WO2020220412A1 - 基于零知识证明的公民隐私保护的方法、系统及存储介质 - Google Patents
基于零知识证明的公民隐私保护的方法、系统及存储介质 Download PDFInfo
- Publication number
- WO2020220412A1 WO2020220412A1 PCT/CN2019/088061 CN2019088061W WO2020220412A1 WO 2020220412 A1 WO2020220412 A1 WO 2020220412A1 CN 2019088061 W CN2019088061 W CN 2019088061W WO 2020220412 A1 WO2020220412 A1 WO 2020220412A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- information
- merkel
- citizen
- authority
- root value
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3218—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using proof of knowledge, e.g. Fiat-Shamir, GQ, Schnorr, ornon-interactive zero-knowledge proofs
- H04L9/3221—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using proof of knowledge, e.g. Fiat-Shamir, GQ, Schnorr, ornon-interactive zero-knowledge proofs interactive zero-knowledge proofs
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/50—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees
Definitions
- This application relates to the technical field of blockchain platforms, and specifically relates to a method, system and computer-readable storage medium for protecting citizen privacy based on zero-knowledge proof.
- the main purpose of this application is to provide a method, system and computer-readable storage medium for protecting citizens’ privacy based on zero-knowledge proof, aiming to solve the technical problem of exposing citizens’ private information during the review process.
- this application provides a method of citizen privacy protection based on zero-knowledge proof, which is applied to the inspection terminal and includes the steps:
- the obtained mandatory disclosure information it is determined whether the first preset condition is satisfied, and when it is determined that the first preset condition is satisfied, a privacy check request is sent to the user terminal, so that the user terminal feeds back at least the citizen’s A piece of personal privacy information and Merkel verification information;
- this application also provides a method of citizen privacy protection based on zero-knowledge proof, including the steps:
- the inspection terminal obtains the citizen's biometric information, and sends a query request including the citizen's biometric information to the authority server;
- the authority server After the authority server receives the query request including the biometric information of the citizen sent by the verification terminal, it obtains the biometric information of the citizen according to the mapping relationship between the stored Merkel root value and the biometric information Corresponding Merkel root value, and feeding back the Merkel root value, authority ID, preset hash algorithm and preset ordered Merkel tree construction rules to the verification terminal;
- the verification terminal After the verification terminal receives the Merkel root value fed back by the authority server, it obtains the mandatory disclosure information corresponding to the Merkel root value according to the authority ID and the Merkel root value, and According to the acquired mandatory disclosure information, determine whether the first preset condition is satisfied, and when it is determined that the first preset condition is satisfied, send a privacy check request to the user terminal;
- the user terminal After receiving the privacy check request, the user terminal feeds back at least one piece of personal privacy information and Merkel verification information to the verification terminal, where the Merkel verification information includes each private information corresponding to each piece of personal privacy information that is not fed back.
- the verification terminal performs calculations based on the hash algorithm, the orderly Merkel tree construction rules, various pieces of personal privacy information and Merkel verification information fed back by the user terminal, to obtain the Merkel root value to be verified, and judge the Merkel to be verified Whether the Er root value and the Merkel root value are the same, and the personal privacy information provided by the user terminal is verified according to the judgment result.
- this application also provides a citizen privacy protection system based on zero-knowledge proof, which includes:
- the inspection terminal is used to obtain the biometric information of the citizen, and send a query request including the biometric information of the citizen to the server of an authority;
- the authority server is configured to obtain the citizen's biometric identification according to the mapping relationship between the stored Merkel root value and the biometric information after receiving the query request including the citizen's biometric information sent by the verification terminal
- the Merkel root value corresponding to the information, and feedback the Merkel root value, the authority ID, the preset hash algorithm and the preset ordered Merkel tree construction rules to the verification terminal;
- the checking terminal is configured to obtain the mandatory disclosure corresponding to the Merkel root value according to the authority ID and the Merkel root value after receiving the Merkel root value fed back by the authority server Information, and determine whether the first preset condition is satisfied according to the acquired mandatory disclosure information, and when it is determined that the first preset condition is satisfied, send a privacy check request to the user terminal;
- the user terminal is used to feed back at least one piece of personal privacy information and Merkel verification information to the verification terminal after receiving the privacy check request, wherein the Merkel verification information includes each piece of personal privacy information corresponding to the feedback.
- the verification terminal is used to calculate according to the hash algorithm, the orderly Merkel tree construction rules, various pieces of personal privacy information and Merkel verification information fed back by the user terminal, to obtain the Merkel root value to be verified, and to determine the pending Verify whether the Merkel root value and the Merkel root value are the same, and verify the personal privacy information provided by the user terminal according to the judgment result.
- the present application also provides a computer-readable storage medium having a computer program stored on the computer-readable storage medium, and when the computer program is executed by a processor, the zero-knowledge proof as described above is realized The steps of the method of protecting the privacy of citizens.
- a method, system and computer-readable storage medium for protecting citizens’ privacy based on zero-knowledge proofs proposed in the embodiments of this application can obtain the citizens’ biometric information and send a query request including the citizens’ biometric information to an authority Server, so that after receiving the query request, the authority sends back the authority ID, the Merkel root value corresponding to the citizen's biometric information, the preset hash algorithm and the preset ordered Merkel tree construction Rules; according to the received authority ID and the Merkel root value fed back by the authority server, obtain the mandatory disclosure information corresponding to the Merkel root value; according to the obtained mandatory disclosure information , Determine whether the first preset condition is satisfied, and when it is determined that the first preset condition is satisfied, send a privacy check request to the user terminal, so that the user terminal feeds back at least one piece of personal privacy information of the citizen and Merkel verification Information; calculate according to the hash algorithm, orderly Merkel tree construction rules, individual private information and Merkel verification information fed back from the user terminal, obtain the Merkel root value to be verified, and determine the Merkel root to be verified Whether the
- Figure 1 is a schematic structural diagram of a hardware operating environment involved in a solution of an embodiment of the present application
- FIG. 2 is a schematic flowchart of a first embodiment of a method for applying for citizen privacy protection based on zero-knowledge proof
- FIG. 3 is a detailed flowchart of step S020 in the second embodiment of the method for applying for citizen privacy protection based on zero-knowledge proof;
- Figure 4 is a schematic flowchart of the third embodiment of the method for applying for citizen privacy protection based on zero-knowledge proof
- FIG. 5 is a detailed flowchart of step S120 in the sixth embodiment of the method for applying for citizen privacy protection based on zero-knowledge proof;
- FIG. 6 is a schematic diagram of the system architecture of the third embodiment of the method for applying for citizen privacy protection based on zero-knowledge proof
- Figure 7 is a schematic diagram of the built Merkel tree
- Figure 8 is a schematic diagram of a transaction record storing Merkel root values and mandatory disclosure information.
- Figure 1 is a schematic diagram of the hardware structure of the inspection terminal, authority server, user terminal, or blockchain platform provided in each embodiment of the application.
- the inspection terminal, authority server, user terminal, or blockchain platform It includes a communication module 10, a memory 20, a processor 30 and other components.
- the inspection terminal, authority server, or blockchain platform shown in FIG. 1 also includes more or less components than shown in the figure, or a combination of certain components, or a different component arrangement.
- the processor 30 is respectively connected to the memory 20 and the communication module 10, and a computer program is stored on the memory 20, and the computer program is executed by the processor 30 at the same time.
- the communication module 10 can be connected to external devices via a network.
- the communication module 10 can receive data sent by an external device, and can also send data, instructions, and information to the external device.
- the external device may be the inspection terminal, an authority server, a user terminal, or a blockchain platform.
- the memory 20 can be used to store software programs and various data.
- the memory 20 may mainly include a storage program area and a storage data area, where the storage program area can store an operating system, at least one application program required for a function (building a Merkel tree), etc.; Data or information created by the use of institutional servers, user terminals or blockchain platforms.
- the memory 20 may include a high-speed random access memory, and may also include a non-volatile memory, such as at least one magnetic disk storage device, a flash memory device, or other volatile solid-state storage devices.
- the processor 30 is the control center of the inspection terminal, authority server, user terminal or blockchain platform, and uses various interfaces and lines to connect the corresponding inspection terminal, authority server, user terminal or various parts of the blockchain platform. By running or executing the software programs and/or modules stored in the memory 20, and calling the data stored in the memory 20, various functions and processing data of the inspection terminal, authority server, user terminal or blockchain platform are executed accordingly , Which corresponds to the overall monitoring and inspection terminal, authority server, user terminal or blockchain platform.
- the processor 30 may include one or more processing units; preferably, the processor 30 may integrate an application processor and a modem processor, where the application processor mainly processes the operating system, user interface, application programs, etc., the modem The processor mainly deals with wireless communication. It can be understood that the above modem processor may not be integrated into the processor 30.
- the above-mentioned inspection terminal, authority server, user terminal, or blockchain platform may also include a circuit control module, which is used to connect to the mains to realize power control and ensure the normal operation of other components.
- FIG. 1 does not constitute a limitation on the inspection terminal, authority server, user terminal, or blockchain platform. Including more or less parts than shown, or combining some parts, or different parts arrangement.
- the zero-knowledge proof-based citizen privacy protection method includes the steps:
- Step S010 Obtain the citizen's biometric information, and send a query request including the citizen's biometric information to the authority server, so that the authority will feed back the authority ID and the citizen's biometric information after receiving the query request Corresponding Merkel root value, preset hash algorithm and preset ordering Merkel tree construction rules;
- the ordered Merkel tree construction rule refers to a rule for sorting the positions of all nodes in each layer in the corresponding layer when constructing an effective Merkel tree.
- the node position sorting rule can be based on The hash value of each node in each layer is arranged from left to right in order from small to large or from large to small.
- the inspection terminal can obtain citizen identification information through a video surveillance network, a fingerprint identification device, a voiceprint identification device, an iris identification device, a DNA detection device or other terminals. It can also be an internally embedded biometric identification device that directly acquires the biometric identification information. information.
- the inspection terminal sends the biometric information to the authority service.
- the authority server receives the query request including the biometric information, it obtains the Merkel root value corresponding to the biometric information according to the pre-stored Merkel root value and the mapping relationship between the biometric information, and compares the Merkel root value to the biometric information.
- the value, the authority ID, the hash algorithm used to construct the Merkel tree, and the ordering Merkel tree construction rules are sent to the inspection terminal.
- the hash algorithm can be MD4 algorithm, MD5 algorithm, SHA-1, SHA-256, SHA-512, national secret algorithm or other hash algorithms, which are not limited here.
- Step S020 Obtain mandatory disclosure information corresponding to the Merkel root value according to the received authority ID and the Merkel root value fed back by the authority server;
- the verification terminal After the verification terminal receives the Merkel root value, the authority ID, the hash algorithm and the orderly Merkel tree construction rules fed back by the authority server, it sends the mandatory public information including the Merkel root value and the authority ID
- the query request is sent to the blockchain platform, and the blockchain platform feeds back the mandatory public information corresponding to the queried Merkel root value to the inspection terminal.
- the inspection terminal may also send a mandatory public information query request including the Merkel root value to an authority server, and the authority server feeds back the mandatory public information corresponding to the queried Merkel root value to the inspection terminal.
- Step S030 Determine whether the first preset condition is satisfied according to the acquired mandatory disclosure information, and when it is determined that the first preset condition is satisfied, send a privacy check request to the user terminal, so that the user terminal feeds back the At least one piece of personal privacy information of citizens and Merkel verification information;
- the inspection terminal determines whether each piece of personal information in the mandatory disclosure information meets the first preset condition, and when any piece of personal information meets the first preset condition, it sends a privacy inspection request to the user terminal.
- the first preset condition is one of the fugitive, drug addict, and Lao Lai.
- the inspection terminal will send a privacy inspection request to the user terminal. After receiving the privacy check request, the user terminal will feed back at least one piece of personal privacy information and Merkel verification information to the verification terminal.
- the Merkel verification information includes at least one Merkel node other than the respective Merkel node corresponding to each piece of personal information fed back
- the hash value of other nodes may include the hash value of at least one other node other than the Merkel node corresponding to each piece of personal information fed back and the corresponding layer. You can also enter at least one piece of personal privacy information and Merkel verification information on the inspection terminal.
- These nodes in the Merkel verification information are the hashes of all nodes except the Merkel node corresponding to the personal information that are necessary for the hash calculation path from the Merkel node corresponding to the personal information to the Merkel root value. Value, or the hash value of all nodes outside the Merkel node corresponding to personal information and the corresponding layer. If the fastest hash calculation path is used, Merkel verification information is a set of ordered node hashes Value, the order of arrangement is the order in which the hash value is used in the process of calculating the Merkel root value. If the non-fastest hash calculation path is adopted, Merkel's verification information is the hash value of each node and the corresponding layer. For example, the personal privacy information is the name of P1 in Figure 7.
- the hash calculation path from the node location corresponding to the name to the Merkel root can be B+CD+EF, B+C+D+EF or B+C+D+ E+F, where the hash calculation path of B+CD+EF is the fastest hash calculation path, and the hash calculation path of B+C+D+E+F is the slowest hash calculation path.
- Merkel verification information is an ordered array of node hash values ⁇ hash(P2), hash(C+D), hash(E+F) ⁇ .
- Merkel's verification information includes the hash value of node B and the layer it belongs to, and the hash value of node C and the layer it belongs to are the first layer.
- the hash value of node D and its belonging layer are the first layer, and the hash value of node EF and its belonging layer are the third layer. If the user terminal feeds back two pieces of personal privacy information, such as the name of P1 and the place of birth of P3 in Figure 7, the hash calculation path can be B+D+EF (the fastest hash calculation path) or B+D+E+ F.
- Step S040 Calculate according to the hash algorithm, the ordered Merkel tree construction rule, each piece of personal privacy information and Merkel verification information fed back by the user terminal to obtain the Merkel root value to be verified, It is judged whether the Merkel root value to be verified is the same as the Merkel root value, and the personal privacy information provided by the user terminal is verified according to the judgment result.
- the inspection terminal uses the obtained hash algorithm and ordered Merkel tree construction rules to calculate layer by layer according to each piece of personal privacy information and Merkel verification information provided by citizens to obtain the Merkel root value to be verified.
- the private information to be verified is the plaintext information of "Birthplace: Yantai, Shandong” in Figure 7 and Merkel verification information, where Merkel verification information is the hash value hash (P4) of node D in Figure 7, node AB
- Merkel verification information is the hash value hash (P4) of node D in Figure 7, node AB
- the ordering Merkel tree construction rule is to arrange the nodes of the same layer from left to right from small to large position.
- the verification terminal uses a hash algorithm to calculate the to-be-verified Merkel root value hash (ABCD+EF) for the private information to be verified. After obtaining the Merkel root value to be verified, determine whether the Merkel root value to be verified and the Merkel root value corresponding to the biometric information obtained by the inspection terminal are the same. If so, the private information to be verified is true, if not, it is to be verified Private information is false.
- ABSCD+EF to-be-verified Merkel root value hash
- the biometric information of the citizen is acquired, and the query request including the biometric information of the citizen is sent to the authority server, so that the authority sends back the authority ID and the citizen’s biometric identification after receiving the query request.
- the Merkel root value corresponding to the information, the preset hash algorithm and the preset ordering Merkel tree construction rules according to the received authority ID and the Merkel feedback from the authority server Root value, obtain the mandatory disclosure information corresponding to the Merkel root value; determine whether the first preset condition is satisfied according to the obtained mandatory disclosure information, and when it is determined that the first preset condition is satisfied, send a privacy check Request to the user terminal so that the user terminal feeds back at least one piece of personal privacy information and Merkel verification information of the citizen; according to the hash algorithm, the orderly Merkel tree construction rules, and the individual privacy items fed back by the user terminal Information and Merkel verification information are calculated to obtain the Merkel root value to be verified, determine whether the Merkel root value to be verified and the Merkel root value are the same, and based on the judgment result, the personal privacy provided by the user terminal
- the step S020 includes:
- Step S021 Send a query request including the Merkel root value and the authority ID to the blockchain platform, so that the blockchain platform will feed back the information corresponding to the authority ID after receiving the query request.
- At least one Merkel root value that is the same as the Merkel root value, corresponding mandatory public information, corresponding digital signature, and corresponding storage time;
- Step S022 selecting the Merkel root value with the closest storage time from the Merkel root values corresponding to the received authority ID and that are the same as the Merkel root value;
- Step S023 According to the authority ID, obtain the first public key of the authority server corresponding to the authority ID, and use the first public key to perform the digital signature on the selected Merkel root value with the closest storage time. verification;
- step S024 if the verification is passed, select the Merkel root value corresponding to the mandatory disclosure information with the most recent storage time, and use it as the mandatory disclosure information of the citizen.
- multiple identical Merkel root values may be stored on the blockchain platform. Some of these Merkel root values may be sent by authority servers corresponding to different authority IDs, and some may be sent by non-authoritative organizations. Sent by the authority server. After obtaining the Merkel root value, the inspection terminal will send a query request including the Merkel root value and the authority ID to the blockchain platform. After receiving the query request, the blockchain platform selects each Merkel root value corresponding to the authority ID and the same as the Merkel root value from the stored Merkel root values, and selects the selected Merkel root values. The Ergen value and corresponding mandatory public information, digital signature and storage time are sent to the inspection terminal.
- the verification terminal After the verification terminal receives each Merkel root value sent by the blockchain platform, the corresponding mandatory public information, digital signature, and storage time, select the Merkel root value with the closest storage time from these Merkel root values, and then According to the authority ID, obtain the first public key of the authority ID, and use the first public key to verify the digital signature of the Merkel root value with the most recent storage time. If the verification passes, the inspection terminal selects the Merkel with the most recent storage time.
- the root value corresponds to mandatory disclosure information and serves as the mandatory disclosure information of the Merkel root value. This embodiment provides a strategy for obtaining mandatory public information from a blockchain platform, ensuring that the obtained mandatory public information is true.
- the method for protecting citizen privacy based on zero-knowledge proof includes steps:
- Step S10 the inspection terminal obtains the biometric information of the citizen, and sends a query request including the biometric information of the citizen to the server of an authority;
- Step S20 After the authority server receives the query request including the citizen's biometric information sent by the verification terminal, it acquires the citizen's biometric information according to the mapping relationship between the stored Merkel root value and the biometric information.
- the Merkel root value corresponding to the biometric information, and feeding back the Merkel root value, the authority ID, the preset hash algorithm and the preset ordered Merkel tree construction rules to the verification terminal;
- the verification terminal after obtaining the biometric information, sends a query request including the citizen's biometric information to the authority server.
- the authority server After receiving the query request, the authority server obtains the Merkel root value corresponding to the biometric information according to the pre-stored mapping relationship between the Merkel root value and the biometric information, and combines the Merkel root value and the authority ID , Hash algorithm and ordered Merkel tree construction rules are sent to the inspection terminal.
- Step S30 After receiving the Merkel root value fed back by the authority server, the verification terminal obtains the mandatory disclosure corresponding to the Merkel root value according to the authority ID and the Merkel root value. information;
- the verification terminal After receiving the Merkel root value, authority ID, hash algorithm and orderly Merkel tree construction rules from the authority server, the verification terminal sends a mandatory public information query request including the Merkel root value and authority ID To the blockchain platform, the blockchain platform feeds back the mandatory public information corresponding to the queried Merkel root value to the inspection terminal.
- the inspection terminal may also send a mandatory public information query request including the Merkel root value to the authority server, and the authority server will feed back each piece of mandatory public information corresponding to the queried Merkel root value to the inspection terminal.
- Step S40 The verification terminal determines whether the first preset condition is satisfied according to the acquired mandatory disclosure information, and when it is determined that the first preset condition is satisfied, sends a privacy check request to the user terminal;
- the inspection terminal After the inspection terminal obtains the mandatory disclosure information, it determines whether each mandatory disclosure information meets the first preset condition, and when any piece of mandatory disclosure information meets the first preset condition, it sends a privacy inspection request to the user terminal.
- Step S50 After receiving the privacy check request, the user terminal feeds back at least one piece of personal privacy information and Merkel verification information to the verification terminal, wherein the Merkel verification information includes corresponding pieces of personal privacy information except the feedback.
- the user terminal After receiving the privacy check request, the user terminal feeds back at least one piece of personal privacy information and Merkel verification information to the verification terminal, where the Merkel verification information includes at least one other than each Merkel node corresponding to each piece of personal information fed back
- the hash value of other nodes may include the hash value of at least one other node other than the Merkel node corresponding to each piece of personal information fed back and the corresponding layer. You can also enter personal privacy information and Merkel verification information on the inspection terminal.
- step S60 the verification terminal performs calculations based on the hash algorithm, the orderly Merkel tree construction rules, the pieces of personal privacy information fed back by the user terminal, and the Merkel verification information to obtain the Merkel root value to be verified, and determine Verify whether the Merkel root value and the Merkel root value are the same, and verify the personal privacy information provided by the user terminal according to the judgment result.
- the inspection terminal will use the obtained hash algorithm and the layer according to each piece of personal information provided by the citizen and the hash value and layer of other nodes except the Merkel node corresponding to each piece of personal information provided by the citizen. Ordered Merkel tree construction rules calculate the hash value layer by layer, and finally obtain the Merkel root value. After the Merkel root value to be verified is obtained, it is determined whether the Merkel root value to be verified is the same as the Merkel root value corresponding to the biometric information obtained before the inspection terminal. If the Merkel root value is the same, it is determined that the private information provided by the user terminal is true. When the Merkel root value to be verified is not the same as the Merkel root value, it is determined that the private information provided by the user terminal is false.
- the biometric information of the citizen is obtained through the inspection terminal, and a query request including the biometric information of the citizen is sent to the authority server; the authority server receives the query request including the biometric information of the citizen sent by the inspection terminal Then, according to the mapping relationship between the stored Merkel root value and the biometric information, the Merkel root value corresponding to the citizen’s biometric information is obtained, and the Merkel root value, authority ID, preset The hash algorithm and the preset ordering Merkel tree construction rules are fed back to the inspection terminal; after the inspection terminal receives the Merkel root value fed back by the authority server, it is based on the authority ID and the Merkel root Value, the mandatory disclosure information corresponding to the Merkel root value is obtained; the inspection terminal determines whether the first preset condition is satisfied according to the obtained mandatory disclosure information, and when it is determined that the first preset condition is satisfied, it sends privacy The verification request is sent to the user terminal; after receiving the privacy verification request, the user terminal feeds back at least one piece of personal privacy information and Merkel verification information to the verification terminal, wherein the
- the fourth embodiment of the method for protecting citizens’ privacy based on zero-knowledge proofs of this application is proposed.
- the privacy The inspection request also includes the inspection authority level; the step S50 also includes:
- Step S51 After receiving the privacy check request, the user terminal, according to the received check authority level and the preset authority level of each piece of personal private information, feeds back each piece of personal private information corresponding to the same authority level as the check authority level Personal privacy information and Merck verification information are sent to the inspection terminal.
- the user terminal when the privacy inspection request sent by the inspection terminal also includes the inspection authority level, after receiving the privacy inspection request, the user terminal will select each piece of personal information with a preset authority level not higher than the inspection authority level and send it to the office.
- the inspection terminal The more private the personal information, the higher the authority level of the personal information, and the higher the authority to check.
- the authority level of personal information can also be lower as the information becomes more private.
- the user terminal after the user terminal receives the privacy inspection request, it will select individual pieces of personal information with an authority level not lower than the inspection authority level to feed back to the inspection terminal . Therefore, according to the inspector's authority level, the privacy information of the corresponding authority level is provided to the inspector, so that the private information of the citizens is protected by levels.
- step S10 It also included:
- Step S70 The authority server receives the citizen ID sent by each user terminal and at least one piece of personal information corresponding to the citizen ID;
- Step S80 When the number of received personal information corresponding to the citizen ID is greater than or equal to two, the authority server divides each piece of personal information into personal privacy information or mandatory disclosure information according to a second preset condition. ;
- Step S90 The authority server creates an information file corresponding to the citizen ID according to the received pieces of personal information corresponding to the citizen ID and the information category corresponding to each piece of personal information, wherein the information file includes the At least two pieces of personal information corresponding to the citizen ID and an information file of the information category corresponding to each piece of personal information;
- step S100 the authority server uses a preset hash algorithm, a preset ordered Merkel tree construction rule and each piece of personal information in the information file to construct the first Merkel corresponding to the file number. Tree, and create a mapping relationship between the Merkel root value of the first Merkel tree and the biometric information of the citizen ID according to the first Merkel tree and the biometric information of the citizen ID stored in advance;
- Step S110 the authority server signs the Merkel root value of the first Merkel tree and the mandatory public information in the information file according to the first private key, and generates a first digital signature
- Step S120 the authority server stores the information including the authority ID, the Merkel root value of the first Merkel tree, the first digital signature and the mandatory disclosure information in the information file in the block Chain platform.
- the authority server receives the citizen ID sent by the user terminal and the citizen ID corresponds to at least one piece of personal information.
- each piece of personal information is divided into one of the two categories of personal privacy information or mandatory disclosure of information.
- the second preset condition may be a preset information category. If the personal information meets the preset information category, it is classified as mandatory disclosure information, and if it does not meet the preset information category, it is classified as personal private information.
- the authority server uses the preset hash algorithm, the preset orderly Merkel tree construction rules, and each piece of personal information in the information file to construct the first Merkel corresponding to the citizen ID tree.
- the mapping relationship between the Merkel root value of the first Merkel tree created and the biometric information of the citizen ID is stored in the Merkel root value and biometric information mapping relationship table.
- each piece of personal information is assigned a specific value, and a hash algorithm is used to calculate the personal information and the corresponding specific value to obtain the hash value corresponding to the piece of personal information.
- the specific value can be randomly generated by the authority server, or uploaded by the terminal.
- the user terminal can send an information document acquisition request including the citizen ID to the authority server, and the authority server will send the information file corresponding to the citizen ID and the authority ID to the user terminal.
- the terminal constructs the first Merkel tree according to the hash algorithm corresponding to the authority ID, the ordered Merkel tree construction rules, and the information file corresponding to the citizen ID, so as to obtain the data in the first Merkel tree.
- the authority server can also directly send the first Merkel tree corresponding to the citizen ID to the user terminal.
- the authority server uses the first private key to sign the Merkel root value of the first Merkel tree and the mandatory public information in the information file to generate the first digital signature, and then include the Merkel root of the first Merkel tree
- the information of the value, the first digital signature, the mandatory disclosure information, and the authority ID is sent to the blockchain platform so that the blockchain platform stores the information.
- the step S80 It also includes:
- Step S130 The authority server sets different authority levels for each piece of personal information corresponding to the received citizen ID according to a third preset condition
- step S90 includes:
- the authority server creates an information file corresponding to the citizen ID according to the received pieces of personal information corresponding to the citizen ID, the information category corresponding to each piece of personal information, and the corresponding authority level, wherein the information file includes The information file of at least two pieces of personal information corresponding to the citizen ID, the information category corresponding to each piece of personal information, and the corresponding authority level.
- the authority server after the authority server divides each piece of personal information into personal private information or compulsory disclosure according to the second preset condition, the authority server then sets the setting for each piece of personal information according to the third preset condition Different permission levels. After setting the information authority level, an information file is created for the citizen ID.
- the information file includes at least two pieces of personal information corresponding to the citizen ID, the information category corresponding to each piece of personal information, and the corresponding authority level. Therefore, by setting different authority levels for personal information, it is ensured that only people with certain authority can access personal information.
- the step S120 includes:
- Step S121 the authority server invokes the smart contract on the blockchain platform to create an authority ID, the Merkel root value of the first Merkel tree, the first digital signature and the information The first transaction record of mandatory disclosure of information in the file;
- Step S122 The authority server stores the first transaction record to the blockchain platform.
- the authority server invokes the smart contract on the blockchain platform to generate a transaction, and then it will include the authority ID, the Merkel root value of the first Merkel tree, the first digital signature and the information file
- the mandatory public information information is written in the transaction record, and then the transaction record is stored in the called smart contract on the blockchain platform.
- Figure 8 is the transaction record that stores the Merkel root value, Input
- the string ending with aecb88 in Data is the information including Merkel root value, digital signature and mandatory disclosure information, and the information in From is the authority ID. Therefore, the Merkel root value and mandatory public information are written into the transaction record and stored on the blockchain platform to ensure that the Merkel root value is not easily modified.
- the seventh embodiment of the zero-knowledge proof-based citizen privacy protection method of the present application is proposed.
- the step S120 It also includes:
- Step S140 The authority server receives an update request sent by any user terminal, where the update request includes the citizen ID and at least one piece of personal information;
- Step S150 The authority server classifies each piece of personal information in the update request as personal private information or mandatory disclosure information according to the second preset condition;
- Step S160 the authority server updates the information file corresponding to the citizen ID and generates new information of the citizen ID according to the information file corresponding to the citizen ID, each piece of personal information in the update request, and the corresponding information category File, the new information file includes each piece of personal information and the information category corresponding to each piece of personal information;
- Step S170 The authority server uses a preset hash algorithm, a preset orderly Merkel tree construction rule, and each piece of personal information in the new information file to construct a second file number corresponding to the file number in the update request.
- Merkel tree and create a mapping relationship between the Merkel root value of the second Merkel tree and the biometric information of the citizen ID according to the second Merkel tree and the biometric information of the citizen ID stored in advance And deleting the mapping relationship between the Merkel root value of the first Merkel tree and the biometric information of the citizen ID;
- Step S180 the authority server uses the first private key to sign the Merkel root value of the second Merkel tree and the mandatory public information in the new information file to generate a second digital signature;
- Step S190 the authority stores the information including the authority ID, the Merkel root value of the second Merkel tree, the second digital signature and the mandatory disclosure information in the new information file to the blockchain platform .
- each piece of personal information in the update request is divided into personal private information. Or compulsorily disclose the information, and then update the information file corresponding to the citizen ID according to each piece of personal information in the update request and the information file corresponding to the citizen ID.
- the second Merkel tree corresponding to the new information file will be generated according to the preset hash algorithm and the new information file, and the Merkel root value of the first Merkel tree and the said
- the mapping relationship of the biometric information of the citizen ID, the mapping relationship between the Merkel root value of the second Merkel tree and the biometric information of the citizen ID is created, and the Merkel root value of the second Merkel tree
- the mapping relationship with the biometric information of the citizen ID is stored in a preset mapping relationship table between Merkel root value and the citizen biometric information.
- the authority server uses the first private key to sign the Merkel root value of the second Merkel tree and the mandatory public information in the new information file to generate a second digital signature, which will include the second Merkel tree’s
- the Merkel root value, the second digital signature, and the mandatory public information and authority ID information in the new information file are stored on the blockchain platform.
- the system includes an inspection terminal 100, an authority server 200, and a user terminal 300.
- the inspection terminal 100 is used to obtain the biometric information of the citizen, and send a query request including the biometric information of the citizen to the authority server 200;
- the authority server 200 is configured to, after receiving a query request including the citizen’s biometric information sent by the verification terminal 100, obtain the citizen’s information according to the pre-stored Merkel root value and the biometric information mapping relationship.
- the Merkel root value corresponding to the biometric information, and the Merkel root value, the authority ID, the preset hash algorithm and the preset ordered Merkel tree construction rules are fed back to the verification terminal 100 ;
- the verification terminal 100 is configured to obtain the Merkel root value corresponding to the Merkel root value according to the authority ID and the Merkel root value after receiving the Merkel root value fed back by the authority server 200 Mandatory disclosure of information, and determine whether the first preset condition is satisfied based on the obtained mandatory disclosure information, and when it is determined that the first preset condition is satisfied, send a privacy check request to the user terminal 300;
- the user terminal 300 is configured to feed back at least one piece of personal privacy information and Merkel verification information to the verification terminal 100 after receiving the privacy check request, wherein the Merkel verification information includes the corresponding pieces of personal privacy information except the feedback
- the verification terminal 100 is used to calculate according to the hash algorithm, the orderly Merkel tree construction rules, various pieces of personal privacy information and Merkel verification information fed back by the user terminal, to obtain the Merkel root value to be verified, and to determine Whether the Merkel root value to be verified is the same as the Merkel root value, and the personal privacy information provided by the user terminal 300 is verified according to the judgment result.
- the above system has all the technical features of the third embodiment of the method for protecting citizen privacy based on zero-knowledge proof.
- the specific interaction process is performed with reference to the embodiment of the foregoing method, and it also has all the technical effects of the embodiment of the foregoing method.
- the application also proposes a computer-readable storage medium on which a computer program is stored.
- the computer-readable storage medium may be the memory 20 in FIG. 1, or may be a ROM (Read-Only Memory)/RAM (Random Access At least one of Memory), a magnetic disk, and an optical disk.
- the computer-readable storage medium includes a number of information to enable the inspection terminal, authority server, user terminal, and/or blockchain platform to execute the procedures described in the various embodiments of this application. method.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
Description
Claims (20)
- 一种基于零知识证明的公民隐私保护的方法,其中,应用于查验终端,包括步骤:获取公民的生物识别信息,发送包括所述公民的生物识别信息的查询请求至权威机构服务器,以使权威机构接收到所述查询请求后反馈权威机构ID、所述公民的生物识别信息对应的默克尔根值、预设的哈希算法和预设的有序默克尔树构建规则;根据接收到的所述权威机构服务器反馈的所述权威机构ID和所述默克尔根值,获取所述默克尔根值对应的强制公开信息;根据获取到的所述强制公开信息,判断是否满足第一预设条件,并当确定满足第一预设条件时,发送隐私查验请求至用户终端,以使所述用户终端反馈所述公民的至少一条个人隐私信息和默克尔验证信息;根据所述哈希算法、所述有序默克尔树构建规则、所述用户终端反馈的各条个人隐私信息和默克尔验证信息进行计算,获得待验证默克尔根值,判断待验证默克尔根值和所述默克尔根值是否相同,并根据判断结果,对用户终端提供的个人隐私信息进行验证。
- 根据权利要求1所述的基于零知识证明的公民隐私保护的方法,其中,所述根据接收到的所述权威机构ID和所述默克尔根值,获取所述默克尔根值对应的强制公开信息的步骤包括:发送包括所述默克尔根值和所述权威机构ID的查询请求至区块链平台,以使所述区块链平台接收到所述查询请求后反馈所述权威机构ID对应的至少一个与所述默克尔根值相同的默克尔根值、对应的强制公开信息、对应的数字签名和对应的存储时间;从接收到的所述权威机构ID对应的与所述默克尔根值相同各默克尔根值中选择存储时间最近的默克尔根值;根据所述权威机构ID,获取权威机构ID对应的权威机构服务器的第一公钥,并采用所述第一公钥对选择的存储时间最近的默克尔根值对应的数字签名进行验证;若验证通过,选择存储时间最近的默克尔根值对应强制公开信息,并作为所述公民的强制公开信息。
- 一种基于零知识证明的公民隐私保护的方法,其中,所述步骤包括:查验终端获取公民的生物识别信息,发送包括所述公民的生物识别信息的查询请求至权威机构服务器;所述权威机构服务器接收到所述查验终端发送的包括所述公民的生物识别信息的查询请求后,根据预存的默克尔根值和生物识别信息的映射关系,获取所述公民的生物识别信息对应的默克尔根值,并将所述默克尔根值、权威机构ID、预设的哈希算法和预设的有序默克尔树构建规则反馈至所述查验终端;所述查验终端接收到所述权威机构服务器反馈的所述默克尔根值后,根据权威机构ID和所述默克尔根值,获取所述默克尔根值对应的强制公开信息;所述查验终端根据获取到的所述强制公开信息,判断是否满足第一预设条件,并当确定满足第一预设条件时,发送隐私查验请求至用户终端;所述用户终端接收到隐私查验请求后,反馈至少一条个人隐私信息和默克尔验证信息至所述查验终端,其中所述默克尔验证信息包括除反馈的各条个人隐私信息对应的各默克尔节点外的至少一个其他节点的哈希值或包括除反馈的各条个人隐私信息对应的默克尔节点外的至少一个其他节点的哈希值和对应的所属层;所述查验终端根据哈希算法、有序默克尔树构建规则、用户终端反馈的各条个人隐私信息和默克尔验证信息进行计算,获得待验证默克尔根值,判断待验证默克尔根值和所述默克尔根值是否相同,并根据判断结果,对用户终端提供的个人隐私信息进行验证。
- 根据权利要求3所述的基于零知识证明的公民隐私保护的方法,其中,所述隐私查验请求还包括查验权限等级;所述用户终端接收到隐私查验请求后,反馈至少一条个人隐私信息和默克尔验证信息至所述查验终端的步骤包括:所述用户终端接收到隐私查验请求后,根据接收到的查验权限等级和各条个人隐私信息的预设权限等级,反馈个人隐私信息中与查验权限等级相同的权限等级对应的各条个人隐私信息和默克验证信息至所述查验终端。
- 根据权利要求4所述的基于零知识证明的公民隐私保护的方法,其中,所述查验终端获取公民的生物识别信息,发送包括所述公民的生物识别信息的查询请求至权威机构服务器的步骤之前包括:所述权威机构服务器接收各用户终端分别发送的公民ID和所述公民ID对应的至少一条个人信息;当接收到的所述公民ID对应的个人信息数量大于或等于两条时,所述权威机构服务器根据第二预设条件,分别为各条个人信息划分为个人隐私信息或强制公开信息;所述权威机构服务器根据收到的所述公民ID对应的各条个人信息和各条个人信息对应的信息类别,创建所述公民ID对应的信息档案,其中所述信息档案包括所述公民ID对应的至少两条个人信息和各条个人信息对应的信息类别的信息档案;所述权威机构服务器采用预设的哈希算法、预设的有序默克尔树构建规则和所述信息档案中各条个人信息,构建所述档案号对应的第一默克尔树,并根据第一默克尔树和预存的所述公民ID的生物识别信息,创建第一默克尔树的默克尔根值和所述公民ID的生物识别信息的映射关系;所述权威机构服务器根据第一私钥对所述第一默克尔树的默克尔根值和所述信息档案中强制公开信息进行签名,生成第一数字签名;所述权威机构服务器将包括权威机构ID、所述第一默克尔树的默克尔根值、第一数字签名和所述信息档案中强制公开信息的信息存储至所述区块链平台。
- 根据权利要求5所述的基于零知识证明的公民隐私保护的方法,其中,所述当接收到的所述公民ID对应的个人信息数量大于或等于两条时,所述权威机构服务器根据第二预设条件,分别为接收到的所述公民ID对应的各条个人信息划分为个人隐私信息或强制公开信息的步骤之后还包括:所述权威机构服务器根据第三预设条件,分别为接收到的所述公民ID对应的各条个人信息设置不同权限等级;所述所述权威机构服务器根据收到的所述公民ID对应的各条个人信息和各条个人信息对应的信息类别,创建所述公民ID对应的信息档案,其中所述信息档案包括所述公民ID对应的至少两条个人信息和各条个人信息对应的信息类别的信息档案的步骤包括:所述权威机构服务器根据收到的所述公民ID对应的各条个人信息、各条个人信息对应的信息类别和对应的权限等级,创建所述公民ID对应的信息档案,其中所述信息档案包括所述公民ID对应的至少两条个人信息、各条个人信息对应的信息类别和对应的权限等级的信息档案。
- 根据权利要求6所述的基于零知识证明的公民隐私保护的方法,其中,所述所述权威机构服务器将包括权威机构ID、所述第一默克尔树的默克尔根值、第一数字签名和所述信息档案中强制公开信息的信息存储至所述区块链平台的步骤之后还包括:所述权威机构服务器接收任一用户终端发送的更新请求,其中所述更新请求包括所述公民ID和至少一条个人信息;所述权威机构服务器根据第二预设条件,分别将更新请求中各条个人信息划分为个人隐私信息或强制公开信息;所述权威机构服务器根据所述公民ID对应的信息档案、更新请求中的各条个人信息和对应的信息类别,更新所述公民ID对应的信息档案并生成所述公民ID的新信息档案,所述新信息档案包括各条个人信息和各条个人信息对应的信息类别;所述权威机构服务器采用预设的哈希算法、预设的有序默克尔树构建规则和所述新信息档案中各条个人信息,构建更新请求中的档案号对应的第二默克尔树,并根据第二默克尔树和预存的所述公民ID的生物识别信息,创建第二默克尔树的默克尔根值和所述公民ID的生物识别信息的映射关系以及删除第一默克尔树的默克尔根值和所述公民ID的生物识别信息的映射关系;所述权威机构服务器采用第一私钥对第二默克尔树的默克尔根值和所述新信息档案中强制公开信息进行签名,生成第二数字签名;所述权威机构将包括权威机构ID、第二默克尔树的默克尔根值、第二数字签名和所述新信息档案中强制公开信息的信息存储至所述区块链平台。
- 根据权利要求7所述的基于零知识证明的公民隐私保护的方法,其中,所述所述权威机构将包括权威机构ID、第二默克尔树的默克尔根值、第二数字签名和所述新信息档案中强制公开信息的信息存储至所述区块链平台的步骤包括:所述权威机构服务器调用所述区块链平台上的智能合约,创建一个包括权威机构ID、所述第二默克尔树的默克尔根值、第二数字签名和所述新信息档案中强制公开信息的第二交易记录;所述权威机构服务器发送所述第二交易记录存储至所述区块链平台。
- 一种基于零知识证明的公民隐私保护的系统,其中,所述系统包括:查验终端,用于获取公民的生物识别信息,发送包括所述公民的生物识别信息的查询请求至权威机构服务器;权威机构服务器,用于接收到所述查验终端发送的包括所述公民的生物识别信息的查询请求后,根据预存的默克尔根值和生物识别信息的映射关系,获取所述公民的生物识别信息对应的默克尔根值,并将所述默克尔根值、权威机构ID、预设的哈希算法和预设的有序默克尔树构建规则反馈至所述查验终端;所述查验终端,用于接收到所述权威机构服务器反馈的所述默克尔根值后,根据权威机构ID和所述默克尔根值,获取所述默克尔根值对应的强制公开信息,并根据获取到的所述强制公开信息,判断是否满足第一预设条件,并当确定满足第一预设条件时,发送隐私查验请求至用户终端;用户终端,用于接收到隐私查验请求后,反馈至少一条个人隐私信息和默克尔验证信息至所述查验终端,其中所述默克尔验证信息包括除反馈的各条个人隐私信息对应的各默克尔节点外的至少一个其他节点的哈希值或包括除反馈的各条个人隐私信息对应的默克尔节点外的至少一个其他节点的哈希值和对应的所属层;所述查验终端,用于根据哈希算法、有序默克尔树构建规则、用户终端反馈的各条个人隐私信息和默克尔验证信息进行计算,获得待验证默克尔根值,判断待验证默克尔根值和所述默克尔根值是否相同,并根据判断结果,对用户终端提供的个人隐私信息进行验证。
- 根据权利要求9所述的基于零知识证明的公民隐私保护的系统,其中,所述隐私查验请求还包括查验权限等级;所述用户终端,还用于接收到隐私查验请求后,根据接收到的查验权限等级和各条个人隐私信息的预设权限等级,反馈个人隐私信息中与查验权限等级相同的权限等级对应的各条个人隐私信息和默克验证信息至所述查验终端。
- 根据权利要求10所述的基于零知识证明的公民隐私保护的系统,其中,所述权威机构服务器,还用于接收各用户终端分别发送的公民ID和所述公民ID对应的至少一条个人信息;所述权威机构服务器,还用于当接收到的所述公民ID对应的个人信息数量大于或等于两条时,根据第二预设条件,分别为各条个人信息划分为个人隐私信息或强制公开信息;所述权威机构服务器,还用于根据收到的所述公民ID对应的各条个人信息和各条个人信息对应的信息类别,创建所述公民ID对应的信息档案,其中所述信息档案包括所述公民ID对应的至少两条个人信息和各条个人信息对应的信息类别的信息档案;所述权威机构服务器,还用于采用预设的哈希算法、预设的有序默克尔树构建规则和所述信息档案中各条个人信息,构建所述档案号对应的第一默克尔树,并根据第一默克尔树和预存的所述公民ID的生物识别信息,创建第一默克尔树的默克尔根值和所述公民ID的生物识别信息的映射关系;所述权威机构服务器,还用于根据第一私钥对所述第一默克尔树的默克尔根值和所述信息档案中强制公开信息进行签名,生成第一数字签名;所述权威机构服务器,还用于将包括权威机构ID、所述第一默克尔树的默克尔根值、第一数字签名和所述信息档案中强制公开信息的信息存储至所述区块链平台。
- 根据权利要求11所述的基于零知识证明的公民隐私保护的系统,其中,所述权威机构服务器,还用于接收任一用户终端发送的更新请求,其中所述更新请求包括所述公民ID和至少一条个人信息;所述权威机构服务器,还用于根据第二预设条件,分别将更新请求中各条个人信息划分为个人隐私信息或强制公开信息;所述权威机构服务器,还用于根据所述公民ID对应的信息档案、更新请求中的各条个人信息和对应的信息类别,更新所述公民ID对应的信息档案并生成所述公民ID的新信息档案,所述新信息档案包括各条个人信息和各条个人信息对应的信息类别;所述权威机构服务器,还用于采用预设的哈希算法、预设的有序默克尔树构建规则和所述新信息档案中各条个人信息,构建更新请求中的档案号对应的第二默克尔树,并根据第二默克尔树和预存的所述公民ID的生物识别信息,创建第二默克尔树的默克尔根值和所述公民ID的生物识别信息的映射关系以及删除第一默克尔树的默克尔根值和所述公民ID的生物识别信息的映射关系;所述权威机构服务器,还用于采用第一私钥对第二默克尔树的默克尔根值和所述新信息档案中强制公开信息进行签名,生成第二数字签名;所述权威机构,还用于将包括权威机构ID、第二默克尔树的默克尔根值、第二数字签名和所述新信息档案中强制公开信息的信息存储至所述区块链平台。
- 一种计算机可读存储介质,其中,应用于查验终端,所述计算机可读存储介质存储有一个或者多个程序,所述一个或者多个程序可被一个或者多个处理器执行,以实现如下步骤:获取公民的生物识别信息,发送包括所述公民的生物识别信息的查询请求至权威机构服务器,以使权威机构接收到所述查询请求后反馈权威机构ID、所述公民的生物识别信息对应的默克尔根值、预设的哈希算法和预设的有序默克尔树构建规则;根据接收到的所述权威机构服务器反馈的所述权威机构ID和所述默克尔根值,获取所述默克尔根值对应的强制公开信息;根据获取到的所述强制公开信息,判断是否满足第一预设条件,并当确定满足第一预设条件时,发送隐私查验请求至用户终端,以使所述用户终端反馈所述公民的至少一条个人隐私信息和默克尔验证信息;根据所述哈希算法、所述有序默克尔树构建规则、所述用户终端反馈的各条个人隐私信息和默克尔验证信息进行计算,获得待验证默克尔根值,判断待验证默克尔根值和所述默克尔根值是否相同,并根据判断结果,对用户终端提供的个人隐私信息进行验证。
- 根据权利要求13所述的计算机可读存储介质,其中,所述一个或者多个程序可被一个或者多个处理器执行,还实现如下步骤:发送包括所述默克尔根值和所述权威机构ID的查询请求至区块链平台,以使所述区块链平台接收到所述查询请求后反馈所述权威机构ID对应的至少一个与所述默克尔根值相同的默克尔根值、对应的强制公开信息、对应的数字签名和对应的存储时间;从接收到的所述权威机构ID对应的与所述默克尔根值相同各默克尔根值中选择存储时间最近的默克尔根值;根据所述权威机构ID,获取权威机构ID对应的权威机构服务器的第一公钥,并采用所述第一公钥对选择的存储时间最近的默克尔根值对应的数字签名进行验证;若验证通过,选择存储时间最近的默克尔根值对应强制公开信息,并作为所述公民的强制公开信息。
- 一种计算机可读存储介质,其中,所述计算机可读存储介质存储有一个或者多个程序,所述一个或者多个程序可被一个或者多个处理器执行,以实现如下步骤:查验终端获取公民的生物识别信息,发送包括所述公民的生物识别信息的查询请求至权威机构服务器;所述权威机构服务器接收到所述查验终端发送的包括所述公民的生物识别信息的查询请求后,根据预存的默克尔根值和生物识别信息的映射关系,获取所述公民的生物识别信息对应的默克尔根值,并将所述默克尔根值、权威机构ID、预设的哈希算法和预设的有序默克尔树构建规则反馈至所述查验终端;所述查验终端接收到所述权威机构服务器反馈的所述默克尔根值后,根据权威机构ID和所述默克尔根值,获取所述默克尔根值对应的强制公开信息;所述查验终端根据获取到的所述强制公开信息,判断是否满足第一预设条件,并当确定满足第一预设条件时,发送隐私查验请求至用户终端;所述用户终端接收到隐私查验请求后,反馈至少一条个人隐私信息和默克尔验证信息至所述查验终端,其中所述默克尔验证信息包括除反馈的各条个人隐私信息对应的各默克尔节点外的至少一个其他节点的哈希值或包括除反馈的各条个人隐私信息对应的默克尔节点外的至少一个其他节点的哈希值和对应的所属层;所述查验终端根据哈希算法、有序默克尔树构建规则、用户终端反馈的各条个人隐私信息和默克尔验证信息进行计算,获得待验证默克尔根值,判断待验证默克尔根值和所述默克尔根值是否相同,并根据判断结果,对用户终端提供的个人隐私信息进行验证。
- 根据权利要求15所述的计算机可读存储介质,其中,所述隐私查验请求还包括查验权限等级;所述一个或者多个程序可被一个或者多个处理器执行,还实现如下步骤:所述用户终端接收到隐私查验请求后,根据接收到的查验权限等级和各条个人隐私信息的预设权限等级,反馈个人隐私信息中与查验权限等级相同的权限等级对应的各条个人隐私信息和默克验证信息至所述查验终端。
- 根据权利要求16所述的计算机可读存储介质,其中,所述一个或者多个程序可被一个或者多个处理器执行,还实现如下步骤:所述权威机构服务器接收各用户终端分别发送的公民ID和所述公民ID对应的至少一条个人信息;当接收到的所述公民ID对应的个人信息数量大于或等于两条时,所述权威机构服务器根据第二预设条件,分别为各条个人信息划分为个人隐私信息或强制公开信息;所述权威机构服务器根据收到的所述公民ID对应的各条个人信息和各条个人信息对应的信息类别,创建所述公民ID对应的信息档案,其中所述信息档案包括所述公民ID对应的至少两条个人信息和各条个人信息对应的信息类别的信息档案;所述权威机构服务器采用预设的哈希算法、预设的有序默克尔树构建规则和所述信息档案中各条个人信息,构建所述档案号对应的第一默克尔树,并根据第一默克尔树和预存的所述公民ID的生物识别信息,创建第一默克尔树的默克尔根值和所述公民ID的生物识别信息的映射关系;所述权威机构服务器根据第一私钥对所述第一默克尔树的默克尔根值和所述信息档案中强制公开信息进行签名,生成第一数字签名;所述权威机构服务器将包括权威机构ID、所述第一默克尔树的默克尔根值、第一数字签名和所述信息档案中强制公开信息的信息存储至所述区块链平台。
- 根据权利要求17所述的计算机可读存储介质,其中,所述一个或者多个程序可被一个或者多个处理器执行,还实现如下步骤:所述权威机构服务器根据第三预设条件,分别为接收到的所述公民ID对应的各条个人信息设置不同权限等级;所述所述权威机构服务器根据收到的所述公民ID对应的各条个人信息和各条个人信息对应的信息类别,创建所述公民ID对应的信息档案,其中所述信息档案包括所述公民ID对应的至少两条个人信息和各条个人信息对应的信息类别的信息档案的步骤包括:所述权威机构服务器根据收到的所述公民ID对应的各条个人信息、各条个人信息对应的信息类别和对应的权限等级,创建所述公民ID对应的信息档案,其中所述信息档案包括所述公民ID对应的至少两条个人信息、各条个人信息对应的信息类别和对应的权限等级的信息档案。
- 根据权利要求18所述的计算机可读存储介质,其中,所述一个或者多个程序可被一个或者多个处理器执行,还实现如下步骤:所述权威机构服务器接收任一用户终端发送的更新请求,其中所述更新请求包括所述公民ID和至少一条个人信息;所述权威机构服务器根据第二预设条件,分别将更新请求中各条个人信息划分为个人隐私信息或强制公开信息;所述权威机构服务器根据所述公民ID对应的信息档案、更新请求中的各条个人信息和对应的信息类别,更新所述公民ID对应的信息档案并生成所述公民ID的新信息档案,所述新信息档案包括各条个人信息和各条个人信息对应的信息类别;所述权威机构服务器采用预设的哈希算法、预设的有序默克尔树构建规则和所述新信息档案中各条个人信息,构建更新请求中的档案号对应的第二默克尔树,并根据第二默克尔树和预存的所述公民ID的生物识别信息,创建第二默克尔树的默克尔根值和所述公民ID的生物识别信息的映射关系以及删除第一默克尔树的默克尔根值和所述公民ID的生物识别信息的映射关系;所述权威机构服务器采用第一私钥对第二默克尔树的默克尔根值和所述新信息档案中强制公开信息进行签名,生成第二数字签名;所述权威机构将包括权威机构ID、第二默克尔树的默克尔根值、第二数字签名和所述新信息档案中强制公开信息的信息存储至所述区块链平台。
- 根据权利要求19所述的计算机可读存储介质,其中,所述一个或者多个程序可被一个或者多个处理器执行,还实现如下步骤:所述权威机构服务器调用所述区块链平台上的智能合约,创建一个包括权威机构ID、所述第二默克尔树的默克尔根值、第二数字签名和所述新信息档案中强制公开信息的第二交易记录;所述权威机构服务器发送所述第二交易记录存储至所述区块链平台。
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910365740.8 | 2019-04-29 | ||
CN201910365740.8A CN110336672B (zh) | 2019-04-29 | 2019-04-29 | 基于零知识证明的公民隐私保护的方法、系统及存储介质 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2020220412A1 true WO2020220412A1 (zh) | 2020-11-05 |
Family
ID=68139509
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2019/088061 WO2020220412A1 (zh) | 2019-04-29 | 2019-05-23 | 基于零知识证明的公民隐私保护的方法、系统及存储介质 |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN110336672B (zh) |
WO (1) | WO2020220412A1 (zh) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113746638A (zh) * | 2021-09-03 | 2021-12-03 | 杭州复杂美科技有限公司 | Nft存储方法、nft还原方法、计算机设备和存储介质 |
CN114401091A (zh) * | 2021-12-16 | 2022-04-26 | 北京航空航天大学 | 基于区块链的设备跨域认证管理方法及装置 |
CN114826617A (zh) * | 2022-04-29 | 2022-07-29 | 西北工业大学 | 工业物联网终端系统设计、数据验证方法及硬件加速装置 |
CN115941201A (zh) * | 2022-11-15 | 2023-04-07 | 上海钛动网络科技有限公司 | 基于零知识证明算法的区块链隐私保护系统 |
Families Citing this family (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110930153B (zh) * | 2019-12-09 | 2022-09-30 | 趣派(海南)信息科技有限公司 | 基于隐藏第三方账号的区块链隐私数据管理方法和系统 |
CN111125741B (zh) * | 2019-12-31 | 2022-07-01 | 广东卓启投资有限责任公司 | 一种基于区块链零知识验证方法 |
CN112488683B (zh) * | 2020-12-11 | 2024-02-23 | 深圳前海微众银行股份有限公司 | 一种区块链的链下交易方法及装置 |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107820690A (zh) * | 2017-08-21 | 2018-03-20 | 达闼科技成都有限公司 | 信息选取方法、装置、电子设备及计算机可读存储介质 |
CN108234515A (zh) * | 2018-01-25 | 2018-06-29 | 中国科学院合肥物质科学研究院 | 一种基于智能合约的自认证数字身份管理系统及其方法 |
CN108769057A (zh) * | 2018-06-15 | 2018-11-06 | 北京奇虎科技有限公司 | 基于区块链的身份识别方法及装置 |
CN109039655A (zh) * | 2018-09-13 | 2018-12-18 | 全链通有限公司 | 基于区块链的实名身份认证方法及装置、身份区块链 |
CN109639632A (zh) * | 2018-11-02 | 2019-04-16 | 远光软件股份有限公司 | 基于区块链的用户信息管理方法、电子设备及存储介质 |
Family Cites Families (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106899412A (zh) * | 2017-03-30 | 2017-06-27 | 北京链银博科技有限责任公司 | 一种区块链隐私保护方法、装置及系统 |
US10790980B2 (en) * | 2017-07-14 | 2020-09-29 | International Business Machines Corporation | Establishing trust in an attribute authentication system |
CN108418689B (zh) * | 2017-11-30 | 2020-07-10 | 矩阵元技术(深圳)有限公司 | 一种适合区块链隐私保护的零知识证明方法和介质 |
CN108171511B (zh) * | 2017-12-26 | 2021-08-17 | 广东优世联合控股集团股份有限公司 | 一种具有隐私保护功能的区块链系统 |
CN108737109A (zh) * | 2018-05-11 | 2018-11-02 | 北京奇虎科技有限公司 | 数据持有证明方法、装置及系统 |
-
2019
- 2019-04-29 CN CN201910365740.8A patent/CN110336672B/zh active Active
- 2019-05-23 WO PCT/CN2019/088061 patent/WO2020220412A1/zh active Application Filing
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107820690A (zh) * | 2017-08-21 | 2018-03-20 | 达闼科技成都有限公司 | 信息选取方法、装置、电子设备及计算机可读存储介质 |
CN108234515A (zh) * | 2018-01-25 | 2018-06-29 | 中国科学院合肥物质科学研究院 | 一种基于智能合约的自认证数字身份管理系统及其方法 |
CN108769057A (zh) * | 2018-06-15 | 2018-11-06 | 北京奇虎科技有限公司 | 基于区块链的身份识别方法及装置 |
CN109039655A (zh) * | 2018-09-13 | 2018-12-18 | 全链通有限公司 | 基于区块链的实名身份认证方法及装置、身份区块链 |
CN109639632A (zh) * | 2018-11-02 | 2019-04-16 | 远光软件股份有限公司 | 基于区块链的用户信息管理方法、电子设备及存储介质 |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113746638A (zh) * | 2021-09-03 | 2021-12-03 | 杭州复杂美科技有限公司 | Nft存储方法、nft还原方法、计算机设备和存储介质 |
CN114401091A (zh) * | 2021-12-16 | 2022-04-26 | 北京航空航天大学 | 基于区块链的设备跨域认证管理方法及装置 |
CN114401091B (zh) * | 2021-12-16 | 2023-10-24 | 北京航空航天大学 | 基于区块链的设备跨域认证管理方法及装置 |
CN114826617A (zh) * | 2022-04-29 | 2022-07-29 | 西北工业大学 | 工业物联网终端系统设计、数据验证方法及硬件加速装置 |
CN115941201A (zh) * | 2022-11-15 | 2023-04-07 | 上海钛动网络科技有限公司 | 基于零知识证明算法的区块链隐私保护系统 |
Also Published As
Publication number | Publication date |
---|---|
CN110336672A (zh) | 2019-10-15 |
CN110336672B (zh) | 2020-07-28 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2020220412A1 (zh) | 基于零知识证明的公民隐私保护的方法、系统及存储介质 | |
WO2020220413A1 (zh) | 个人信息的零知识证明方法、系统及存储介质 | |
WO2018207975A1 (ko) | 블록체인 시스템 및 블록체인 생성 방법 | |
WO2018107811A1 (zh) | 网络安全联合防御方法、装置、服务器和存储介质 | |
US10277608B2 (en) | System and method for verification lineage tracking of data sets | |
WO2017135669A1 (ko) | 파일에 대한 노터리 서비스를 제공하고 상기 노터리 서비스를 사용하여 기록된 파일에 대한 검증을 수행하는 방법 및 서버 | |
WO2019156533A1 (ko) | 블록 체인에 기반한 노드 장치, 노드 장치의 동작 방법 및 데이터 처리 시스템 | |
WO2020042464A1 (zh) | 数据交互方法、装置、设备及可读存储介质 | |
WO2017054444A1 (zh) | 一种登录系统的方法、服务器、系统及网络附属存储设备 | |
WO2020119115A1 (zh) | 数据审核方法、装置、设备及存储介质 | |
WO2020189926A1 (ko) | 블록체인 네트워크를 이용하여 사용자의 아이덴티티를 관리하는 방법 및 서버, 그리고, 블록체인 네트워크 기반의 사용자 아이덴티티를 이용하여 사용자를 인증하는 방법 및 단말 | |
WO2021006616A1 (en) | Method for providing relational decentralized identifier service and blockchain node using the same | |
WO2021003975A1 (zh) | 网关接口测试方法、终端设备、存储介质及装置 | |
WO2020224249A1 (zh) | 基于区块链的事务处理方法、装置、设备及存储介质 | |
WO2020147385A1 (zh) | 数据录入方法、装置、终端及计算机可读存储介质 | |
US20070294205A1 (en) | Method and apparatus for detecting data tampering within a database | |
WO2020050424A1 (ko) | 블록체인 기반의 모바일 단말 및 IoT 기기 간의 다중 보안 인증 시스템 및 방법 | |
WO2020062658A1 (zh) | 合同生成方法、装置、设备及存储介质 | |
WO2020087981A1 (zh) | 风控审核模型生成方法、装置、设备及可读存储介质 | |
WO2022131441A1 (ko) | 블록체인 네트워크를 이용하여 웹페이지를 저장 및 검증하는 방법 및 시스템 | |
WO2023210861A1 (ko) | 유해 사이트에 대한 접속 알림 서비스를 제공할 수 있는 알림 서비스 서버 및 그 동작 방법 | |
WO2019024485A1 (zh) | 数据共享方法、装置及计算机可读存储介质 | |
WO2013189134A1 (zh) | 信息推送方法及系统 | |
WO2018227771A1 (zh) | 基于保单服务的区域划分方法、系统、服务器和存储介质 | |
WO2021085718A1 (ko) | 유해 콘텐츠 게시 방지 및 차단 장치 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 19927302 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 19927302 Country of ref document: EP Kind code of ref document: A1 |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 19927302 Country of ref document: EP Kind code of ref document: A1 |
|
32PN | Ep: public notification in the ep bulletin as address of the adressee cannot be established |
Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 20/05/2022) |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 19927302 Country of ref document: EP Kind code of ref document: A1 |