个或多个实施例可能采用术语第一、第二、第三等来描述各种信息,但这些信息不应限于这些术语。这些术语仅用来将同一类型的信息彼此区分开。例如,在不脱离本说明书一个或多个实施例范围的情况下,第一信息也可以被称为第二信息,类似地,第二信息也可以被称为第一信息。取决于语境,如在此所使用的词语“如果”可以被解释成为“在……时”或“当……时”或“响应于确定”。It should be understood that although one or more embodiments in this specification may use the terms first, second, third, etc. to describe various information, the information should not be limited to these terms. These terms are only used to distinguish the same type of information from each other. For example, without departing from the scope of one or more embodiments of this specification, the first information may also be referred to as second information, and similarly, the second information may also be referred to as first information. Depending on the context, the word "if" as used herein may be interpreted as "when" or "when" or "in response to a determination".
以上所述仅为本说明书一个或多个实施例的较佳实施例而已,并不用以限制本说明书一个或多个实施例,凡在本说明书一个或多个实施例的精神和原则之内,所做的任何修改、等同替换、改进等,均应包含在本说明书一个或多个实施例保护的范围之内。The above are only preferred embodiments of one or more embodiments of this specification, and are not intended to limit one or more embodiments of this specification. Anything within the spirit and principle of one or more embodiments of this specification, Any modifications, equivalent replacements, improvements, etc. made should be included within the scope of protection of one or more embodiments of this specification.

Claims (13)

  1. 一种身份数据的防误用方法,应用于区块链节点,该方法包括:A method for preventing misuse of identity data is applied to blockchain nodes. The method includes:
    获取用户的身份数据,以根据所述身份数据对所述用户进行身份认证;Acquiring the user's identity data to authenticate the user according to the identity data;
    确定所述用户为所述身份数据申明的适用范围;Determine the applicable scope of the user's declaration of the identity data;
    调用智能合约,所述智能合约被用于为所述身份数据添加与所述适用范围相关的限制信息。Invoking a smart contract, the smart contract is used to add restriction information related to the applicable scope to the identity data.
  2. 根据权利要求1所述的方法,所述获取用户的身份数据,包括:当所述用户发起的预设业务请求存在身份限制时,获取所述用户的身份数据;According to the method of claim 1, the acquiring the user's identity data includes: when the preset service request initiated by the user has an identity restriction, acquiring the user's identity data;
    其中,所述智能合约还被用于确认所述适用范围与所述预设业务请求对应的业务范围是否一致。Wherein, the smart contract is also used to confirm whether the applicable scope is consistent with the business scope corresponding to the preset business request.
  3. 根据权利要求1所述的方法,所述智能合约还被用于确认:所述适用范围与所述智能合约中预定义的适用范围是否一致。According to the method of claim 1, the smart contract is also used to confirm whether the applicable scope is consistent with the predefined applicable scope in the smart contract.
  4. 根据权利要求1所述的方法,当所述身份数据为可视化信息时,所述限制信息包括:在所述身份数据中添加的、用于表征所述适用范围的水印。According to the method of claim 1, when the identity data is visual information, the restriction information includes: a watermark added to the identity data to characterize the applicable range.
  5. 根据权利要求1所述的方法,还包括:The method of claim 1, further comprising:
    生成身份认证结果,所述身份认证结果中包含所述身份数据和结果信息;Generating an identity authentication result, where the identity authentication result includes the identity data and result information;
    将所述身份认证结果和/或所述身份认证结果的数字摘要信息记录于区块链。Record the identity authentication result and/or the digital summary information of the identity authentication result on the blockchain.
  6. 根据权利要求1所述的方法,所述身份认证的方式包括以下任一:人脸识别、实人认证。According to the method of claim 1, the method of identity authentication includes any one of the following: face recognition, real person authentication.
  7. 一种身份数据的防误用装置,应用于区块链节点,该装置包括:An identity data anti-misuse device applied to a blockchain node. The device includes:
    获取单元,获取用户的身份数据,以根据所述身份数据对所述用户进行身份认证;An obtaining unit, obtaining the user's identity data, so as to authenticate the user according to the identity data;
    确定单元,确定所述用户为所述身份数据申明的适用范围;A determining unit to determine the applicable scope of the user's declaration of the identity data;
    调用单元,调用智能合约,所述智能合约被用于为所述身份数据添加与所述适用范围相关的限制信息。A calling unit calls a smart contract, and the smart contract is used to add restriction information related to the applicable scope to the identity data.
  8. 根据权利要求7所述的装置,所述获取单元具体用于:当所述用户发起的预设业务请求存在身份限制时,获取所述用户的身份数据;According to the apparatus of claim 7, the acquiring unit is specifically configured to: when the preset service request initiated by the user has an identity restriction, acquire the identity data of the user;
    其中,所述智能合约还被用于确认所述适用范围与所述预设业务请求对应的业务范围是否一致。Wherein, the smart contract is also used to confirm whether the applicable scope is consistent with the business scope corresponding to the preset business request.
  9. 根据权利要求7所述的装置,所述智能合约还被用于确认:所述适用范围与所述智能合约中预定义的适用范围是否一致。According to the apparatus of claim 7, the smart contract is also used to confirm whether the applicable scope is consistent with the predefined applicable scope in the smart contract.
  10. 根据权利要求7所述的装置,当所述身份数据为可视化信息时,所述限制信息 包括:在所述身份数据中添加的、用于表征所述适用范围的水印。The apparatus according to claim 7, when the identity data is visual information, the restriction information includes: a watermark added to the identity data to characterize the applicable range.
  11. 根据权利要求7所述的装置,还包括:The device according to claim 7, further comprising:
    生成单元,生成身份认证结果,所述身份认证结果中包含所述身份数据和结果信息;The generating unit generates an identity authentication result, and the identity authentication result includes the identity data and result information;
    记录单元,将所述身份认证结果和/或所述身份认证结果的数字摘要信息记录于区块链。The recording unit records the identity authentication result and/or the digital summary information of the identity authentication result on the blockchain.
  12. 根据权利要求7所述的装置,所述身份认证的方式包括以下任一:人脸识别、实人认证。According to the apparatus of claim 7, the identity authentication method includes any one of the following: face recognition and real person authentication.
  13. 一种电子设备,包括:An electronic device, including:
    处理器;processor;
    用于存储处理器可执行指令的存储器;Memory for storing processor executable instructions;
    其中,所述处理器通过运行所述可执行指令以实现如权利要求1-6中任一项所述的方法。Wherein, the processor executes the executable instruction to implement the method according to any one of claims 1-6.
PCT/CN2019/111584 2018-11-30 2019-10-17 Method, device and electronic equipment for preventing misuse of identity data WO2020108152A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201811453028.5A CN110032846B (en) 2018-11-30 2018-11-30 Identity data anti-misuse method and device and electronic equipment
CN201811453028.5 2018-11-30

Publications (1)

Publication Number Publication Date
WO2020108152A1 true WO2020108152A1 (en) 2020-06-04

Family

ID=67235280

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2019/111584 WO2020108152A1 (en) 2018-11-30 2019-10-17 Method, device and electronic equipment for preventing misuse of identity data

Country Status (3)

Country Link
CN (1) CN110032846B (en)
TW (1) TW202022669A (en)
WO (1) WO2020108152A1 (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110032846B (en) * 2018-11-30 2021-11-02 创新先进技术有限公司 Identity data anti-misuse method and device and electronic equipment
US10756901B2 (en) 2019-08-01 2020-08-25 Alibaba Group Holding Limited Blockchain-based identity authentication method, apparatus, and device
CN111859347B (en) * 2019-08-01 2024-07-05 创新先进技术有限公司 Identity verification method, device and equipment based on block chain
CN111885339A (en) * 2020-07-01 2020-11-03 海尔优家智能科技(北京)有限公司 Privacy processing method and device, computer-readable storage medium and electronic medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107659429A (en) * 2017-08-11 2018-02-02 四川大学 Data sharing method based on block chain
CN107862215A (en) * 2017-09-29 2018-03-30 阿里巴巴集团控股有限公司 A kind of date storage method, data query method and device
CN108038179A (en) * 2017-12-07 2018-05-15 泰康保险集团股份有限公司 Identity information authentication method and device
CN110032846A (en) * 2018-11-30 2019-07-19 阿里巴巴集团控股有限公司 The anti-misuse method and device of identity data, electronic equipment

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106453407B (en) * 2016-11-23 2019-10-15 江苏通付盾科技有限公司 Identity authentication method based on block chain, authentication server and user terminal
CN107579998A (en) * 2017-10-17 2018-01-12 光载无限(北京)科技有限公司 Personal data center and digital identification authentication method based on block chain, digital identity and intelligent contract
CN107911373B (en) * 2017-11-24 2019-09-06 中钞信用卡产业发展有限公司杭州区块链技术研究院 A kind of block chain right management method and system
CN108122109B (en) * 2017-12-15 2021-05-07 广州天宁信息技术有限公司 Electronic credential identity management method and device
CN108173850B (en) * 2017-12-28 2021-03-19 杭州趣链科技有限公司 Identity authentication system and identity authentication method based on block chain intelligent contract
CN108683646B (en) * 2018-04-28 2021-03-16 厦门美图之家科技有限公司 Authentication method and computing device
CN108769133A (en) * 2018-05-04 2018-11-06 珠海市筑巢科技有限公司 A kind of flying quality sharing method, computer installation and computer readable storage medium based on block chain

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107659429A (en) * 2017-08-11 2018-02-02 四川大学 Data sharing method based on block chain
CN107862215A (en) * 2017-09-29 2018-03-30 阿里巴巴集团控股有限公司 A kind of date storage method, data query method and device
CN108038179A (en) * 2017-12-07 2018-05-15 泰康保险集团股份有限公司 Identity information authentication method and device
CN110032846A (en) * 2018-11-30 2019-07-19 阿里巴巴集团控股有限公司 The anti-misuse method and device of identity data, electronic equipment

Also Published As

Publication number Publication date
CN110032846A (en) 2019-07-19
CN110032846B (en) 2021-11-02
TW202022669A (en) 2020-06-16

Similar Documents

Publication Publication Date Title
WO2021068636A1 (en) Block chain-based creation method, apparatus, device and system for verifiable claim
TWI762818B (en) Blockchain-based invoice creation method and device, electronic device
CN108665946B (en) Service data access method and device
TWI728678B (en) Block chain-based enterprise certification and certification tracing method, device and equipment
TWI753228B (en) Blockchain-based data verification method and device, and electronic equipment
US11127088B2 (en) Cross-blockchain interaction method, system, computer device, and storage medium
US10541806B2 (en) Authorizing account access via blinded identifiers
WO2020108152A1 (en) Method, device and electronic equipment for preventing misuse of identity data
WO2020119294A1 (en) Data sharing method, apparatus, and system, and electronic device
WO2021143497A1 (en) Infringement evidence storage method, apparatus, and device based on evidence storage blockchain
WO2020063176A1 (en) Method and device for user identity authentication in network
CN111782668B (en) Data structure reading and updating method and device and electronic equipment
US10812477B2 (en) Blockchain-based enterprise authentication method, apparatus, and device, and blockchain-based authentication traceability method, apparatus, and device
CN110768968B (en) Authorization method, device, equipment and system based on verifiable statement
CN113542288B (en) Service authorization method, device, equipment and system
CN111898139B (en) Data reading and writing method and device and electronic equipment
TW201917666A (en) Data auditing method and device
CN113468602B (en) Data inspection method, device and equipment
TW202009760A (en) Identity information identification method and device
WO2020182005A1 (en) Method for information processing in digital asset certificate inheritance transfer, and related device
TW202046152A (en) Efficient access of chainable records
WO2019210698A1 (en) Authentication method
CN110309669A (en) A kind of data mask method, device and equipment
CN114266680A (en) Block chain-based electronic contract signing method, device and system
CN112291321A (en) Service processing method, device and system

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 19890363

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 19890363

Country of ref document: EP

Kind code of ref document: A1