WO2020223918A1 - Temporary identity authentication method, apparatus and system - Google Patents

Temporary identity authentication method, apparatus and system Download PDF

Info

Publication number
WO2020223918A1
WO2020223918A1 PCT/CN2019/085941 CN2019085941W WO2020223918A1 WO 2020223918 A1 WO2020223918 A1 WO 2020223918A1 CN 2019085941 W CN2019085941 W CN 2019085941W WO 2020223918 A1 WO2020223918 A1 WO 2020223918A1
Authority
WO
WIPO (PCT)
Prior art keywords
subject matter
private key
contract
request data
lessor
Prior art date
Application number
PCT/CN2019/085941
Other languages
French (fr)
Chinese (zh)
Inventor
唐虹刚
孙立林
Original Assignee
云图有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 云图有限公司 filed Critical 云图有限公司
Priority to PCT/CN2019/085941 priority Critical patent/WO2020223918A1/en
Publication of WO2020223918A1 publication Critical patent/WO2020223918A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords

Definitions

  • the present invention relates to the technical field of computer data processing, and in particular, to a method, device and system for temporary identity authentication.
  • the purpose of the embodiments of this specification is to provide a temporary identity authentication method, device and system, which can quickly, simply and safely confirm the user's temporary use right of the subject matter.
  • This manual provides a temporary identity authentication method, device and system which are implemented in the following ways:
  • a temporary identity authentication method including:
  • the public key corresponding to the contract number and the lessor s first private key fragment according to the contract number, wherein the private key and public key corresponding to the contract number are generated by the lessor when the lease is signed, and the private
  • the key is divided into at least two pieces, including the first private key fragment used by the lessor for signing and the second private key fragment used by the lessee for signing;
  • the public key is used to verify the signed subject matter use request data, and when the signature verification is passed, the use right is opened.
  • the obtaining the public key corresponding to the contract number and the first private key fragment of the lessor according to the contract number includes:
  • the obtaining the subject matter use request data includes:
  • the two-dimensional code information is generated by the lessor based on the public key and the contract lease information when the lease is signed;
  • the obtaining the public key corresponding to the contract number according to the contract number includes obtaining the public key corresponding to the contract number from the data obtained after decoding the two-dimensional code information.
  • the method further includes:
  • the use right verification is performed on the subject matter use request data according to the contract lease information, and correspondingly, the use right is opened after the use right verification is passed.
  • the method further includes:
  • the signed subject matter use request data and the verification result are stored in the blockchain based on the contract number.
  • the embodiment of this specification also provides a temporary identity authentication device, the device includes:
  • the first data acquisition module is configured to acquire subject matter use request data, where the subject matter use request data includes the contract number corresponding to the subject matter;
  • the second data acquisition module is used to acquire the public key corresponding to the contract number and the lessor’s first private key fragments according to the contract number, wherein the private key and public key corresponding to the contract number are shared by the lessor Generated when the lease is signed, the private key is divided into at least two pieces, including the first private key fragment used by the lessor for signing and the second private key fragment used by the lessee for signing;
  • the first data signature module is configured to jointly sign the subject matter use request data through secure multi-party calculation based on the first private key fragment and the second private key fragment;
  • the first data verification module is configured to verify the signed subject matter use request data by using the public key
  • the first permission opening module is used to open the usage permission when the signature verification is passed.
  • the embodiments of this specification also provide a temporary identity authentication device, which includes a processor and a memory for storing executable instructions of the processor. The steps of the method.
  • the embodiment of this specification also provides a temporary identity authentication method, including:
  • the first client sends the subject matter use request data to the first rental terminal, where the subject matter use request data includes the contract number corresponding to the subject matter;
  • the first rental terminal receives the subject matter use request data, and obtains the public key corresponding to the contract number and the first private key fragment of the lessor from the blockchain according to the contract number, wherein,
  • the private key and public key corresponding to the contract number are generated by the first lessor when the lease is signed.
  • the private key is divided into at least two pieces, including the first private key fragment used by the lessor for signing and the lessee For the signed second private key segment, the public key and the first private key segment are pre-stored in the blockchain by the lessor based on the contract number, and the second private key segment is stored in the first client End in
  • the first client and the first renter jointly sign the subject matter use request data through a multi-party security algorithm based on the first private key fragment and the second private key fragment;
  • the first rental end uses the public key to verify the signed subject matter use request data, and when the signature verification is passed, it issues an open use permission instruction to the first subject matter end, so that the first subject matter end is open for use Permissions.
  • the embodiment of this specification also provides a rental terminal, the rental terminal includes:
  • a data receiving module for receiving subject matter use request data, where the subject matter use request data includes the contract number corresponding to the subject matter;
  • the data retrieval module is used to retrieve the public key corresponding to the contract number and the first private key segment of the lessor from the blockchain according to the contract number, wherein,
  • the private key and public key corresponding to the contract number are generated by the first lessor when the lease is signed.
  • the private key is divided into at least two pieces, including the first private key fragment used by the lessor for signing and the lessee For the second private key segment of the signature, the public key and the first private key segment are pre-stored in the blockchain by the lessor based on the contract number;
  • the second data signature module is configured to jointly sign the subject matter use request data through secure multi-party calculation based on the first private key fragment and the second private key fragment;
  • the second data verification module is configured to use the public key to verify the signed subject matter use request data
  • the instruction sending module is used to issue an open use permission instruction to the subject end when the signature verification is passed.
  • the embodiment of this specification also provides a client, the client includes a SIM card and/or TEE, and a data sending module, wherein the SIM card and/or TEE is used to store the second Private key fragmentation;
  • the data sending module is configured to send subject matter use request data, the subject matter use request data including the contract number corresponding to the subject matter, so that the lessor can receive the subject matter use request data, and obtain all data according to the contract number.
  • the public key corresponding to the contract number and the lessor’s first private key fragment, and the use of the subject matter through secure multi-party calculation based on the lessor’s first private key fragment and the lessee’s second private key fragment The request data is jointly signed, and the signed subject matter use request data is verified by using the public key. When the signature verification is passed, the use authority is opened.
  • the embodiment of the present specification also provides a temporary identity authentication system, the system includes a first client, a first object terminal, a first rental terminal, and a blockchain, wherein,
  • the first client is used to store the second private key fragments of the lessee, and send the subject matter use request data to the first renter, the subject matter use request data including the contract number corresponding to the subject matter;
  • the first rental terminal is used to receive the subject matter use request data, and is also used to retrieve the public key corresponding to the contract number and the first private key of the lessor from the blockchain according to the contract number. Based on the lessee’s second private key shard and the lessor’s first private key shard to jointly sign the subject matter use request data through secure multi-party computing, and use the public key to sign the subject matter Use the requested data for verification, and when the signature verification is passed, issue an open-use permission instruction to the first subject;
  • the first subject end is used to receive and respond to the open use permission instruction sent by the first rental end;
  • the blockchain is used to store contract lease information, public key and lessor’s first private key fragments, signed subject matter use request data, and verification results based on the contract number.
  • the embodiment of this specification also provides a temporary identity authentication method, including:
  • the second object terminal obtains the QR code information displayed by the second client, and the QR code information is generated by the lessor based on the contract lease information and the public key when the lease is signed;
  • the contract lease information and the corresponding private key and public key are generated by the lessor when the lease is signed, and the private key is divided into at least two pieces, including the first private key segment used by the lessor for signing and the lease
  • the second private key fragment used by the party for signing, the first private key fragment is stored on the first subject end, and the second private key fragment is stored on the second client;
  • the second object terminal decodes the two-dimensional code information, obtains contract lease information and a public key, and generates object use request data according to the contract lease information;
  • the second subject end and the second client use a multi-party security algorithm to jointly sign the subject use request data based on the first private key fragment and the second private key fragment;
  • the second subject end uses the public key to verify the signed subject use request data, and when the signature verification is passed, the use right is opened.
  • the embodiments of this specification also provide a target end, the target end includes;
  • the decoding module is used to obtain the two-dimensional code information displayed by the second client, decode the two-dimensional code information, obtain contract lease information and public key, and generate subject matter use request data according to the contract lease information;
  • the third data acquisition module is configured to acquire the first private key fragment of the lessor corresponding to the contract number according to the contract number;
  • the third data signature module is used to jointly sign the subject matter use request data through a multi-party security algorithm based on the lessor’s first private key fragment and the lessee’s second private key fragment;
  • the third data verification module is configured to use the public key to verify the signed subject matter use request data
  • the second permission opening module is used to open the usage permission when the signature verification is passed.
  • the embodiments of this specification also provide a client, the client includes a SIM card and/or TEE, a data storage module, and a data display module, wherein:
  • the SIM card and/or TEE is used to store the second private key fragments of the lessee;
  • the data storage module is used to store the QR code information generated from the public key and the contract lease information
  • the data display module is used to display the two-dimensional code information, so that the lessor can decode the two-dimensional code information to obtain the public key and contract lease information, and generate a subject matter use request based on the contract lease information Data, and, according to the contract number in the contract lease information to obtain the lessor’s first private key fragment, based on the lessor’s first private key fragment and the lessee’s second private key fragment, the multi-party security algorithm
  • the subject matter uses the request data for joint signature, and the public key is used to verify the signed subject matter use request data. When the signature verification is passed, the use authority is opened.
  • the embodiment of this specification also provides a temporary identity authentication system, the system includes a second client, a second subject end, a second rental end, and a blockchain, wherein,
  • the second client is used to store the second private key fragments of the lessee and the QR code information generated from the public key and the contract lease information;
  • the second subject end is used to obtain the two-dimensional code information displayed by the second client, decode the two-dimensional code information to obtain the public key and contract lease information, and generate the use of the subject matter according to the contract lease information Request data, and obtain the lessor’s first private key segment based on the contract number in the contract lease information. Based on the lessor’s first private key segment and the lessee’s second private key segment, the multi-party security algorithms
  • the subject matter use request data is jointly signed, the public key is used to verify the signed subject matter use request data, and when the signature verification is passed, the use authority is opened;
  • the second rental terminal is used to receive the signed subject matter use request data and the verification result sent by the second subject matter terminal, and store the signed subject matter use request data and the verification result in the contract number based on the contract number.
  • the blockchain In the blockchain;
  • the blockchain is used to store contract lease information, signed subject matter use request data, and verification results based on the contract number.
  • the temporary identity authentication method, device, and system provided in one or more embodiments of this specification can automatically generate a public key and a private key after the lessor and the lessee reach an agreement, and divide the private key into at least two pieces.
  • the party and the lessee each hold a private key.
  • the use request data can be jointly signed based on the lessee's second private key fragment and the lessor's first private key fragment through secure multi-party computing.
  • the public key is used to verify the correctness of the signature to verify the identity of the lessee and the right to use the subject matter.
  • the subject matter develops the use right to the lessee.
  • the user's right to temporarily use the subject matter can be quickly, simply and safely confirmed.
  • FIG. 1 is a schematic flowchart of an embodiment of a temporary identity authentication method provided in this specification
  • FIG. 2 is a schematic diagram of the temporary identity authentication registration phase in an embodiment provided in this specification
  • Fig. 3 is a schematic diagram of a temporary identity authentication use phase in another embodiment provided in this specification.
  • FIG. 4 is a schematic flowchart of another embodiment of a temporary identity authentication method provided in this specification.
  • FIG. 5 is a schematic diagram of the temporary identity authentication registration stage in another embodiment provided in this specification.
  • FIG. 6 is a schematic diagram of a temporary identity authentication use phase in another embodiment provided in this specification.
  • FIG. 7 is a schematic flowchart of another embodiment of a temporary identity authentication method provided in this specification.
  • FIG. 8 is a schematic diagram of the module structure of an embodiment of a temporary identity authentication device provided in this specification.
  • Fig. 9 is a schematic structural diagram of a server according to an exemplary embodiment of the present specification.
  • Figure 10 is a schematic structural diagram of a temporary identity authentication system in another embodiment provided in this specification.
  • Fig. 11 is a schematic structural diagram of a temporary identity authentication system in another embodiment provided in this specification.
  • the embodiment of this specification provides a temporary identity authentication method, which can automatically generate a public key and a private key after an agreement is reached between the lessor and the lessee, and divide the private key into at least two pieces. Each party holds a private key.
  • the use request data can be jointly signed based on the lessee's second private key fragment and the lessor's first private key fragment through secure multi-party computing.
  • the public key is used to verify the correctness of the signature to verify the identity of the lessee and the right to use the subject matter.
  • the subject matter develops the use right to the lessee.
  • the lessor may refer to the party that leases the subject matter to be leased among the two parties to the lease
  • the lessee may refer to the party that leases the subject matter to be leased among the two parties to the lease.
  • the subject matter may refer to the object to which the lessor and the lessee corresponding to the contract lease are directed together.
  • the subject matter may refer to one or more types of leased properties, or one or more specific leased properties. .
  • for shared car rental it can refer to all cars provided by the lessor, one or more models that meet certain requirements, or one or more specific cars. Make a limit. It can be determined by the lessor and/or lessee at the time of registration.
  • the client can include the terminal equipment of the lessee, for example, it can be a smart device such as a mobile phone, a computer, and a smart watch.
  • the rental end may include the system, service period, or other terminal equipment corresponding to the lessor.
  • the subject end may include smart devices corresponding to the subject to be rented, such as door locks for shared cars, shared apartments, or other smart control devices.
  • the lessor and the lessee may reach a certain use agreement in advance for the use of the subject matter. For example, in application scenarios corresponding to the sharing economy, such as shared cars and shared apartments, the lessee can register for the first use. In some implementations, the lessor may also require the lessee to perform identity information verification such as ID verification and biometric information verification in advance. After the verification is passed, further use registration is performed, such as entering the subject matter to be leased, the lease period, the use authority, etc.
  • the lessor system can also generate a corresponding private key and public key.
  • the private key can be divided into at least two parts, one part stored in the lessor and the other part stored in the lessee.
  • contract lease information can be generated, and each contract lease information can correspond to a contract number.
  • the contract number can be used to identify the lease information, private key, public key, and later use record data, etc., to improve the accuracy and simplicity of authorization verification and data query during the entire use process.
  • the contract lease information may include the contract number, the lessor, the identity of the lessee, the rental period, the rental subject matter, the use authority, etc.
  • the lessee can associate its corresponding private key fragment with the contract number and save it in a safe area.
  • the lessee may slice its private key into the SIM card (Subscriber Identification Module, user identification card) of its terminal device or the TEE (Trust Execution Environment) of the CPU (Central Processing Unit), trusted execution environment ), or split into smaller pieces and store them in the SIM card and TEE respectively.
  • the lessor may associate the private key segment corresponding to the lessor with the contract number and store it in the lessor's system.
  • the public key and the contract lease information may also be associated with the contract number and stored in the lessor’s system together with the lessor’s private key fragments.
  • the public key, the private key fragment of the lessor, and the contract lease information may be associated with the contract number and uploaded by the lessor to the blockchain for storage.
  • the public key and the contract lease information may also be stored in the terminal device of the lessee after being associated with the contract number by the lessee.
  • the public key and the contract lease information can be converted into a QR code and sent to the lessee, and the lessee will save it in its corresponding terminal device. Accordingly, when the lessee uses the subject matter, it can Directly use the QR code scanning to start identity verification, which improves the simplicity of starting identity verification.
  • FIG. 1 shows a schematic flowchart of a temporary identity authentication method provided in this specification.
  • the method may include:
  • S102 Acquire subject matter use request data, where the subject matter use request data includes a contract number corresponding to the subject matter.
  • the lessor may obtain the subject matter use request data of the lessee, and the subject matter use request data may include the contract number, the use time, the ID corresponding to the client, and the like.
  • the use request data may also include parameter data of the subject matter to be rented.
  • the use request data may also include the license plate number and location of the subject matter to be rented. Wait.
  • the lessee may send the subject matter use request data through its corresponding terminal device, and the subject matter use request data may be generated on the terminal device corresponding to the lessee and sent to it via Bluetooth, wifi, etc.
  • the obtaining of the subject matter use request data may further include: obtaining subject matter use request two-dimensional code information, the two-dimensional code information is based on the public key and the contract lease when the lease is signed by the lessor Information generation; decoding the two-dimensional code information to obtain contract lease information, and generate subject matter use request data based on the contract lease information.
  • the lessor converts the public key and the contract lease information into a QR code and sends it to the lessee, then the lessee can directly use the QR code to scan to initiate identity verification.
  • the lessor can scan and recognize the two-dimensional code, and decode the two-dimensional code to obtain the corresponding contract lease information and public key information.
  • the subject matter use request data can be generated based on the contract lease information, the requested time, place, and parameters corresponding to the subject matter.
  • the subject matter use request data contains a contract number, and the contract number is used for identification.
  • S104 Obtain the public key corresponding to the contract number and the first private key fragment of the lessor according to the contract number.
  • the lessor can obtain the contract lease information corresponding to the contract number, the public key, and the lessor's first private key fragment.
  • the lessor associates the generated contract lease information, public key, and lessor's first private key fragments with the contract number, upload them to the blockchain for storage.
  • the lessor can obtain the contract lease information, the public key, and the lessor’s first private key fragment corresponding to the contract number from the blockchain according to the contract number.
  • the lessor can obtain the corresponding public key information after decoding the QR code. Then, the lessor can also obtain the contract number after decoding the two-dimensional code, and then retrieve the lessor’s first private key segment from the lessor’s terminal device, server system or blockchain according to the contract number.
  • S106 Perform a joint signature on the subject matter use request data through secure multi-party calculation based on the first private key fragment and the second private key fragment.
  • the lessor After obtaining the public key corresponding to the contract number and the lessor’s first private key fragments, the lessor can initiate a joint signature on the use request data. Correspondingly, during the joint signature verification process, the lessee can also retrieve the second private key segment corresponding to the contract number from its corresponding terminal device according to the contract number.
  • the lessor and the lessee can jointly sign the use request data through secure multi-party calculation based on the lessor's first private key fragment and the lessee's second private key fragment.
  • Secure multi-party computing can provide collaborative computing capabilities for raw data without pooling. Using secure multi-party computing to combine the private key shards of the two parties for collaborative computing can ensure that the private key data of both parties does not leave their respective nodes. Under the premise, complete the joint signature.
  • S108 Use the public key to verify the signed subject matter use request data, and when the signature verification is passed, the use right is opened.
  • the two parties After the two parties use their private keys to complete the multi-party security calculation joint signature of the use request data, the lessor can use the public key to verify the signed subject use request data to determine the identity and use right of the lessee.
  • the use of secure multi-party calculations for joint signatures and the use of public keys to verify the correctness of the joint signatures can effectively ensure the confidentiality of the private keys of the two parties, while achieving simple, effective and safe confirmation of the identity of the tenant.
  • the smart device corresponding to the subject matter can open the usage rights to the lessee. For example, the door lock of the shared car is opened, and at the same time, the control device of the shared car develops the use authority to the lessee, and the lessee can start the shared car.
  • the system can also automatically delete the user's right to use. For example, the right to use the lessee can be disabled, or the private key and public key data corresponding to the lease can be deleted.
  • the lease expires or the signature verification is incorrect, the lessor can send a verification failure message to the lessee.
  • the lessor may also upload the signed use request data and the verification result to the blockchain according to the contract number.
  • the lessor may also upload the signed use request data and the verification result to the blockchain according to the contract number.
  • the lessor after using the public key to sign and verify the signed subject matter use request data, the lessor can also use the subject matter use request data according to the contract lease information Right to verify.
  • the contract lease information may include restrictions such as the user's usage authority, the model or type of the subject matter, and so on.
  • the lessor can also verify the current use request based on the contractual lease information. If the current use request is not within the lease period of the subject matter, or the subject matter currently to be leased does not meet the requirements of the contract lease information, etc., the renter can feed back information about the failure of the relevant request to the client, and at the same time, it can also send the use The reason for the request failure, etc. If the use right verification corresponding to the current use request is passed, the subject matter can develop the use right to the lessee.
  • the use authority, the model or type of the subject matter, etc. are further verified according to the contract lease information, which can further accurately confirm the user’s lease of the subject matter. Use permissions.
  • Figures 2 and 3 show a schematic diagram of a temporary use right and identity authentication process in a scenario embodiment provided in this specification.
  • the lessee can associate its corresponding private key fragment with the contract number and save it in a safe area.
  • the lessee may divide its private key into the SIM card of its terminal device or the TEE of the CPU, or divide it into smaller pieces and store them in the SIM card and TEE respectively.
  • the lessor can associate the public key, the private key fragment corresponding to the lessor, and the contract lease information with the contract number, and the lessor can register the information in the blockchain for storage.
  • the lessee can initiate a use request when using the subject matter, and use the subject matter after the right to use and identity verification are passed.
  • the user can initiate a use request through the client, and the client can send the use request data to the smart device corresponding to the subject matter such as the apartment or car to be rented through Bluetooth, WIFI, etc., correspondingly, the use request
  • the data can include contract number, usage time, parameter data of the subject to be leased, client ID, etc.
  • the smart device corresponding to the subject matter can send the use request data to the renter, so that the renter can verify the identity and temporary use right.
  • the renter After receiving the use request data, the renter can read the first private key segment and public key of the renter corresponding to the merge number from the blockchain according to the contract number in the use request data. Then, the first private key segment of the joint lessor and the second private key segment of the lessee can be used to jointly sign the usage request data through a secure multi-party calculation. Then, the public key can be used to verify the correctness of the joint signature.
  • the rental terminal can send an instruction to open the use permission to the smart device corresponding to the subject matter, for example, an instruction to open the smart door lock.
  • the rental terminal can further verify the use permission of the use request, the model or type of the subject matter, etc. according to the contract lease information, and then, after the second verification is passed, the smart device corresponding to the subject matter Send an open access instruction.
  • the rental terminal can also record each calculation and usage status in the blockchain according to the lease contract number to facilitate subsequent traceability.
  • Figure 4 shows a schematic flow diagram of another temporary identity authentication method provided in this specification. As shown in FIG. 4, based on the foregoing scenario embodiment, one or more embodiments of this specification also provide a temporary identity authentication method, and the method may include:
  • the first client sends subject matter use request data to the first rental terminal, where the subject matter use request data includes a contract number corresponding to the subject matter;
  • the first rental terminal receives the subject matter use request data, and obtains the public key corresponding to the contract number and the first private key fragment of the lessor from the blockchain according to the contract number;
  • the private key and public key corresponding to the contract number are generated by the first renter when the lease is signed, and the private key is divided into at least two pieces, including the first private key fragment and the renter used by the lessor for signing
  • the second private key fragment used by the party for signing, the public key and the first private key fragment are pre-stored in the blockchain by the lessor based on the contract number, and the second private key fragment is stored in the first In a client;
  • S206 The first client and the first renter jointly sign the subject matter use request data through a multi-party security algorithm based on the first private key fragment and the second private key fragment;
  • the first renting terminal uses the public key to verify the signed subject matter use request data, and when the signature verification is passed, it issues an open use permission instruction to the first subject matter terminal, so that the first subject matter terminal Open access.
  • the first rental end may receive the subject matter use request data sent by the first client, and then, according to the contract number in the subject matter use request data, obtain the public key corresponding to the contract number and the lessor’s second from the blockchain. A private key fragment. Then, the first renter and the first renter can use the first private key fragment of the lessor and the second private key fragment of the lessee to perform a secure multiparty calculation signature based on the secure multiparty computing protocol, and use the public key to join The correctness of the signature is verified to verify the identity of the tenant and the right to use.
  • the specific implementation can be done with reference to the above-mentioned embodiments, which will not be repeated here.
  • first client the second client
  • first rental terminal the second rental terminal
  • second rental terminal etc. in the embodiments of this specification are merely differentiated definitions for ease of description.
  • structure of each terminal And the function can be the same or different, which is determined by the specific implementation.
  • the two-party joint signature is performed to verify the lessee based on secure multi-party calculation, which can greatly improve the convenience and security of the use right and identity verification during the use of the leased property.
  • the method may further include:
  • the first leaser obtains the contract lease information corresponding to the contract number from the blockchain according to the contract number, wherein the contract lease information corresponding to the contract number is pre-assigned by the lessor based on the contract
  • the serial number is stored in the blockchain
  • the first rental terminal verifies the use right of the subject matter use request data according to the contract lease information
  • the first rental terminal issues an instruction to open the use right to the first subject end, so that the first subject end opens the use right.
  • the user's right to use the leased subject matter can be further accurately confirmed.
  • the method may further include:
  • the first rental terminal stores the signed subject matter use request data and the verification result in the blockchain based on the contract number.
  • the solution provided by the foregoing embodiment records each calculation and usage situation in the blockchain according to the lease contract number, which can facilitate data query during the entire lease process.
  • the private key is split and allocated to the lessor and the lessee respectively, and the lessee and the lessee are kept separately.
  • the lessee can store the private key fragments in the SIM card and/or TEE of its smart device, and the lessor can use the blockchain to store the private key fragment information, thereby further improving the security of the private key fragment storage.
  • the two parties can use their respective private key fragments to complete the joint signature based on the secure multi-party computing protocol under the premise that the private key data of the two parties does not leave their respective nodes.
  • the lessor can use the public key to verify the correctness of the signature, so as to realize the fast and safe verification of the identity of the lessee.
  • Using the various embodiments of the present specification can greatly improve the convenience and security of the use right and identity verification during the use of the leased property.
  • 5 and 6 are schematic diagrams of the temporary use right and identity authentication process in another scenario embodiment provided in this specification.
  • the lessee can associate its corresponding private key fragment with the contract number and save it in a secure area.
  • the lessee may divide its private key into the SIM card of its terminal device or the TEE of the CPU, or divide it into smaller pieces and store them in the SIM card and TEE respectively.
  • the lessor may associate the private key fragment corresponding to the lessor with the contract number, and the lessor may send the private key fragment to the target object for storage.
  • the lessor can also convert the public key and the contract lease information into a QR code and send it to the lessee, and the lessee will save it in its corresponding terminal device.
  • the lessee can initiate a use request when using the subject matter, and use the subject matter after the right to use and identity verification are passed.
  • the user can display the pre-saved QR code through the client, and the subject end can scan and recognize the QR code and decode the QR code to obtain the contract lease information and the public key.
  • the subject matter use request data can be generated based on the contract lease information, the requested time, place, and parameters corresponding to the subject matter.
  • the subject matter end After the subject matter end generates the subject matter use request data, it can initiate a joint signature, and the lessee and the lessor use the private key fragments of both parties to perform a multi-party security calculation joint signature on the subject matter use request data.
  • a connection between the subject end and the client can be established through methods such as Bluetooth, WIFI, infrared, wireless, etc., and multi-party security calculations can be used on the connection channel to verify the validity of the lease.
  • the private keys of the two parties can be used to jointly sign the usage request data (ie usage record) used this time.
  • the subject end can use the public key to verify the signature, and if the verification is correct, it can open the use right to the lessee.
  • the subject end or the rental end can further verify the use permission of the use request, the model or type of the subject matter, etc. according to the contract lease information, and then, after the second verification is passed, the subject end will send the The lessee opens the right to use.
  • the subject end can also associate each calculation and usage with the contract number and send it to the rental end, which will record it in the blockchain according to the contract number to facilitate subsequent traceability.
  • Figure 7 shows a schematic flow diagram of another temporary identity authentication method provided in this specification. As shown in FIG. 7, based on the foregoing scenario embodiment, one or more embodiments of this specification also provide a temporary identity authentication method, and the method may include:
  • the second object terminal obtains the QR code information displayed by the second client, and the QR code information is generated by the lessor based on the contract lease information and the public key when the lease is signed;
  • the contract lease information and the corresponding private key and public key are generated by the lessor when the lease is signed, and the private key is divided into at least two pieces, including the first private key segment used by the lessor for signing and the lease
  • the second private key fragment used by the party for signing, the first private key fragment is stored on the first subject end, and the second private key fragment is stored on the second client;
  • the second object terminal decodes the two-dimensional code information, obtains contract lease information and a public key, and generates object use request data according to the contract lease information;
  • the second object terminal obtains the first private key fragment corresponding to the contract number according to the contract number in the contract lease information
  • S308 The second subject end and the second client jointly sign the subject use request data through a multi-party security algorithm based on the first private key fragment and the second private key fragment;
  • S310 The second subject end uses the public key to verify the signed subject use request data, and when the signature verification passes, the use right is opened.
  • the private key and public key can be generated when the lease is signed, and then the private key is split and kept separately by the lessor and the lessee. Then, the contract lease information and public key can be converted into a QR code and sent to the lessee. The lessee can use the QR code scan to initiate identity verification during actual use. Then, the lessor and the lessee can use the private keys of the two parties to perform multi-party secure calculation of joint signatures. The lessor then uses the public key to verify the correctness of the signature, and then confirm the lessee's identity and usage rights.
  • the thief Since the above two-dimensional code only contains the relevant public key part and not the private key part, even if the lessee’s two-dimensional code is maliciously stolen by a third party, the thief does not have the corresponding private key when scanning the two-dimensional code. The key can't carry out the corresponding joint signature, so it will not get the legal right to use.
  • the method may further include:
  • the second subject end verifies the use right of the subject matter use request data according to the contract lease information obtained after decoding the QR code;
  • the end of the second target object opens the use right.
  • the method may further include:
  • the second object terminal sends the signed object use request data and the verification result to the second rental terminal;
  • the second rental terminal stores the signed subject matter use request data and the verification result in the blockchain based on the contract number.
  • the lessee can directly use the QR code to verify the use right, which greatly improves the convenience of the use right verification.
  • the two-dimensional code only contains the public key, and the two parties must jointly sign in the verification process to achieve the correct verification of the use right, which further improves the security of the use right verification.
  • the temporary identity authentication method can automatically generate a public key and a private key after an agreement is reached between the lessor and the lessee, and divide the private key into at least two pieces. Each holds a private key.
  • the use request data can be jointly signed based on the lessee's second private key fragment and the lessor's first private key fragment through secure multi-party computing.
  • the public key is used to verify the correctness of the signature to verify the identity of the lessee and the right to use the subject matter.
  • the subject matter develops the use right to the lessee.
  • one or more embodiments of this specification also provide a temporary identity authentication device.
  • the described devices may include systems, software (applications), modules, components, servers, etc. that use the methods described in the embodiments of this specification, combined with necessary implementation hardware devices.
  • the devices in one or more embodiments provided in the embodiments of this specification are as described in the following embodiments. Since the implementation scheme of the device to solve the problem is similar to the method, the implementation of the specific device in the embodiment of this specification can refer to the implementation of the foregoing method, and the repetition will not be repeated.
  • the term "unit” or “module” can be a combination of software and/or hardware that implements predetermined functions.
  • FIG. 8 shows a schematic diagram of the module structure of an embodiment of a temporary identity authentication device provided in the specification. As shown in FIG. 8, the device may include:
  • the first data acquisition module 402 may be used to acquire subject matter use request data, where the subject matter use request data includes a contract number corresponding to the subject matter;
  • the second data acquisition module 404 can be used to acquire the public key corresponding to the contract number and the first private key fragment of the lessor according to the contract number, wherein the private key and the public key corresponding to the contract number are leased
  • the party generates when the lease is signed, and the private key is divided into at least two pieces, including the first private key fragment used by the lessor for signing and the second private key fragment used by the lessee for signing;
  • the first data signature module 406 may be used to jointly sign the subject matter use request data through secure multi-party calculation based on the first private key fragment and the second private key fragment;
  • the first data verification module 408 may be used to verify the signed subject matter use request data by using the public key
  • the first permission opening module 410 can be used to open the usage permission when the signature verification is passed.
  • the two-party joint signature is performed to verify the lessee based on secure multi-party calculation, which can greatly improve the convenience and security of the right to use and identity verification during the use of the leased property.
  • the second data acquisition module 404 may include:
  • the first data obtaining unit may be used to obtain the public key corresponding to the contract number and the first private key fragment of the lessor from the blockchain according to the contract number, wherein the public key corresponding to the contract number and The lessor’s first private key segment is previously stored in the blockchain by the lessor based on the contract number.
  • the first data acquisition module 402 may include:
  • the second data acquisition unit may be used to acquire the two-dimensional code information of the subject matter use request, wherein the two-dimensional code information is generated by the lessor based on the public key and the contract lease information when the lease is signed;
  • the decoding unit may be used to decode the two-dimensional code information to obtain contract lease information, and generate subject matter use request data according to the contract lease information;
  • the second data obtaining module 404 may also be used to obtain the public key corresponding to the contract number from the data obtained after decoding the two-dimensional code information.
  • the device may further include:
  • the use right confirmation module may be used to obtain the contract lease information corresponding to the contract number according to the contract number when the signature verification is passed, and verify the use right of the subject matter use request data according to the contract lease information;
  • the first permission development module 410 can also be used to open the usage right after the usage right is verified.
  • the device may further include:
  • the data update module can be used to store the signed subject matter use request data and the verification result in the blockchain based on the contract number.
  • Another embodiment of this specification also provides a rental terminal, which may include:
  • the data receiving module may be used to receive subject matter use request data, where the subject matter use request data includes the contract number corresponding to the subject matter;
  • the data retrieval module can be used to retrieve the public key corresponding to the contract number and the first private key fragment of the lessor from the blockchain according to the contract number, wherein,
  • the private key and public key corresponding to the contract number are generated by the first lessor when the lease is signed.
  • the private key is divided into at least two pieces, including the first private key fragment used by the lessor for signing and the lessee For the second private key segment of the signature, the public key and the first private key segment are pre-stored in the blockchain by the lessor based on the contract number;
  • the second data signature module may be used to jointly sign the subject matter use request data through secure multi-party calculation based on the first private key fragment and the second private key fragment;
  • the second data verification module may be used to verify the signed subject matter use request data by using the public key
  • the instruction sending module can be used to issue an open use permission instruction to the subject end when the signature verification is passed.
  • the client may include a SIM card and/or TEE, and a data sending module, wherein the SIM card and/or TEE is used to store the tenant’s Two private key fragments;
  • the data sending module may be used to send subject matter use request data.
  • the subject matter use request data includes the contract number corresponding to the subject matter, so that the lessor can receive the subject matter use request data and obtain it according to the contract number.
  • the public key corresponding to the contract number and the lessor’ s first private key shard, and based on the lessor’s first private key shard and the lessee’s second private key shard to the subject matter through secure multi-party calculations
  • the request data is used for joint signature, and the public key is used to verify the signed subject matter use request data. When the signature verification is passed, the use authority is opened.
  • Another embodiment of this specification also provides a target end, and the target end may include;
  • the decoding module can be used to obtain the two-dimensional code information displayed by the second client, decode the two-dimensional code information, obtain contract lease information and public key, and generate subject matter use request data based on the contract lease information ;
  • the third data acquisition module may be used to acquire the first private key fragment of the lessor corresponding to the contract number according to the contract number;
  • the third data signature module can be used to jointly sign the subject matter use request data through a multi-party security algorithm based on the lessor’s first private key fragment and the lessee’s second private key fragment;
  • the third data verification module can be used to verify the signed subject matter use request data by using the public key
  • the second permission opening module can be used to open the usage permission when the signature verification is passed.
  • the client may include a SIM card and/or TEE, a data storage module, and a data display module, where:
  • the SIM card and/or TEE may be used to store the second private key fragments of the lessee;
  • the data storage module can be used to store the QR code information generated from the public key and the contract lease information
  • the data display module can be used to display the two-dimensional code information, so that the lessor can decode the two-dimensional code information to obtain the public key and contract lease information, and generate the use of the subject matter according to the contract lease information Request data, and obtain the lessor’s first private key segment based on the contract number in the contract lease information.
  • the multi-party security algorithms The subject matter uses request data for joint signature, and the public key is used to verify the signed subject matter use request data. When the signature verification is passed, the use authority is opened.
  • the above-mentioned device may also include other implementation manners according to the description of the method embodiment.
  • specific implementation manners reference may be made to the description of the related method embodiments, which will not be repeated here.
  • the temporary identity authentication device can automatically generate a public key and a private key after the lessor and the lessee reach an agreement, and divide the private key into at least two pieces.
  • the lessor and the lessee Each holds a private key.
  • the use request data can be jointly signed based on the lessee's second private key fragment and the lessor's first private key fragment through secure multi-party computing.
  • the public key is used to verify the correctness of the signature to verify the identity of the lessee and the right to use the subject matter.
  • the subject matter develops the use right to the lessee.
  • the user's right to temporarily use the subject matter can be quickly, simply and safely confirmed.
  • this specification also provides a temporary identity authentication device, including a processor and a memory storing executable instructions of the processor. When the instructions are executed by the processor, the temporary identity authentication method described in any of the above embodiments is implemented. step.
  • the above-mentioned device may also include other implementation manners according to the description of the method embodiment.
  • specific implementation manners reference may be made to the description of the related method embodiments, which will not be repeated here.
  • FIG. 9 is a hardware structural block diagram of a temporary identity authentication server applying the embodiment of this specification.
  • the server 10 may include one or more (only one is shown in the figure) processor 100 (the processor 100 may include, but is not limited to, a processing device such as a microprocessor MCU or a programmable logic device FPGA), The memory 200 for storing data, and the transmission module 300 for communication functions.
  • the structure shown in FIG. 9 is only for illustration, and does not limit the structure of the above-mentioned electronic device.
  • the server 10 may also include more or fewer components than shown in FIG. 9, for example, may also include other processing hardware, such as a database or multi-level cache, GPU, or have a different configuration from that shown in FIG. 9.
  • the memory 200 can be used to store software programs and modules of application software, such as program instructions/modules corresponding to the search method in the embodiment of the present invention.
  • the processor 100 executes various functions by running the software programs and modules stored in the memory 200 Application and data processing.
  • the memory 200 may include a high-speed random access memory, and may also include a non-volatile memory, such as one or more magnetic storage devices, flash memory, or other non-volatile solid-state memory.
  • the memory 200 may further include a memory remotely provided with respect to the processor 100, and these remote memories may be connected to a computer terminal through a network. Examples of the aforementioned networks include but are not limited to the Internet, corporate intranets, local area networks, mobile communication networks, and combinations thereof.
  • the transmission module 300 is used to receive or send data via a network.
  • the foregoing specific examples of the network may include a wireless network provided by a communication provider of a computer terminal.
  • the transmission module 300 includes a network adapter (Network Interface Controller, NIC), which can be connected to other network devices through a base station to communicate with the Internet.
  • the transmission module 300 may be a radio frequency (RF) module, which is used to communicate with the Internet in a wireless manner.
  • RF radio frequency
  • the storage medium may include a physical device for storing information, and the information is usually digitized and then stored in an electric, magnetic, or optical medium.
  • the storage medium may include: devices that use electrical energy to store information, such as various types of memory, such as RAM, ROM, etc.; devices that use magnetic energy to store information, such as hard disks, floppy disks, magnetic tapes, magnetic core memory, bubble memory, U disk; a device that uses optical means to store information, such as CD or DVD.
  • devices that use electrical energy to store information such as various types of memory, such as RAM, ROM, etc.
  • devices that use magnetic energy to store information such as hard disks, floppy disks, magnetic tapes, magnetic core memory, bubble memory, U disk
  • a device that uses optical means to store information such as CD or DVD.
  • quantum memory graphene memory, and so on.
  • the temporary identity authentication device described in the above embodiment can automatically generate a public key and a private key after the lessor and the lessee reach an agreement, and divide the private key into at least two pieces, and the lessor and the lessee each hold one piece of private key. key.
  • the use request data can be jointly signed based on the lessee's second private key fragment and the lessor's first private key fragment through secure multi-party computing.
  • the public key is used to verify the correctness of the signature to verify the identity of the lessee and the right to use the subject matter.
  • the subject matter develops the use right to the lessee.
  • the system can be a single server, or it can include server clusters, systems (including distributed systems), software (applications), and one or more of the methods described in this specification or one or more embodiments of the device.
  • the temporary identity authentication system may include at least one processor and a memory storing computer-executable instructions. The processor implements the steps of the method in any one or more of the foregoing embodiments when executing the instructions.
  • Fig. 10 shows a schematic structural diagram of a temporary identity authentication system provided by one or more embodiments of this specification.
  • the temporary identity authentication system may include a first client, a first object terminal, a first rental terminal, and a blockchain.
  • the first client may be used to store the second private key fragments of the lessee and send the subject matter use request data to the first renter, where the subject matter use request data includes the contract number corresponding to the subject matter.
  • the first rental terminal can be used to receive the subject matter use request data, and also to retrieve the public key corresponding to the contract number and the first private key of the lessor from the blockchain according to the contract number Based on the lessee’s second private key shard and the lessor’s first private key shard to jointly sign the subject matter use request data through secure multi-party computation, and use the public key to sign the subject matter
  • the object use request data is verified, and when the signature verification is passed, an instruction to open the use permission is issued to the first object end.
  • the first object terminal may be used to receive and respond to the open usage permission instruction sent by the first rental terminal.
  • the blockchain can be used to store contract lease information, public key and lessor’s first private key fragments, signed subject matter use request data, and verification results based on the contract number.
  • Fig. 11 shows a schematic structural diagram of a temporary identity authentication system provided by another embodiment of this specification.
  • the temporary identity authentication system may include a second client, a second object terminal, a second lease terminal, and a blockchain.
  • the second client can be used to store the second private key fragments of the lessee and the QR code information generated from the public key and the contract lease information;
  • the second object terminal can be used to obtain the QR code information displayed by the second client, decode the QR code information to obtain the public key and contract lease information, and generate the object according to the contract lease information Use the request data, and obtain the lessor’s first private key segment based on the contract number in the contract lease information. Based on the lessor’s first private key segment and the lessee’s second private key segment, the multi-party security algorithm is used to pair The subject matter uses request data to perform a joint signature, the public key is used to verify the signed subject matter use request data, and when the signature verification is passed, the use authority is opened;
  • the second rental end may be used to receive the signed subject matter use request data and verification result sent by the second subject matter end, and store the signed subject matter use request data and verification result based on the contract number To the blockchain;
  • the blockchain can be used to store contract lease information and signed subject matter use request data and verification results based on the contract number.
  • the temporary identity authentication system described in the above embodiment can automatically generate a public key and a private key after the lessor and the lessee reach an agreement, and divide the private key into at least two pieces. The lessor and the lessee each hold a piece of private key. key.
  • the use request data can be jointly signed based on the lessee's second private key fragment and the lessor's first private key fragment through secure multi-party computing.
  • the public key is used to verify the correctness of the signature to verify the identity of the lessee and the right to use the subject matter.
  • the subject matter develops the use right to the lessee.
  • the user's right to temporarily use the subject matter can be quickly, simply and safely confirmed.
  • the device or system described above in this specification may also include other implementation manners based on the description of the related method embodiments.
  • specific implementation manners refer to the description of the method embodiments, which will not be repeated here.
  • the various embodiments in this specification are described in a progressive manner, and the same or similar parts between the various embodiments can be referred to each other, and each embodiment focuses on the differences from other embodiments.
  • the description is relatively simple, and for related parts, please refer to the part of the description of the method embodiments.
  • a typical implementation device is a computer.
  • the computer may be, for example, a personal computer, a laptop computer, a vehicle-mounted human-computer interaction device, a cellular phone, a camera phone, a smart phone, a personal digital assistant, a media player, a navigation device, an email device, a game console, and a tablet.
  • Computers, wearable devices, or any combination of these devices may be specifically implemented by computer chips or entities, or implemented by products with certain functions.
  • the computer may be, for example, a personal computer, a laptop computer, a vehicle-mounted human-computer interaction device, a cellular phone, a camera phone, a smart phone, a personal digital assistant, a media player, a navigation device, an email device, a game console, and a tablet.
  • the functions are divided into various modules and described separately.
  • the function of each module can be realized in the same one or more software and/or hardware, or the module that realizes the same function can be realized by a combination of multiple sub-modules or sub-units, etc. .
  • the device embodiments described above are merely illustrative, for example, the division of the units is only a logical function division, and there may be other divisions in actual implementation, for example, multiple units or components can be combined or integrated To another system, or some features can be ignored, or not implemented.
  • the displayed or discussed mutual coupling or direct coupling or communication connection may be indirect coupling or communication connection through some interfaces, devices or units, and may be in electrical, mechanical or other forms.
  • controllers in addition to implementing the controller in a purely computer-readable program code manner, it is entirely possible to program the method steps to make the controller use logic gates, switches, application specific integrated circuits, programmable logic controllers and embedded The same function can be realized in the form of a microcontroller, etc. Therefore, such a controller can be regarded as a hardware component, and the devices included in the controller for realizing various functions can also be regarded as a structure within the hardware component. Or even, the device for realizing various functions can be regarded as both a software module for realizing the method and a structure within a hardware component.
  • These computer program instructions can also be stored in a computer-readable memory that can guide a computer or other programmable data processing equipment to work in a specific manner, so that the instructions stored in the computer-readable memory produce an article of manufacture including the instruction device.
  • the device implements the functions specified in one process or multiple processes in the flowchart and/or one block or multiple blocks in the block diagram.
  • These computer program instructions can also be loaded on a computer or other programmable data processing equipment, so that a series of operation steps are executed on the computer or other programmable equipment to produce computer-implemented processing, so as to execute on the computer or other programmable equipment.
  • the instructions provide steps for implementing functions specified in a flow or multiple flows in the flowchart and/or a block or multiple blocks in the block diagram.
  • the computing device includes one or more processors (CPU), input/output interfaces, network interfaces, and memory.
  • processors CPU
  • input/output interfaces network interfaces
  • memory volatile and non-volatile memory
  • one or more embodiments of this specification can be provided as a method, a system, or a computer program product. Therefore, one or more embodiments of this specification may adopt the form of a complete hardware embodiment, a complete software embodiment, or an embodiment combining software and hardware. Moreover, one or more embodiments of this specification may adopt a computer program implemented on one or more computer-usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) containing computer-usable program codes. The form of the product.
  • computer-usable storage media including but not limited to disk storage, CD-ROM, optical storage, etc.
  • One or more embodiments of this specification may be described in the general context of computer-executable instructions executed by a computer, such as program modules.
  • program modules include routines, programs, objects, components, data structures, etc. that perform specific tasks or implement specific abstract data types.
  • One or more embodiments of this specification can also be practiced in distributed computing environments. In these distributed computing environments, tasks are performed by remote processing devices connected through a communication network. In a distributed computing environment, program modules can be located in local and remote computer storage media including storage devices.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

Disclosed are a temporary identity authentication method, apparatus and system. The method comprises: acquiring subject matter usage request data, wherein the subject matter usage request data comprises a contract number corresponding to a subject matter; acquiring, according to the contract number, a public key corresponding to the contract number and a first private key fragment of a lessor, wherein a private key and the public key corresponding to the contract number are generated when the lessor signs a lease, and the private key is divided into at least two pieces, the pieces comprising the first private key fragment, which is used by the lessor to perform signing, and a second private key fragment, which is used by a lessee to perform signing; on the basis of the first private key fragment and the second private key fragment, jointly signing the subject matter usage request data by means of secure multi-party calculation; and using the public key to verify the signed subject matter usage request data, and when signature verification is passed, opening a usage permission. By using the various embodiments of the description, the temporary right to use a subject matter of a user can be quickly, simply and securely confirmed.

Description

一种临时身份认证方法、装置及系统Temporary identity authentication method, device and system 技术领域Technical field
本发明涉及计算机数据处理技术领域,特别地,涉及一种临时身份认证方法、装置及系统。The present invention relates to the technical field of computer data processing, and in particular, to a method, device and system for temporary identity authentication.
背景技术Background technique
传统对公寓、汽车等租用物体的使用往往是通过远程发送密码等形式进行,或者当面交付、邮寄钥匙或者门卡的方式进行。随着所有权和使用权的逐渐分离,共享汽车租赁、共享公寓等共享经济的快速发展,这些传统的方式存在效率较低的问题。且钥匙或门卡不方便而且容易被盗使用,短信密码同样面临密码被盗,进而导致公寓内物品失窃等潜在风险。如何更加方便安全的进行标的物使用权及身份确认成为亟待解决的技术问题。Traditionally, the use of rented objects such as apartments and cars is often carried out by sending passwords remotely, or by delivering in person, mailing keys or door cards. With the gradual separation of ownership and use rights, and the rapid development of shared economy such as shared car rentals and shared apartments, these traditional methods have the problem of low efficiency. In addition, the key or door card is inconvenient and easy to be stolen. The SMS password also faces potential risks such as theft of the password, which may lead to theft of items in the apartment. How to more conveniently and safely carry out the right to use the subject matter and confirm the identity has become an urgent technical problem to be solved.
发明内容Summary of the invention
本说明书实施例的目的在于提供一种临时身份认证方法、装置及系统,可以快速、简单、安全的确认用户对标的物的临时使用权。The purpose of the embodiments of this specification is to provide a temporary identity authentication method, device and system, which can quickly, simply and safely confirm the user's temporary use right of the subject matter.
本说明书提供一种临时身份认证方法、装置及系统是包括如下方式实现的:This manual provides a temporary identity authentication method, device and system which are implemented in the following ways:
一种临时身份认证方法,包括:A temporary identity authentication method, including:
获取标的物使用请求数据,所述标的物使用请求数据包括标的物对应的合同编号;Obtain subject matter use request data, where the subject matter use request data includes the contract number corresponding to the subject matter;
根据所述合同编号获取所述合同编号对应的公钥及出租方的第一私钥分片,其中,所述合同编号对应的私钥及公钥由出租方在租约签订时生成,所述私钥被划分成至少两片,包括出租方用于签名的第一私钥分片及承租方用于签名的第二私钥分片;Obtain the public key corresponding to the contract number and the lessor’s first private key fragment according to the contract number, wherein the private key and public key corresponding to the contract number are generated by the lessor when the lease is signed, and the private The key is divided into at least two pieces, including the first private key fragment used by the lessor for signing and the second private key fragment used by the lessee for signing;
基于所述第一私钥分片及第二私钥分片通过安全多方计算对所述标的物使用请求数据进行联合签名;Perform a joint signature on the subject matter use request data through secure multi-party calculation based on the first private key fragment and the second private key fragment;
利用所述公钥对签名后的标的物使用请求数据进行验证,当签名验证通过时,开放使用权限。The public key is used to verify the signed subject matter use request data, and when the signature verification is passed, the use right is opened.
本说明书提供的所述方法的另一个实施例中,所述根据所述合同编号获取所述合同编号对应的公钥以及出租方的第一私钥分片,包括:In another embodiment of the method provided in this specification, the obtaining the public key corresponding to the contract number and the first private key fragment of the lessor according to the contract number includes:
根据所述合同编号从区块链中获取所述合同编号对应的公钥以及出租方的第一私钥分片,其中,所述合同编号对应的公钥以及出租方的第一私钥分片预先由出租方基于所述合同编号存储在区块链中。Obtain the public key corresponding to the contract number and the lessor’s first private key fragment from the blockchain according to the contract number, wherein the public key corresponding to the contract number and the lessor’s first private key fragment It is stored in the blockchain by the lessor based on the contract number in advance.
本说明书提供的所述方法的另一个实施例中,所述获取标的物使用请求数据,包括:In another embodiment of the method provided in this specification, the obtaining the subject matter use request data includes:
获取标的物使用请求二维码信息,所述二维码信息由出租方在租约签订时基于公钥和合同租约信息生成;Obtain the two-dimensional code information of the target use request, the two-dimensional code information is generated by the lessor based on the public key and the contract lease information when the lease is signed;
对所述二维码信息进行解码处理获得合同租约信息,根据所述合同租约信息生成标的物使用请求数据;Decoding the two-dimensional code information to obtain contract lease information, and generate subject matter use request data according to the contract lease information;
相应的,所述根据合同编号获取所述合同编号对应的公钥包括从对所述二维码信息进行解码处理后获得的数据中获取所述合同编号对应的公钥。Correspondingly, the obtaining the public key corresponding to the contract number according to the contract number includes obtaining the public key corresponding to the contract number from the data obtained after decoding the two-dimensional code information.
本说明书提供的所述方法的另一个实施例中,所述方法还包括:In another embodiment of the method provided in this specification, the method further includes:
当签名验证通过时,根据所述合同编号获取所述合同编号对应的合同租约信息;When the signature verification is passed, obtain the contract lease information corresponding to the contract number according to the contract number;
根据所述合同租约信息对所述标的物使用请求数据进行使用权验证,相应的,当使用权验证通过后,开放使用权限。The use right verification is performed on the subject matter use request data according to the contract lease information, and correspondingly, the use right is opened after the use right verification is passed.
本说明书提供的所述方法的另一个实施例中,所述方法还包括:In another embodiment of the method provided in this specification, the method further includes:
将签名后的标的物使用请求数据及验证结果基于所述合同编号存储至区块链中。The signed subject matter use request data and the verification result are stored in the blockchain based on the contract number.
另一方面,本说明书实施例还提供一种临时身份认证装置,所述装置包括:On the other hand, the embodiment of this specification also provides a temporary identity authentication device, the device includes:
第一数据获取模块,用于获取标的物使用请求数据,所述标的物使用请求数据包括标的物对应的合同编号;The first data acquisition module is configured to acquire subject matter use request data, where the subject matter use request data includes the contract number corresponding to the subject matter;
第二数据获取模块,用于根据所述合同编号获取所述合同编号对应的公钥及出租方的第一私钥分片,其中,所述合同编号对应的私钥及公钥由出租方在租约签订时生成,所述私钥被划分成至少两片,包括出租方用于签名的第一私钥分片及承租方用于签名的第二私钥分片;The second data acquisition module is used to acquire the public key corresponding to the contract number and the lessor’s first private key fragments according to the contract number, wherein the private key and public key corresponding to the contract number are shared by the lessor Generated when the lease is signed, the private key is divided into at least two pieces, including the first private key fragment used by the lessor for signing and the second private key fragment used by the lessee for signing;
第一数据签名模块,用于基于所述第一私钥分片及第二私钥分片通过安全多方计算对所述标的物使用请求数据进行联合签名;The first data signature module is configured to jointly sign the subject matter use request data through secure multi-party calculation based on the first private key fragment and the second private key fragment;
第一数据验证模块,用于利用所述公钥对签名后的标的物使用请求数据进行验 证;The first data verification module is configured to verify the signed subject matter use request data by using the public key;
第一权限开放模块,用于当签名验证通过时,开放使用权限。The first permission opening module is used to open the usage permission when the signature verification is passed.
另一方面,本说明书实施例还提供一种临时身份认证设备,包括处理器及用于存储处理器可执行指令的存储器,所述指令被所述处理器执行时实现包括上述任意一个实施例所述方法的步骤。On the other hand, the embodiments of this specification also provide a temporary identity authentication device, which includes a processor and a memory for storing executable instructions of the processor. The steps of the method.
另一方面,本说明书实施例还提供一种临时身份认证方法,包括:On the other hand, the embodiment of this specification also provides a temporary identity authentication method, including:
第一客户端向第一出租端发送标的物使用请求数据,所述标的物使用请求数据包括标的物对应的合同编号;The first client sends the subject matter use request data to the first rental terminal, where the subject matter use request data includes the contract number corresponding to the subject matter;
第一出租端接收所述标的物使用请求数据,并根据所述合同编号从区块链中获取所述合同编号对应的公钥及出租方的第一私钥分片,其中,The first rental terminal receives the subject matter use request data, and obtains the public key corresponding to the contract number and the first private key fragment of the lessor from the blockchain according to the contract number, wherein,
所述合同编号对应的私钥及公钥由第一出租端在租约签订时生成,所述私钥被划分成至少两片,包括出租方用于签名的第一私钥分片及承租方用于签名的第二私钥分片,所述公钥以及第一私钥分片预先由出租方基于所述合同编号存储在区块链中,所述第二私钥分片存储在第一客户端中;The private key and public key corresponding to the contract number are generated by the first lessor when the lease is signed. The private key is divided into at least two pieces, including the first private key fragment used by the lessor for signing and the lessee For the signed second private key segment, the public key and the first private key segment are pre-stored in the blockchain by the lessor based on the contract number, and the second private key segment is stored in the first client End in
第一客户端及第一出租端基于所述第一私钥分片及第二私钥分片通过多方安全算法对所述标的物使用请求数据进行联合签名;The first client and the first renter jointly sign the subject matter use request data through a multi-party security algorithm based on the first private key fragment and the second private key fragment;
第一出租端利用所述公钥对签名后的标的物使用请求数据进行验证,当签名验证通过时,向第一标的物端下达开放使用权限指令,以使得所述第一标的物端开放使用权限。The first rental end uses the public key to verify the signed subject matter use request data, and when the signature verification is passed, it issues an open use permission instruction to the first subject matter end, so that the first subject matter end is open for use Permissions.
另一方面,本说明书实施例还提供一种出租端,所述出租端包括:On the other hand, the embodiment of this specification also provides a rental terminal, the rental terminal includes:
数据接收模块,用于接收标的物使用请求数据,所述标的物使用请求数据包括标的物对应的合同编号;A data receiving module for receiving subject matter use request data, where the subject matter use request data includes the contract number corresponding to the subject matter;
数据调取模块,用于根据所述合同编号获取从区块链中调取所述合同编号对应的公钥以及出租方的第一私钥分片,其中,The data retrieval module is used to retrieve the public key corresponding to the contract number and the first private key segment of the lessor from the blockchain according to the contract number, wherein,
所述合同编号对应的私钥及公钥由第一出租端在租约签订时生成,所述私钥被划分成至少两片,包括出租方用于签名的第一私钥分片及承租方用于签名的第二私钥分片,所述公钥以及第一私钥分片预先由出租方基于所述合同编号存储在区块链中;The private key and public key corresponding to the contract number are generated by the first lessor when the lease is signed. The private key is divided into at least two pieces, including the first private key fragment used by the lessor for signing and the lessee For the second private key segment of the signature, the public key and the first private key segment are pre-stored in the blockchain by the lessor based on the contract number;
第二数据签名模块,用于基于所述第一私钥分片及第二私钥分片通过安全多方计算对所述标的物使用请求数据进行联合签名;The second data signature module is configured to jointly sign the subject matter use request data through secure multi-party calculation based on the first private key fragment and the second private key fragment;
第二数据验证模块,用于利用所述公钥对签名后的标的物使用请求数据进行验证;The second data verification module is configured to use the public key to verify the signed subject matter use request data;
指令发送模块,用于当签名验证通过时,向标的物端下达开放使用权限指令。The instruction sending module is used to issue an open use permission instruction to the subject end when the signature verification is passed.
另一方面,本说明书实施例还提供一种客户端,所述客户端包括SIM卡和/或TEE、以及数据发送模块,其中,所述SIM卡和/或TEE用于存储承租方的第二私钥分片;On the other hand, the embodiment of this specification also provides a client, the client includes a SIM card and/or TEE, and a data sending module, wherein the SIM card and/or TEE is used to store the second Private key fragmentation;
所述数据发送模块,用于发送标的物使用请求数据,所述标的物使用请求数据包括标的物对应的合同编号,以使出租方接收所述标的物使用请求数据,根据所述合同编号获取所述合同编号对应的公钥以及出租方的第一私钥分片,以及,基于出租方的第一私钥分片以及承租方的第二私钥分片通过安全多方计算对所述标的物使用请求数据进行联合签名,并利用所述公钥对签名后的标的物使用请求数据进行验证,当签名验证通过时,开放使用权限。The data sending module is configured to send subject matter use request data, the subject matter use request data including the contract number corresponding to the subject matter, so that the lessor can receive the subject matter use request data, and obtain all data according to the contract number. The public key corresponding to the contract number and the lessor’s first private key fragment, and the use of the subject matter through secure multi-party calculation based on the lessor’s first private key fragment and the lessee’s second private key fragment The request data is jointly signed, and the signed subject matter use request data is verified by using the public key. When the signature verification is passed, the use authority is opened.
另一方面,本说明书实施例还提供一种临时身份认证系统,所述系统包括第一客户端、第一标的物端、第一出租端以及区块链,其中,On the other hand, the embodiment of the present specification also provides a temporary identity authentication system, the system includes a first client, a first object terminal, a first rental terminal, and a blockchain, wherein,
所述第一客户端用于存储承租方的第二私钥分片,以及向第一出租端发送标的物使用请求数据,所述标的物使用请求数据包括标的物对应的合同编号;The first client is used to store the second private key fragments of the lessee, and send the subject matter use request data to the first renter, the subject matter use request data including the contract number corresponding to the subject matter;
所述第一出租端用于接收所述标的物使用请求数据,以及,还用于根据所述合同编号从区块链中调取所述合同编号对应公钥及出租方的第一私钥分片,并基于承租方的第二私钥分片及出租方的第一私钥分片通过安全多方计算对所述标的物使用请求数据进行联合签名,利用所述公钥对签名后的标的物使用请求数据进行验证,当签名验证通过时,向第一标的物端下达开放使用权限指令;The first rental terminal is used to receive the subject matter use request data, and is also used to retrieve the public key corresponding to the contract number and the first private key of the lessor from the blockchain according to the contract number. Based on the lessee’s second private key shard and the lessor’s first private key shard to jointly sign the subject matter use request data through secure multi-party computing, and use the public key to sign the subject matter Use the requested data for verification, and when the signature verification is passed, issue an open-use permission instruction to the first subject;
所述第一标的物端用于接收以及响应所述第一出租端发送的开放使用权限指令;The first subject end is used to receive and respond to the open use permission instruction sent by the first rental end;
所述区块链用于基于合同编号存储合同租约信息、公钥及出租方的第一私钥分片、签名后的标的物使用请求数据、验证结果。The blockchain is used to store contract lease information, public key and lessor’s first private key fragments, signed subject matter use request data, and verification results based on the contract number.
另一方面,本说明书实施例还提供一种临时身份认证方法,包括:On the other hand, the embodiment of this specification also provides a temporary identity authentication method, including:
第二标的物端获取第二客户端展示的二维码信息,所述二维码信息由出租方在租约签订时基于合同租约信息和公钥生成;The second object terminal obtains the QR code information displayed by the second client, and the QR code information is generated by the lessor based on the contract lease information and the public key when the lease is signed;
其中,所述合同租约信息以及对应的私钥、公钥由出租方在租约签订时生成,所述私钥被划分成至少两片,包括出租方用于签名的第一私钥分片及承租方用于签名的 第二私钥分片,所述第一私钥分片存储在第一标的物端,所述第二私钥分片存储在第二客户端;Wherein, the contract lease information and the corresponding private key and public key are generated by the lessor when the lease is signed, and the private key is divided into at least two pieces, including the first private key segment used by the lessor for signing and the lease The second private key fragment used by the party for signing, the first private key fragment is stored on the first subject end, and the second private key fragment is stored on the second client;
所述第二标的物端对所述二维码信息进行解码处理,获得合同租约信息及公钥,并根据所述合同租约信息生成标的物使用请求数据;The second object terminal decodes the two-dimensional code information, obtains contract lease information and a public key, and generates object use request data according to the contract lease information;
所述第二标的物端根据所述合同租约信息中的合同编号获取所述合同编号对应的第一私钥分片;Obtaining, by the second object terminal, the first private key fragment corresponding to the contract number according to the contract number in the contract lease information;
第二标的物端及第二客户端基于所述第一私钥分片及所述第二私钥分片通过多方安全算法对所述标的物使用请求数据进行联合签名;The second subject end and the second client use a multi-party security algorithm to jointly sign the subject use request data based on the first private key fragment and the second private key fragment;
第二标的物端利用所述公钥对签名后的标的物使用请求数据进行验证,以及当签名验证通过时,开放使用权限。The second subject end uses the public key to verify the signed subject use request data, and when the signature verification is passed, the use right is opened.
另一方面,本说明书实施例还提供一种标的物端,所述标的物端包括;On the other hand, the embodiments of this specification also provide a target end, the target end includes;
解码模块,用于获取第二客户端展示的二维码信息,对所述二维码信息进行解码处理,获得合同租约信息及公钥,并根据所述合同租约信息生成标的物使用请求数据;The decoding module is used to obtain the two-dimensional code information displayed by the second client, decode the two-dimensional code information, obtain contract lease information and public key, and generate subject matter use request data according to the contract lease information;
第三数据获取模块,用于根据所述合同编号获取所述合同编号对应的出租方的第一私钥分片;The third data acquisition module is configured to acquire the first private key fragment of the lessor corresponding to the contract number according to the contract number;
第三数据签名模块,用于基于出租方的第一私钥分片以及承租方的第二私钥分片通过多方安全算法对所述标的物使用请求数据进行联合签名;The third data signature module is used to jointly sign the subject matter use request data through a multi-party security algorithm based on the lessor’s first private key fragment and the lessee’s second private key fragment;
第三数据验证模块,用于利用所述公钥对签名后的标的物使用请求数据进行验证;The third data verification module is configured to use the public key to verify the signed subject matter use request data;
第二权限开放模块,用于当签名验证通过时,开放使用权限。The second permission opening module is used to open the usage permission when the signature verification is passed.
另一方面,本说明书实施例还提供一种客户端,所述客户端包括SIM卡和/或TEE、数据存储模块以及数据展示模块,其中,On the other hand, the embodiments of this specification also provide a client, the client includes a SIM card and/or TEE, a data storage module, and a data display module, wherein:
所述SIM卡和/或TEE用于存储承租方的第二私钥分片;The SIM card and/or TEE is used to store the second private key fragments of the lessee;
所述数据存储模块用于存储由公钥和合同租约信息生成的二维码信息;The data storage module is used to store the QR code information generated from the public key and the contract lease information;
所述数据展示模块,用于展示所述二维码信息,以使出租方对所述二维码信息进行解码处理获得公钥和合同租约信息,并根据所述合同租约信息生成标的物使用请求数据,以及,根据合同租约信息中的合同编号获取出租方的第一私钥分片,基于出租方的第一私钥分片以及承租方的第二私钥分片通过多方安全算法对所述标的物使用请求数据进行联合签名,利用所述公钥对签名后的标的物使用请求数据进行验证,当 签名验证通过时,开放使用权限。The data display module is used to display the two-dimensional code information, so that the lessor can decode the two-dimensional code information to obtain the public key and contract lease information, and generate a subject matter use request based on the contract lease information Data, and, according to the contract number in the contract lease information to obtain the lessor’s first private key fragment, based on the lessor’s first private key fragment and the lessee’s second private key fragment, the multi-party security algorithm The subject matter uses the request data for joint signature, and the public key is used to verify the signed subject matter use request data. When the signature verification is passed, the use authority is opened.
另一方面,本说明书实施例还提供一种临时身份认证系统,所述系统包括第二客户端、第二标的物端、第二出租端以及区块链,其中,On the other hand, the embodiment of this specification also provides a temporary identity authentication system, the system includes a second client, a second subject end, a second rental end, and a blockchain, wherein,
所述第二客户端用于存储承租方的第二私钥分片,以及由公钥和合同租约信息生成的二维码信息;The second client is used to store the second private key fragments of the lessee and the QR code information generated from the public key and the contract lease information;
所述第二标的物端用于获取第二客户端展示的二维码信息,对所述二维码信息进行解码处理获得公钥和合同租约信息,并根据所述合同租约信息生成标的物使用请求数据,以及,根据合同租约信息中的合同编号获取出租方的第一私钥分片,基于出租方的第一私钥分片以及承租方的第二私钥分片通过多方安全算法对所述标的物使用请求数据进行联合签名,利用所述公钥对签名后的标的物使用请求数据进行验证,当签名验证通过时,开放使用权限;The second subject end is used to obtain the two-dimensional code information displayed by the second client, decode the two-dimensional code information to obtain the public key and contract lease information, and generate the use of the subject matter according to the contract lease information Request data, and obtain the lessor’s first private key segment based on the contract number in the contract lease information. Based on the lessor’s first private key segment and the lessee’s second private key segment, the multi-party security algorithms The subject matter use request data is jointly signed, the public key is used to verify the signed subject matter use request data, and when the signature verification is passed, the use authority is opened;
所述第二出租端用于接收第二标的物端发送的签名后的标的物使用请求数据及验证结果,并基于所述合同编号将所述签名后的标的物使用请求数据及验证结果存储至区块链中;The second rental terminal is used to receive the signed subject matter use request data and the verification result sent by the second subject matter terminal, and store the signed subject matter use request data and the verification result in the contract number based on the contract number. In the blockchain;
所述区块链用于基于合同编号存储合同租约信息以及签名后的标的物使用请求数据、验证结果。The blockchain is used to store contract lease information, signed subject matter use request data, and verification results based on the contract number.
本说明书一个或多个实施例提供的临时身份认证方法、装置及系统,可以通过在出租方与承租方达成协议后,自动生成公钥和私钥,并将私钥至少分成两片,由出租方和承租方各持一片私钥。当承租方使用标的物时,可以基于承租方的第二私钥分片以及出租方的第一私钥分片通过安全多方计算对使用请求数据联合进行签名。然后,再利用公钥对签名的正确性进行验证,以验证承租方的身份及对标的物的使用权,当验证签名正确时,标的物向承租方开发使用权限。利用本说明书各个实施例,通过利用安全多方计算联合签名的方式,可以快速、简单、安全的确认用户对标的物的临时使用权。The temporary identity authentication method, device, and system provided in one or more embodiments of this specification can automatically generate a public key and a private key after the lessor and the lessee reach an agreement, and divide the private key into at least two pieces. The party and the lessee each hold a private key. When the lessee uses the subject matter, the use request data can be jointly signed based on the lessee's second private key fragment and the lessor's first private key fragment through secure multi-party computing. Then, the public key is used to verify the correctness of the signature to verify the identity of the lessee and the right to use the subject matter. When the signature is verified, the subject matter develops the use right to the lessee. Using the various embodiments of this specification, by using a secure multi-party calculation of the joint signature, the user's right to temporarily use the subject matter can be quickly, simply and safely confirmed.
附图说明Description of the drawings
为了更清楚地说明本说明书实施例或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本说明书中记载的一些实施例,对于本领域普通技术人员来讲,在不付出创造性 劳动性的前提下,还可以根据这些附图获得其他的附图。在附图中:In order to more clearly explain the technical solutions in the embodiments of this specification or the prior art, the following will briefly introduce the drawings that need to be used in the description of the embodiments or the prior art. Obviously, the drawings in the following description are only These are some embodiments described in this specification. For those of ordinary skill in the art, other drawings can be obtained based on these drawings without creative labor. In the attached picture:
图1为本说明书提供的一种临时身份认证方法实施例的流程示意图;FIG. 1 is a schematic flowchart of an embodiment of a temporary identity authentication method provided in this specification;
图2为本说明书提供的一个实施例中的临时身份认证注册阶段示意图;Figure 2 is a schematic diagram of the temporary identity authentication registration phase in an embodiment provided in this specification;
图3为本说明书提供的另一个实施例中的临时身份认证使用阶段示意图;Fig. 3 is a schematic diagram of a temporary identity authentication use phase in another embodiment provided in this specification;
图4为本说明书提供的另一种临时身份认证方法实施例的流程示意图;4 is a schematic flowchart of another embodiment of a temporary identity authentication method provided in this specification;
图5为本说明书提供的另一个实施例中的临时身份认证注册阶段示意图;FIG. 5 is a schematic diagram of the temporary identity authentication registration stage in another embodiment provided in this specification;
图6为本说明书提供的另一个实施例中的临时身份认证使用阶段示意图;FIG. 6 is a schematic diagram of a temporary identity authentication use phase in another embodiment provided in this specification;
图7为本说明书提供的另一种临时身份认证方法实施例的流程示意图;FIG. 7 is a schematic flowchart of another embodiment of a temporary identity authentication method provided in this specification;
图8为本说明书提供的一种临时身份认证装置实施例的模块结构示意图;8 is a schematic diagram of the module structure of an embodiment of a temporary identity authentication device provided in this specification;
图9为根据本说明书的一个示例性实施例的服务器的示意结构图;Fig. 9 is a schematic structural diagram of a server according to an exemplary embodiment of the present specification;
图10为本说明书提供的另一个实施例中的临时身份认证系统的结构示意图;Figure 10 is a schematic structural diagram of a temporary identity authentication system in another embodiment provided in this specification;
图11为本说明书提供的另一个实施例中的临时身份认证系统的结构示意图。Fig. 11 is a schematic structural diagram of a temporary identity authentication system in another embodiment provided in this specification.
具体实施方式Detailed ways
为了使本技术领域的人员更好地理解本说明书中的技术方案,下面将结合本说明书一个或多个实施例中的附图,对本说明书一个或多个实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅是说明书一部分实施例,而不是全部的实施例。基于说明书一个或多个实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都应当属于本说明书实施例方案保护的范围。In order to enable those skilled in the art to better understand the technical solutions in this specification, the following will make clear and complete the technical solutions in one or more embodiments of this specification in conjunction with the drawings in one or more embodiments of this specification. It is obvious that the described embodiments are only a part of the embodiments in the specification, rather than all the embodiments. Based on one or more embodiments of the specification, all other embodiments obtained by a person of ordinary skill in the art without creative work shall fall within the protection scope of the embodiment scheme of this specification.
传统对公寓、汽车等租用物体的使用往往是通过远程发送密码等形式进行,或者当面交付、邮寄钥匙或者门卡的方式进行。随着所有权和使用权的逐渐分离,共享汽车租赁、共享公寓等共享经济的快速发展,这些传统的方式存在效率较低的问题。且钥匙或门卡不方便而且容易被盗使用,短信密码同样面临密码被盗,进而导致公寓内物品失窃等潜在风险。如何更加方便安全的进行标的物使用权及身份确认成为亟待解决的技术问题。Traditionally, the use of rented objects such as apartments and cars is often carried out by sending passwords remotely, or by delivering in person, mailing keys or door cards. With the gradual separation of ownership and use rights, and the rapid development of shared economy such as shared car rentals and shared apartments, these traditional methods have the problem of low efficiency. In addition, the key or door card is inconvenient and easy to be stolen. The SMS password also faces potential risks such as theft of the password, which may lead to theft of items in the apartment. How to more conveniently and safely carry out the right to use the subject matter and confirm the identity has become an urgent technical problem to be solved.
相应的,本说明书实施例提供了一种临时身份认证方法,可以通过在出租方与承租方达成协议后,自动生成公钥和私钥,并将私钥至少分成两片,由出租方和承租方各持一片私钥。当承租方使用标的物时,可以基于承租方的第二私钥分片以及出租方的第一私钥分片通过安全多方计算对使用请求数据联合进行签名。然后,再利用公钥 对签名的正确性进行验证,以验证承租方的身份及对标的物的使用权,当验证签名正确时,标的物向承租方开发使用权限。利用本说明书各个实施例,通过利用安全多方计算联合签名的方式,可以快速、简单、安全的确认用户对标的物的临时使用权。Correspondingly, the embodiment of this specification provides a temporary identity authentication method, which can automatically generate a public key and a private key after an agreement is reached between the lessor and the lessee, and divide the private key into at least two pieces. Each party holds a private key. When the lessee uses the subject matter, the use request data can be jointly signed based on the lessee's second private key fragment and the lessor's first private key fragment through secure multi-party computing. Then, the public key is used to verify the correctness of the signature to verify the identity of the lessee and the right to use the subject matter. When the signature is verified, the subject matter develops the use right to the lessee. Using the various embodiments of this specification, by using a secure multi-party calculation of the joint signature, the user's right to temporarily use the subject matter can be quickly, simply and safely confirmed.
本说明书实施例中,所述出租方可以指租赁双方中的出租待租赁的标的物的一方,所述承租方可以是指租赁双方中租赁待租赁的标的物的一方。所述标的物可以是指合同租约对应的出租方与承租方所共同指向的对象,所述标的物可以是指一类或者多类租赁物,也可以是指特定的某一个或者多个租赁物。如对于共享汽车租赁,可以指出租方所提供的所有汽车,也可以指符合一定要求的一种型号或者多种型号的汽车,或者,也可以指特定的某一辆或者多辆汽车,这里不做限定。可以在注册时,由出租方和/或承租方根据需求自行确定。In the embodiments of this specification, the lessor may refer to the party that leases the subject matter to be leased among the two parties to the lease, and the lessee may refer to the party that leases the subject matter to be leased among the two parties to the lease. The subject matter may refer to the object to which the lessor and the lessee corresponding to the contract lease are directed together. The subject matter may refer to one or more types of leased properties, or one or more specific leased properties. . For example, for shared car rental, it can refer to all cars provided by the lessor, one or more models that meet certain requirements, or one or more specific cars. Make a limit. It can be determined by the lessor and/or lessee at the time of registration.
客户端可以包括承租方的终端设备,如可以为手机、电脑、智能手表等智能设备。出租端可以包括出租方对应的系统、服务期或者其他终端设备。标的物端可以包括待租赁的标的物对应的智能设备,如共享汽车、共享公寓等的门锁或者其他智能控制设备。The client can include the terminal equipment of the lessee, for example, it can be a smart device such as a mobile phone, a computer, and a smart watch. The rental end may include the system, service period, or other terminal equipment corresponding to the lessor. The subject end may include smart devices corresponding to the subject to be rented, such as door locks for shared cars, shared apartments, or other smart control devices.
承租方初次使用标的物前,出租方和承租方对标的物的使用可以预先达成一定的使用协议。例如,对于共享汽车、共享公寓等共享经济对应的应用场景中,承租方在第一使用时,可以先进行使用注册。一些实施方式中,出租方还可以要求承租方预先进行如身份证验证、生物特征信息验证等身份信息证验证。当验证通过后,进行进一步的使用注册,如输入欲租赁的标的物、租赁时段、使用权限等等。Before the lessee uses the subject matter for the first time, the lessor and the lessee may reach a certain use agreement in advance for the use of the subject matter. For example, in application scenarios corresponding to the sharing economy, such as shared cars and shared apartments, the lessee can register for the first use. In some implementations, the lessor may also require the lessee to perform identity information verification such as ID verification and biometric information verification in advance. After the verification is passed, further use registration is performed, such as entering the subject matter to be leased, the lease period, the use authority, etc.
一些实施方式中,在注册过程中,出租方系统还可以生成对应的私钥及公钥,所述私钥可以至少分成两部分,一部分保存在出租方,一部分保存在承租方。当完成注册后,可以生成合同租约信息,每个合同租约信息可以对应有合同编号。可以利用合同编号对该租约信息、私钥、公钥以及后期的使用记录数据等进行标识,以提高整个使用过程中权限验证以及数据查询的准确性、简便性。相应的,所述合同租约信息可以包括合同编号、出租人、承租人身份、出租时段、出租标的物、使用权限等。In some implementations, during the registration process, the lessor system can also generate a corresponding private key and public key. The private key can be divided into at least two parts, one part stored in the lessor and the other part stored in the lessee. After the registration is completed, contract lease information can be generated, and each contract lease information can correspond to a contract number. The contract number can be used to identify the lease information, private key, public key, and later use record data, etc., to improve the accuracy and simplicity of authorization verification and data query during the entire use process. Correspondingly, the contract lease information may include the contract number, the lessor, the identity of the lessee, the rental period, the rental subject matter, the use authority, etc.
在完成注册后,承租方可以将其对应的私钥分片与所述合同编号进行关联后,保存到安全区域。一些实施方式中,承租方可以将其私钥分片存在其终端设备的SIM卡(Subscriber Identification Module,用户身份识别卡)中或者CPU(中央处理器)的TEE(Trust Execution Environment、可信执行环境)中,或者,拆分成更小的分片分 别存在SIM卡和TEE中。出租方可以将出租方对应的私钥分片与所述合同编号关联后,存储在出租方的系统中。After completing the registration, the lessee can associate its corresponding private key fragment with the contract number and save it in a safe area. In some implementations, the lessee may slice its private key into the SIM card (Subscriber Identification Module, user identification card) of its terminal device or the TEE (Trust Execution Environment) of the CPU (Central Processing Unit), trusted execution environment ), or split into smaller pieces and store them in the SIM card and TEE respectively. The lessor may associate the private key segment corresponding to the lessor with the contract number and store it in the lessor's system.
一些实施方式中,所述公钥和合同租约信息也可以与所述合同编号关联后,连同出租方的私钥分片一起存储在出租方的系统中。本说明书的一个实施例中,所述公钥、出租方的私钥分片及合同租约信息可以与所述合同编号关联,由出租方上传至区块链中进行存储。In some embodiments, the public key and the contract lease information may also be associated with the contract number and stored in the lessor’s system together with the lessor’s private key fragments. In an embodiment of this specification, the public key, the private key fragment of the lessor, and the contract lease information may be associated with the contract number and uploaded by the lessor to the blockchain for storage.
另一些实施方式中,所述公钥和合同租约信息也可以由承租方与所述合同编号关联后,存储在承租方的终端设备中。本说明书的一个实施例中,可以将公钥和合同租约信息转换成二维码发送给承租方,由承租方保存在其对应的终端设备中,相应的,承租方在使用标的物时,可以直接利用该二维码扫描来启动身份验证,提高身份验证启动的简便性。In other embodiments, the public key and the contract lease information may also be stored in the terminal device of the lessee after being associated with the contract number by the lessee. In an embodiment of this specification, the public key and the contract lease information can be converted into a QR code and sent to the lessee, and the lessee will save it in its corresponding terminal device. Accordingly, when the lessee uses the subject matter, it can Directly use the QR code scanning to start identity verification, which improves the simplicity of starting identity verification.
在完成注册、私钥分发以及数据存储后,承租方在使用标的物时,可以发起使用请求,并在使用权以及身份验证通过后,进行相应标的物的使用。相应的,图1表示本说明书提供的一种临时身份认证方法的流程示意图。如图1所示,本说明书提供的临时身份认证方法的一个实施例中,所述方法可以包括:After completing registration, private key distribution, and data storage, the lessee can initiate a use request when using the subject matter, and use the subject matter after the right to use and identity verification are passed. Correspondingly, FIG. 1 shows a schematic flowchart of a temporary identity authentication method provided in this specification. As shown in Figure 1, in an embodiment of the temporary identity authentication method provided in this specification, the method may include:
S102:获取标的物使用请求数据,所述标的物使用请求数据包括标的物对应的合同编号。S102: Acquire subject matter use request data, where the subject matter use request data includes a contract number corresponding to the subject matter.
出租方可以获取承租方的标的物使用请求数据,所述标的物使用请求数据可以包括合同编号、使用时间、客户端对应的ID等。一些实施方式中,所述使用请求数据中还可以包括当前待租赁的标的物的参数数据,如对于共享汽车应用场景中,所述使用请求数据还可以包括待租赁的标的物的车牌号、位置等。The lessor may obtain the subject matter use request data of the lessee, and the subject matter use request data may include the contract number, the use time, the ID corresponding to the client, and the like. In some implementations, the use request data may also include parameter data of the subject matter to be rented. For example, in a shared car application scenario, the use request data may also include the license plate number and location of the subject matter to be rented. Wait.
本说明书的一些实施例中,承租方可以通过其对应的终端设备发送标的物使用请求数据,所述标的物使用请求数据可以由承租方对应的终端设备上生成,并通过蓝牙、wifi等发送给出租方对应的终端设备或服务器。In some embodiments of this specification, the lessee may send the subject matter use request data through its corresponding terminal device, and the subject matter use request data may be generated on the terminal device corresponding to the lessee and sent to it via Bluetooth, wifi, etc. The terminal device or server corresponding to the lessor.
本说明书的另一些实施例中,所述获取标的物使用请求数据还可以包括:获取标的物使用请求二维码信息,所述二维码信息由出租方在租约签订时基于公钥和合同租约信息生成;对所述二维码信息进行解码处理获得合同租约信息,根据所述合同租约信息生成标的物使用请求数据。In other embodiments of the present specification, the obtaining of the subject matter use request data may further include: obtaining subject matter use request two-dimensional code information, the two-dimensional code information is based on the public key and the contract lease when the lease is signed by the lessor Information generation; decoding the two-dimensional code information to obtain contract lease information, and generate subject matter use request data based on the contract lease information.
若合同租约签订时,出租方将公钥和合同租约信息转换成二维码发送给承租方, 则承租方可以直接利用该二维码扫描来启动身份验证。相应的,出租方可以扫描识别该二维码,并对该二维码进行解码处理,获得相应的合同租约信息和公钥信息。同时,可以基于该合同租约信息以及请求的时间、地点、标的物对应的参数等生成标的物使用请求数据。相应的,所述标的物使用请求数据中包含有合同编号,并利用合同编号进行标识。If when the contract lease is signed, the lessor converts the public key and the contract lease information into a QR code and sends it to the lessee, then the lessee can directly use the QR code to scan to initiate identity verification. Correspondingly, the lessor can scan and recognize the two-dimensional code, and decode the two-dimensional code to obtain the corresponding contract lease information and public key information. At the same time, the subject matter use request data can be generated based on the contract lease information, the requested time, place, and parameters corresponding to the subject matter. Correspondingly, the subject matter use request data contains a contract number, and the contract number is used for identification.
S104:根据所述合同编号获取所述合同编号对应的公钥及出租方的第一私钥分片。S104: Obtain the public key corresponding to the contract number and the first private key fragment of the lessor according to the contract number.
出租方可以获取所述合同编号对应的合同租约信息、公钥以及出租方的第一私钥分片。一些实施方式中,若出租方将生成的合同租约信息、公钥以及出租方的第一私钥分片与合同编号关联后,上传至区块链进行保存。相应的,出租方可以在接收所述标的物数据请求数据后,根据合同编号从区块链上获取该合同编号对对应的合同租约信息、公钥以及出租方的第一私钥分片。The lessor can obtain the contract lease information corresponding to the contract number, the public key, and the lessor's first private key fragment. In some implementations, if the lessor associates the generated contract lease information, public key, and lessor's first private key fragments with the contract number, upload them to the blockchain for storage. Correspondingly, after receiving the subject matter data request data, the lessor can obtain the contract lease information, the public key, and the lessor’s first private key fragment corresponding to the contract number from the blockchain according to the contract number.
另一些实施方式中,若承租方利用二维码发起使用请求,则出租方可以在对二维码解码处理后,获得相应的公钥信息。然后,出租方还可以根据对二维码解码处理后获得合同编号,然后,从出租方的终端设备、服务器系统或者区块链中根据合同编号调取出租方的第一私钥分片。In other embodiments, if the lessee uses the QR code to initiate a use request, the lessor can obtain the corresponding public key information after decoding the QR code. Then, the lessor can also obtain the contract number after decoding the two-dimensional code, and then retrieve the lessor’s first private key segment from the lessor’s terminal device, server system or blockchain according to the contract number.
S106:基于所述第一私钥分片及第二私钥分片通过安全多方计算对所述标的物使用请求数据进行联合签名。S106: Perform a joint signature on the subject matter use request data through secure multi-party calculation based on the first private key fragment and the second private key fragment.
出租方在获取该合同编号对应的公钥以及出租方的第一私钥分片后,可以发起对使用请求数据的联合签名。相应的,联合签名验证过程中,承租方也可以根据合同编号从其对应的终端设备中调取该合同编号对应的第二私钥分片。After obtaining the public key corresponding to the contract number and the lessor’s first private key fragments, the lessor can initiate a joint signature on the use request data. Correspondingly, during the joint signature verification process, the lessee can also retrieve the second private key segment corresponding to the contract number from its corresponding terminal device according to the contract number.
出租方和承租方可以基于出租方的第一私钥分片以及承租方的第二私钥分片通过安全多方计算对使用请求数据进行联合签名。安全多方计算可以提供原始数据在无需归集情况下的协同计算能力,利用安全多方计算的方式联合两方的私钥分片进行协同计算,可以在保证两方私钥数据均不离开各自节点的前提下,完成联合签名。The lessor and the lessee can jointly sign the use request data through secure multi-party calculation based on the lessor's first private key fragment and the lessee's second private key fragment. Secure multi-party computing can provide collaborative computing capabilities for raw data without pooling. Using secure multi-party computing to combine the private key shards of the two parties for collaborative computing can ensure that the private key data of both parties does not leave their respective nodes. Under the premise, complete the joint signature.
S108:利用所述公钥对签名后的标的物使用请求数据进行验证,当签名验证通过 时,开放使用权限。S108: Use the public key to verify the signed subject matter use request data, and when the signature verification is passed, the use right is opened.
双方利用各自的私钥对使用请求数据完成多方安全计算联合签名后,出租方可以利用所述公钥对签名后的标的物使用请求数据进行验证,以确定承租方的身份和使用权。利用安全多方计算进行联合签名,再利用公钥来验证联合签名的正确性,可以在有效保证两方私钥保密性的同时,更加简单有效且安全的实现对承租人身份的确认。After the two parties use their private keys to complete the multi-party security calculation joint signature of the use request data, the lessor can use the public key to verify the signed subject use request data to determine the identity and use right of the lessee. The use of secure multi-party calculations for joint signatures and the use of public keys to verify the correctness of the joint signatures can effectively ensure the confidentiality of the private keys of the two parties, while achieving simple, effective and safe confirmation of the identity of the tenant.
如果签名验证通过,则可以确认承租方的身份以及使用权,相应的,标的物对应的智能设备可以向承租方开放使用权限。如共享汽车的门锁打开,同时,共享汽车的控制设备向承租方开发使用权限,承租方可以启动共享汽车。If the signature verification is passed, the identity and usage rights of the lessee can be confirmed. Accordingly, the smart device corresponding to the subject matter can open the usage rights to the lessee. For example, the door lock of the shared car is opened, and at the same time, the control device of the shared car develops the use authority to the lessee, and the lessee can start the shared car.
当租约过期后,系统还可以自动删除用户的使用权。如可以对承租方的使用权进行禁用、或者删除租约对应的私钥以及公钥数据等。当租约过期或者签名验证错误时,出租方可以向承租方发送验证失败消息。When the lease expires, the system can also automatically delete the user's right to use. For example, the right to use the lessee can be disabled, or the private key and public key data corresponding to the lease can be deleted. When the lease expires or the signature verification is incorrect, the lessor can send a verification failure message to the lessee.
本说明书的一个实施例中,出租方还可以将签名后的使用请求数据及验证结果根据合同编号上传至区块链中。通过将每次计算和使用请求根据合同编号录入区块链中,可以便于后续的数据查询。In an embodiment of this specification, the lessor may also upload the signed use request data and the verification result to the blockchain according to the contract number. By entering each calculation and use request into the blockchain according to the contract number, subsequent data query can be facilitated.
本说明书的另一个实施例中,在利用所述公钥对签名后的标的物使用请求数据进行签名验证通过后,出租方还可以根据所述合同租约信息对所述标的物使用请求数据进行使用权验证。In another embodiment of this specification, after using the public key to sign and verify the signed subject matter use request data, the lessor can also use the subject matter use request data according to the contract lease information Right to verify.
所述合同租约信息中可以包括用户的使用权限、标的物的型号或种类等限制。出租方还可以根据合同租约信息对当前使用请求进行验证。如当前使用请求不在标的物的租赁时段内,或者,当前待租赁的标的物不符合合同租约信息中的要求等,则出租端可以向客户方反馈相关请求失败的信息,同时,也可以发送使用请求失败的原因等。若当前使用请求对应的使用权验证通过,则标的物可以向承租方开发使用权限。The contract lease information may include restrictions such as the user's usage authority, the model or type of the subject matter, and so on. The lessor can also verify the current use request based on the contractual lease information. If the current use request is not within the lease period of the subject matter, or the subject matter currently to be leased does not meet the requirements of the contract lease information, etc., the renter can feed back information about the failure of the relevant request to the client, and at the same time, it can also send the use The reason for the request failure, etc. If the use right verification corresponding to the current use request is passed, the subject matter can develop the use right to the lessee.
上述实施例提供的方案,在承租方身份和使用权初次验证通过后,进一步根据合同租约信息对使用权限、标的物的型号或种类等进行验证,可以进一步准确的确认用户对待租赁的标的物的使用权限。In the solution provided by the above embodiments, after the initial verification of the identity of the lessee and the right to use, the use authority, the model or type of the subject matter, etc. are further verified according to the contract lease information, which can further accurately confirm the user’s lease of the subject matter. Use permissions.
图2和图3表示本说明书提供的一个场景实施例中的临时使用权及身份认证流程示意图。Figures 2 and 3 show a schematic diagram of a temporary use right and identity authentication process in a scenario embodiment provided in this specification.
如图2所示,在完成注册后,承租方可以将其对应的私钥分片与所述合同编号进 行关联后,保存到安全区域。一些实施方式中,承租方可以将其私钥分片存在其终端设备的SIM卡中或者CPU的TEE中,或者,拆分成更小的分片分别存在SIM卡和TEE中。出租方可以将公钥、出租方对应的私钥分片以及合同租约信息与所述合同编号关联后,由出租方将所述信息登记至区块链中进行保存。As shown in Figure 2, after completing the registration, the lessee can associate its corresponding private key fragment with the contract number and save it in a safe area. In some embodiments, the lessee may divide its private key into the SIM card of its terminal device or the TEE of the CPU, or divide it into smaller pieces and store them in the SIM card and TEE respectively. The lessor can associate the public key, the private key fragment corresponding to the lessor, and the contract lease information with the contract number, and the lessor can register the information in the blockchain for storage.
在完成注册、私钥分发以及数据存储后,承租方在使用标的物时,可以发起使用请求,并在使用权以及身份验证通过后,进行相应标的物的使用。如图3所示,用户可以通过客户端发起使用请求,客户端可以将使用请求数据通过蓝牙、WIFI等发给待租赁的公寓或汽车等标的物对应的智能设备,相应的,所述使用请求数据可以包括合同编号、使用时间、待租赁的标的物参数数据、客户端ID等。所述标的物对应的智能设备可将使用请求数据发送给出租端,以使得出租端进行身份和临时使用权验证。After completing registration, private key distribution, and data storage, the lessee can initiate a use request when using the subject matter, and use the subject matter after the right to use and identity verification are passed. As shown in Figure 3, the user can initiate a use request through the client, and the client can send the use request data to the smart device corresponding to the subject matter such as the apartment or car to be rented through Bluetooth, WIFI, etc., correspondingly, the use request The data can include contract number, usage time, parameter data of the subject to be leased, client ID, etc. The smart device corresponding to the subject matter can send the use request data to the renter, so that the renter can verify the identity and temporary use right.
所述出租端在接收到使用请求数据后,可以根据使用请求数据中的合同编号从区块链中读取所述合并编号对应的出租方的第一私钥分片以及公钥。然后,可以通过安全多方计算联合出租方的第一私钥分片以及承租方的第二私钥分片对使用请求数据进行联合签名。然后,可以利用所述公钥对联合签名的正确性进行验证。After receiving the use request data, the renter can read the first private key segment and public key of the renter corresponding to the merge number from the blockchain according to the contract number in the use request data. Then, the first private key segment of the joint lessor and the second private key segment of the lessee can be used to jointly sign the usage request data through a secure multi-party calculation. Then, the public key can be used to verify the correctness of the joint signature.
当验证通过后,出租端可以向标的物对应的智能设备发送开放使用权限指令,如向智能门锁下达打开指令。当然,也可以在签名验证通过后,出租端还可以进一步根据合同租约信息验证使用请求的使用权限、标的物的型号或种类等,然后,在二次验证通过后,向标的物对应的智能设备发送开放使用权限指令。同时,出租端还可以将每次计算、使用情况根据租约合同编号记录至区块链中,方便后续进行追踪溯源。After the verification is passed, the rental terminal can send an instruction to open the use permission to the smart device corresponding to the subject matter, for example, an instruction to open the smart door lock. Of course, after the signature verification is passed, the rental terminal can further verify the use permission of the use request, the model or type of the subject matter, etc. according to the contract lease information, and then, after the second verification is passed, the smart device corresponding to the subject matter Send an open access instruction. At the same time, the rental terminal can also record each calculation and usage status in the blockchain according to the lease contract number to facilitate subsequent traceability.
图4表示本说明书提供的另一种临时身份认证方法流程示意图。如图4所示,基于上述场景实施例,本说明书一个或者多个实施例中还提供一种临时身份认证方法,所述方法可以包括:Figure 4 shows a schematic flow diagram of another temporary identity authentication method provided in this specification. As shown in FIG. 4, based on the foregoing scenario embodiment, one or more embodiments of this specification also provide a temporary identity authentication method, and the method may include:
S202:第一客户端向第一出租端发送标的物使用请求数据,所述标的物使用请求数据包括标的物对应的合同编号;S202: The first client sends subject matter use request data to the first rental terminal, where the subject matter use request data includes a contract number corresponding to the subject matter;
S204:第一出租端接收所述标的物使用请求数据,并根据所述合同编号从区块链中获取所述合同编号对应的公钥及出租方的第一私钥分片;S204: The first rental terminal receives the subject matter use request data, and obtains the public key corresponding to the contract number and the first private key fragment of the lessor from the blockchain according to the contract number;
其中,所述合同编号对应的私钥及公钥由第一出租端在租约签订时生成,所述私钥被划分成至少两片,包括出租方用于签名的第一私钥分片及承租方用于签名的第二 私钥分片,所述公钥以及第一私钥分片预先由出租方基于所述合同编号存储在区块链中,所述第二私钥分片存储在第一客户端中;Wherein, the private key and public key corresponding to the contract number are generated by the first renter when the lease is signed, and the private key is divided into at least two pieces, including the first private key fragment and the renter used by the lessor for signing The second private key fragment used by the party for signing, the public key and the first private key fragment are pre-stored in the blockchain by the lessor based on the contract number, and the second private key fragment is stored in the first In a client;
S206:第一客户端及第一出租端基于所述第一私钥分片及第二私钥分片通过多方安全算法对所述标的物使用请求数据进行联合签名;S206: The first client and the first renter jointly sign the subject matter use request data through a multi-party security algorithm based on the first private key fragment and the second private key fragment;
S208:第一出租端利用所述公钥对签名后的标的物使用请求数据进行验证,当签名验证通过时,向第一标的物端下达开放使用权限指令,以使得所述第一标的物端开放使用权限。S208: The first renting terminal uses the public key to verify the signed subject matter use request data, and when the signature verification is passed, it issues an open use permission instruction to the first subject matter terminal, so that the first subject matter terminal Open access.
第一出租端可以接收第一客户端发送的标的物使用请求数据,然后,可以根据标的物使用请求数据中的合同编号从区块链中获取所述合同编号对应的公钥以及出租方的第一私钥分片。然后,第一出租端和第一承租端可以基于安全多方计算协议,利用出租方的第一私钥分片以及承租方的第二私钥分片进行安全多方计算签名,并利用公钥对联合签名的正确性进行验证,以验证承租方的身份以及使用权。具体的实现方式可以参考上述实施例进行,这里不做赘述。The first rental end may receive the subject matter use request data sent by the first client, and then, according to the contract number in the subject matter use request data, obtain the public key corresponding to the contract number and the lessor’s second from the blockchain. A private key fragment. Then, the first renter and the first renter can use the first private key fragment of the lessor and the second private key fragment of the lessee to perform a secure multiparty calculation signature based on the secure multiparty computing protocol, and use the public key to join The correctness of the signature is verified to verify the identity of the tenant and the right to use. The specific implementation can be done with reference to the above-mentioned embodiments, which will not be repeated here.
需要说明的是,本说明书实施例中的第一客户端、第二客户端、第一出租端、第二出租端等仅仅是为了便于描述而进行的区分定义,实际使用时,各终端的结构和功能可以相同,也可以不同,由具体的实施方式进行确定。It should be noted that the first client, the second client, the first rental terminal, the second rental terminal, etc. in the embodiments of this specification are merely differentiated definitions for ease of description. In actual use, the structure of each terminal And the function can be the same or different, which is determined by the specific implementation.
利用上述实施例提供的方案,基于安全多方计算进行两方联合签名来对承租方进行验证,可以大大提高租赁物使用过程中使用权及身份验证的便捷性以及安全性。Utilizing the solution provided by the foregoing embodiment, the two-party joint signature is performed to verify the lessee based on secure multi-party calculation, which can greatly improve the convenience and security of the use right and identity verification during the use of the leased property.
可选的,本说明书的另一个实施例中,所述方法还可以包括:Optionally, in another embodiment of this specification, the method may further include:
当签名验证通过时时,第一出租端根据所述合同编号从区块链中获取所述合同编号对应的合同租约信息,其中,所述合同编号对应的合同租约信息预先由出租方基于所述合同编号存储在区块链中;When the signature verification is passed, the first leaser obtains the contract lease information corresponding to the contract number from the blockchain according to the contract number, wherein the contract lease information corresponding to the contract number is pre-assigned by the lessor based on the contract The serial number is stored in the blockchain;
第一出租端根据所述合同租约信息对所述标的物使用请求数据进行使用权验证;The first rental terminal verifies the use right of the subject matter use request data according to the contract lease information;
相应的,当使用权验证通过后,第一出租端向第一标的物端下达开放使用权限指令,以使得所述第一标的物端开放使用权限。Correspondingly, after the verification of the use right is passed, the first rental terminal issues an instruction to open the use right to the first subject end, so that the first subject end opens the use right.
利用上述实施例提供的方案,可以进一步准确的确认用户对带租赁的标的物的使用权限。Using the solution provided by the foregoing embodiment, the user's right to use the leased subject matter can be further accurately confirmed.
可选的,本说明书的另一个实施例中,所述方法还可以包括:Optionally, in another embodiment of this specification, the method may further include:
所述第一出租端将签名后的标的物使用请求数据及验证结果基于所述合同编号 存储至区块链中。The first rental terminal stores the signed subject matter use request data and the verification result in the blockchain based on the contract number.
上述实施例提供的方案,将每次计算、使用情况根据租约合同编号记录至区块链中,可以便于对整个租赁过程中数据的查询。The solution provided by the foregoing embodiment records each calculation and usage situation in the blockchain according to the lease contract number, which can facilitate data query during the entire lease process.
上述一个或者多个实施例的具体实现方式可以参照前述相关处理实施例的描述,在此不做一一赘述。For the specific implementation of one or more of the foregoing embodiments, reference may be made to the description of the foregoing related processing embodiments, and details are not repeated here.
本说明书上述各个实施例,通过将私钥拆分并分别分配给出租方和承租方,由承租方和出租方进行分别保存。承租方可以将私钥分片存储在自己的智能设备的SIM卡和/或TEE中,出租方可以利用区块链来保存私钥分片信息,从而进一步提高私钥分片存储的安全性。然后,实际使用时,两方可以分别利用各自的私钥分片,在保证两方私钥数据均不离开各自节点的前提下,基于安全多方计算协议完成联合签名。然后,出租方可以再利用公钥验证签名的正确性,从而实现对承租方身份的快速安全验证。利用本说明书各个实施例,可以大大提高租赁物使用过程中使用权及身份验证的便捷性以及安全性。In each of the above-mentioned embodiments of this specification, the private key is split and allocated to the lessor and the lessee respectively, and the lessee and the lessee are kept separately. The lessee can store the private key fragments in the SIM card and/or TEE of its smart device, and the lessor can use the blockchain to store the private key fragment information, thereby further improving the security of the private key fragment storage. Then, in actual use, the two parties can use their respective private key fragments to complete the joint signature based on the secure multi-party computing protocol under the premise that the private key data of the two parties does not leave their respective nodes. Then, the lessor can use the public key to verify the correctness of the signature, so as to realize the fast and safe verification of the identity of the lessee. Using the various embodiments of the present specification can greatly improve the convenience and security of the use right and identity verification during the use of the leased property.
图5和图6表示本说明书提供的另一个场景实施例中的临时使用权及身份认证流程示意图。5 and 6 are schematic diagrams of the temporary use right and identity authentication process in another scenario embodiment provided in this specification.
如图5所示,在完成注册后,承租方可以将其对应的私钥分片与所述合同编号进行关联后,保存到安全区域。一些实施方式中,承租方可以将其私钥分片存在其终端设备的SIM卡中或者CPU的TEE中,或者,拆分成更小的分片分别存在SIM卡和TEE中。出租方可以将出租方对应的私钥分片与所述合同编号关联后,由出租方将该私钥分片发给个标的物端进行保存。同时,出租方还可以将公钥和合同租约信息转换成二维码发送给承租方,由承租方保存在其对应的终端设备中。As shown in Figure 5, after completing the registration, the lessee can associate its corresponding private key fragment with the contract number and save it in a secure area. In some embodiments, the lessee may divide its private key into the SIM card of its terminal device or the TEE of the CPU, or divide it into smaller pieces and store them in the SIM card and TEE respectively. The lessor may associate the private key fragment corresponding to the lessor with the contract number, and the lessor may send the private key fragment to the target object for storage. At the same time, the lessor can also convert the public key and the contract lease information into a QR code and send it to the lessee, and the lessee will save it in its corresponding terminal device.
在完成注册、私钥分发以及数据存储后,承租方在使用标的物时,可以发起使用请求,并在使用权以及身份验证通过后,进行相应标的物的使用。如图6所示,用户可以通过客户端展示预先保存的二维码,标的物端可以扫描识别该二维码,并对该二维码进行解码处理,获得合同租约信息和公钥。同时,可以基于该合同租约信息以及请求的时间、地点、标的物对应的参数等生成标的物使用请求数据。After completing registration, private key distribution, and data storage, the lessee can initiate a use request when using the subject matter, and use the subject matter after the right to use and identity verification are passed. As shown in Figure 6, the user can display the pre-saved QR code through the client, and the subject end can scan and recognize the QR code and decode the QR code to obtain the contract lease information and the public key. At the same time, the subject matter use request data can be generated based on the contract lease information, the requested time, place, and parameters corresponding to the subject matter.
标的物端在生成标的物使用请求数据后,可以发起联合签名,由承租方和出租方利用双方的私钥分片对所述标的物使用请求数据进行多方安全计算联合签名。一些实 施方式中,标的物端和客户端之间可以通过如蓝牙、WIFI、红外、无线等方式建立连接,并可以在该连接通道上利用多方安全计算进行租约有效性验证。验证过程中可以使用两方的私钥分片联合对本次使用的使用请求数据(即使用记录)进行签名。After the subject matter end generates the subject matter use request data, it can initiate a joint signature, and the lessee and the lessor use the private key fragments of both parties to perform a multi-party security calculation joint signature on the subject matter use request data. In some implementations, a connection between the subject end and the client can be established through methods such as Bluetooth, WIFI, infrared, wireless, etc., and multi-party security calculations can be used on the connection channel to verify the validity of the lease. During the verification process, the private keys of the two parties can be used to jointly sign the usage request data (ie usage record) used this time.
然后,标的物端可以利用公钥对该签名进行验证,若验证正确,则可以向承租方开放使用权限。当然,在签名验证通过后,标的物端或者出租端还可以进一步根据合同租约信息验证使用请求的使用权限、标的物的型号或种类等,然后,在二次验证通过后,标的物端再向承租方开放使用权限。Then, the subject end can use the public key to verify the signature, and if the verification is correct, it can open the use right to the lessee. Of course, after the signature verification is passed, the subject end or the rental end can further verify the use permission of the use request, the model or type of the subject matter, etc. according to the contract lease information, and then, after the second verification is passed, the subject end will send the The lessee opens the right to use.
同时,标的物端还可以将每次计算、使用情况与合同编号关联后发送给出租端,由出租端根据合同编号记录至区块链中,方便后续进行追踪溯源。At the same time, the subject end can also associate each calculation and usage with the contract number and send it to the rental end, which will record it in the blockchain according to the contract number to facilitate subsequent traceability.
图7表示本说明书提供的另一种临时身份认证方法流程示意图。如图7所示,基于上述场景实施例,本说明书一个或者多个实施例中还提供一种临时身份认证方法,所述方法可以包括:Figure 7 shows a schematic flow diagram of another temporary identity authentication method provided in this specification. As shown in FIG. 7, based on the foregoing scenario embodiment, one or more embodiments of this specification also provide a temporary identity authentication method, and the method may include:
S302:第二标的物端获取第二客户端展示的二维码信息,所述二维码信息由出租方在租约签订时基于合同租约信息和公钥生成;S302: The second object terminal obtains the QR code information displayed by the second client, and the QR code information is generated by the lessor based on the contract lease information and the public key when the lease is signed;
其中,所述合同租约信息以及对应的私钥、公钥由出租方在租约签订时生成,所述私钥被划分成至少两片,包括出租方用于签名的第一私钥分片及承租方用于签名的第二私钥分片,所述第一私钥分片存储在第一标的物端,所述第二私钥分片存储在第二客户端;Wherein, the contract lease information and the corresponding private key and public key are generated by the lessor when the lease is signed, and the private key is divided into at least two pieces, including the first private key segment used by the lessor for signing and the lease The second private key fragment used by the party for signing, the first private key fragment is stored on the first subject end, and the second private key fragment is stored on the second client;
S304:所述第二标的物端对所述二维码信息进行解码处理,获得合同租约信息及公钥,并根据所述合同租约信息生成标的物使用请求数据;S304: The second object terminal decodes the two-dimensional code information, obtains contract lease information and a public key, and generates object use request data according to the contract lease information;
S306:所述第二标的物端根据所述合同租约信息中的合同编号获取所述合同编号对应的第一私钥分片;S306: The second object terminal obtains the first private key fragment corresponding to the contract number according to the contract number in the contract lease information;
S308:第二标的物端及第二客户端基于所述第一私钥分片及所述第二私钥分片通过多方安全算法对所述标的物使用请求数据进行联合签名;S308: The second subject end and the second client jointly sign the subject use request data through a multi-party security algorithm based on the first private key fragment and the second private key fragment;
S310:第二标的物端利用所述公钥对签名后的标的物使用请求数据进行验证,以及当签名验证通过时,开放使用权限。S310: The second subject end uses the public key to verify the signed subject use request data, and when the signature verification passes, the use right is opened.
可以在租约签订时生成私钥和公钥,然后,将私钥进行拆分后分别由出租方和承租方进行分开保存。然后,还可以将合同租约信息和公钥转换成二维码,发送给承租方,承租方在实际使用时可以利用二维码扫描来启动身份验证。然后,出租方和承 租方可以利用两方私钥分片进行多方安全计算联合签名,出租方再利用公钥验证签名的正确性,进而确认承租方的身份及使用权利。The private key and public key can be generated when the lease is signed, and then the private key is split and kept separately by the lessor and the lessee. Then, the contract lease information and public key can be converted into a QR code and sent to the lessee. The lessee can use the QR code scan to initiate identity verification during actual use. Then, the lessor and the lessee can use the private keys of the two parties to perform multi-party secure calculation of joint signatures. The lessor then uses the public key to verify the correctness of the signature, and then confirm the lessee's identity and usage rights.
由于上述二维码仅包含相关的公钥部分,并不包含私钥部分,即使承租方的二维码被第三方恶意盗取,盗用者在利用该二维码进行扫描时由于没有相应的私钥,也不能进行相应的联合签名,因此,也不会得到合法的使用权。Since the above two-dimensional code only contains the relevant public key part and not the private key part, even if the lessee’s two-dimensional code is maliciously stolen by a third party, the thief does not have the corresponding private key when scanning the two-dimensional code. The key can't carry out the corresponding joint signature, so it will not get the legal right to use.
优选的,本说明书的另一个实施例中,所述方法还可以包括:Preferably, in another embodiment of this specification, the method may further include:
当签名验证通过时,第二标的物端根据对二维码解码处理后获得的合同租约信息对所述标的物使用请求数据进行使用权验证;When the signature verification is passed, the second subject end verifies the use right of the subject matter use request data according to the contract lease information obtained after decoding the QR code;
相应的,当使用权验证通过后,所述第二标的物端开放使用权限。Correspondingly, after the verification of the use right is passed, the end of the second target object opens the use right.
优选的,本说明书的另一个实施例中,所述方法还可以包括:Preferably, in another embodiment of this specification, the method may further include:
所述第二标的物端将签名后的标的物使用请求数据及验证结果发送至第二出租端;The second object terminal sends the signed object use request data and the verification result to the second rental terminal;
所述第二出租端将所述签名后的标的物使用请求数据及验证结果基于所述合同编号存储至区块链中。The second rental terminal stores the signed subject matter use request data and the verification result in the blockchain based on the contract number.
上述一个或者多个实施例的具体实现方式可以参照前述相关处理实施例的描述,在此不做一一赘述。For the specific implementation of one or more of the foregoing embodiments, reference may be made to the description of the foregoing related processing embodiments, and details are not repeated here.
利用本说明书上述各个实施例,承租方可以直接利用二维码进行使用权验证,大大提高了使用权验证的便捷性。同时,由于二维码中仅包含了公钥,且验证过程中必须两方联合签名才能实现使用权的正确验证,从而进一步提高了使用权验证的安全性。Using the foregoing embodiments of this specification, the lessee can directly use the QR code to verify the use right, which greatly improves the convenience of the use right verification. At the same time, since the two-dimensional code only contains the public key, and the two parties must jointly sign in the verification process to achieve the correct verification of the use right, which further improves the security of the use right verification.
本说明书中的各个实施例均采用递进的方式描述,各个实施例之间相同相似的部分互相参见即可,每个实施例重点说明的都是与其他实施例的不同之处。具体的可以参照前述相关处理相关实施例的描述,在此不做一一赘述。The various embodiments in this specification are described in a progressive manner, and the same or similar parts between the various embodiments can be referred to each other, and each embodiment focuses on the differences from other embodiments. For details, reference may be made to the description of the foregoing related processing related embodiments, which will not be repeated here.
上述对本说明书特定实施例进行了描述。其它实施例在所附权利要求书的范围内。在一些情况下,在权利要求书中记载的动作或步骤可以按照不同于实施例中的顺序来执行并且仍然可以实现期望的结果。另外,在附图中描绘的过程不一定要求示出的特定顺序或者连续顺序才能实现期望的结果。在某些实施方式中,多任务处理和并行处理也是可以的或者可能是有利的。The foregoing describes specific embodiments of this specification. Other embodiments are within the scope of the appended claims. In some cases, the actions or steps described in the claims may be performed in a different order than in the embodiments and still achieve desired results. In addition, the processes depicted in the drawings do not necessarily require the specific order or sequential order shown to achieve the desired result. In certain embodiments, multitasking and parallel processing are also possible or may be advantageous.
本说明书一个或多个实施例提供的临时身份认证方法,可以通过在出租方与承租 方达成协议后,自动生成公钥和私钥,并将私钥至少分成两片,由出租方和承租方各持一片私钥。当承租方使用标的物时,可以基于承租方的第二私钥分片以及出租方的第一私钥分片通过安全多方计算对使用请求数据联合进行签名。然后,再利用公钥对签名的正确性进行验证,以验证承租方的身份及对标的物的使用权,当验证签名正确时,标的物向承租方开发使用权限。利用本说明书各个实施例,通过利用安全多方计算联合签名的方式,可以快速、简单、安全的确认用户对标的物的临时使用权。The temporary identity authentication method provided by one or more embodiments of this specification can automatically generate a public key and a private key after an agreement is reached between the lessor and the lessee, and divide the private key into at least two pieces. Each holds a private key. When the lessee uses the subject matter, the use request data can be jointly signed based on the lessee's second private key fragment and the lessor's first private key fragment through secure multi-party computing. Then, the public key is used to verify the correctness of the signature to verify the identity of the lessee and the right to use the subject matter. When the signature is verified, the subject matter develops the use right to the lessee. Using the various embodiments of this specification, by using a secure multi-party calculation of the joint signature, the user's right to temporarily use the subject matter can be quickly, simply and safely confirmed.
基于上述所述的临时身份认证方法,本说明书一个或多个实施例还提供一种临时身份认证装置。所述的装置可以包括使用了本说明书实施例所述方法的系统、软件(应用)、模块、组件、服务器等并结合必要的实施硬件的装置。基于同一创新构思,本说明书实施例提供的一个或多个实施例中的装置如下面的实施例所述。由于装置解决问题的实现方案与方法相似,因此本说明书实施例具体的装置的实施可以参见前述方法的实施,重复之处不再赘述。以下所使用的,术语“单元”或者“模块”可以实现预定功能的软件和/或硬件的组合。尽管以下实施例所描述的装置较佳地以软件来实现,但是硬件,或者软件和硬件的组合的实现也是可能并被构想的。具体的,图8表示说明书提供的一种临时身份认证装置实施例的模块结构示意图,如图8所示,所述装置可以包括:Based on the aforementioned temporary identity authentication method, one or more embodiments of this specification also provide a temporary identity authentication device. The described devices may include systems, software (applications), modules, components, servers, etc. that use the methods described in the embodiments of this specification, combined with necessary implementation hardware devices. Based on the same innovative concept, the devices in one or more embodiments provided in the embodiments of this specification are as described in the following embodiments. Since the implementation scheme of the device to solve the problem is similar to the method, the implementation of the specific device in the embodiment of this specification can refer to the implementation of the foregoing method, and the repetition will not be repeated. As used below, the term "unit" or "module" can be a combination of software and/or hardware that implements predetermined functions. Although the devices described in the following embodiments are preferably implemented by software, hardware or a combination of software and hardware is also possible and conceived. Specifically, FIG. 8 shows a schematic diagram of the module structure of an embodiment of a temporary identity authentication device provided in the specification. As shown in FIG. 8, the device may include:
第一数据获取模块402,可以用于获取标的物使用请求数据,所述标的物使用请求数据包括标的物对应的合同编号;The first data acquisition module 402 may be used to acquire subject matter use request data, where the subject matter use request data includes a contract number corresponding to the subject matter;
第二数据获取模块404,可以用于根据所述合同编号获取所述合同编号对应的公钥及出租方的第一私钥分片,其中,所述合同编号对应的私钥及公钥由出租方在租约签订时生成,所述私钥被划分成至少两片,包括出租方用于签名的第一私钥分片及承租方用于签名的第二私钥分片;The second data acquisition module 404 can be used to acquire the public key corresponding to the contract number and the first private key fragment of the lessor according to the contract number, wherein the private key and the public key corresponding to the contract number are leased The party generates when the lease is signed, and the private key is divided into at least two pieces, including the first private key fragment used by the lessor for signing and the second private key fragment used by the lessee for signing;
第一数据签名模块406,可以用于基于所述第一私钥分片及第二私钥分片通过安全多方计算对所述标的物使用请求数据进行联合签名;The first data signature module 406 may be used to jointly sign the subject matter use request data through secure multi-party calculation based on the first private key fragment and the second private key fragment;
第一数据验证模块408,可以用于利用所述公钥对签名后的标的物使用请求数据进行验证;The first data verification module 408 may be used to verify the signed subject matter use request data by using the public key;
第一权限开放模块410,可以用于当签名验证通过时,开放使用权限。The first permission opening module 410 can be used to open the usage permission when the signature verification is passed.
利用上述实施例提供的方案,基于安全多方计算进行两方联合签名来对承租方进 行验证,可以大大提高租赁物使用过程中使用权及身份验证的便捷性以及安全性。Utilizing the solution provided by the foregoing embodiment, the two-party joint signature is performed to verify the lessee based on secure multi-party calculation, which can greatly improve the convenience and security of the right to use and identity verification during the use of the leased property.
本说明书的另一个实施例中,所述第二数据获取模块404可以包括:In another embodiment of this specification, the second data acquisition module 404 may include:
第一数据获取单元,可以用于根据所述合同编号从区块链中获取所述合同编号对应的公钥以及出租方的第一私钥分片,其中,所述合同编号对应的公钥以及出租方的第一私钥分片预先由出租方基于所述合同编号存储在区块链中。The first data obtaining unit may be used to obtain the public key corresponding to the contract number and the first private key fragment of the lessor from the blockchain according to the contract number, wherein the public key corresponding to the contract number and The lessor’s first private key segment is previously stored in the blockchain by the lessor based on the contract number.
本说明书的另一个实施例中,所述第一数据获取模块可402以包括:In another embodiment of the present specification, the first data acquisition module 402 may include:
第二数据获取单元,可以用于获取标的物使用请求二维码信息,其中,所述二维码信息由出租方在租约签订时基于公钥和合同租约信息生成;The second data acquisition unit may be used to acquire the two-dimensional code information of the subject matter use request, wherein the two-dimensional code information is generated by the lessor based on the public key and the contract lease information when the lease is signed;
解码单元,可以用于对所述二维码信息进行解码处理获得合同租约信息,根据所述合同租约信息生成标的物使用请求数据;The decoding unit may be used to decode the two-dimensional code information to obtain contract lease information, and generate subject matter use request data according to the contract lease information;
相应的,所述第二数据获取模块404还可以用于从对所述二维码信息进行解码处理后获得的数据中获取所述合同编号对应的公钥。Correspondingly, the second data obtaining module 404 may also be used to obtain the public key corresponding to the contract number from the data obtained after decoding the two-dimensional code information.
本说明书的另一个实施例中,所述装置还可以包括:In another embodiment of the present specification, the device may further include:
使用权确认模块,可以用于当签名验证通过时,根据所述合同编号获取所述合同编号对应的合同租约信息,根据所述合同租约信息对所述标的物使用请求数据进行使用权验证;The use right confirmation module may be used to obtain the contract lease information corresponding to the contract number according to the contract number when the signature verification is passed, and verify the use right of the subject matter use request data according to the contract lease information;
相应的,所述第一权限开发模块410还可以用于当使用权验证通过后,开放使用权限。Correspondingly, the first permission development module 410 can also be used to open the usage right after the usage right is verified.
本说明书的另一个实施例中,所述装置还可以包括:In another embodiment of the present specification, the device may further include:
数据更新模块,可以用于将签名后的标的物使用请求数据及验证结果基于所述合同编号存储至区块链中。The data update module can be used to store the signed subject matter use request data and the verification result in the blockchain based on the contract number.
本说明书的另一个实施例中还提供一种出租端,所述出租端可以包括:Another embodiment of this specification also provides a rental terminal, which may include:
数据接收模块,可以用于接收标的物使用请求数据,所述标的物使用请求数据包括标的物对应的合同编号;The data receiving module may be used to receive subject matter use request data, where the subject matter use request data includes the contract number corresponding to the subject matter;
数据调取模块,可以用于根据所述合同编号获取从区块链中调取所述合同编号对应的公钥以及出租方的第一私钥分片,其中,The data retrieval module can be used to retrieve the public key corresponding to the contract number and the first private key fragment of the lessor from the blockchain according to the contract number, wherein,
所述合同编号对应的私钥及公钥由第一出租端在租约签订时生成,所述私钥被划分成至少两片,包括出租方用于签名的第一私钥分片及承租方用于签名的第二私钥分片,所述公钥以及第一私钥分片预先由出租方基于所述合同编号存储在区块链中;The private key and public key corresponding to the contract number are generated by the first lessor when the lease is signed. The private key is divided into at least two pieces, including the first private key fragment used by the lessor for signing and the lessee For the second private key segment of the signature, the public key and the first private key segment are pre-stored in the blockchain by the lessor based on the contract number;
第二数据签名模块,可以用于基于所述第一私钥分片及第二私钥分片通过安全多方计算对所述标的物使用请求数据进行联合签名;The second data signature module may be used to jointly sign the subject matter use request data through secure multi-party calculation based on the first private key fragment and the second private key fragment;
第二数据验证模块,可以用于利用所述公钥对签名后的标的物使用请求数据进行验证;The second data verification module may be used to verify the signed subject matter use request data by using the public key;
指令发送模块,可以用于当签名验证通过时,向标的物端下达开放使用权限指令。The instruction sending module can be used to issue an open use permission instruction to the subject end when the signature verification is passed.
本说明书的另一个实施例中还提供一种客户端,所述客户端可以包括SIM卡和/或TEE、以及数据发送模块,其中,所述SIM卡和/或TEE用于存储承租方的第二私钥分片;Another embodiment of this specification also provides a client. The client may include a SIM card and/or TEE, and a data sending module, wherein the SIM card and/or TEE is used to store the tenant’s Two private key fragments;
所述数据发送模块,可以用于发送标的物使用请求数据,所述标的物使用请求数据包括标的物对应的合同编号,以使出租方接收所述标的物使用请求数据,根据所述合同编号获取所述合同编号对应的公钥以及出租方的第一私钥分片,以及,基于出租方的第一私钥分片以及承租方的第二私钥分片通过安全多方计算对所述标的物使用请求数据进行联合签名,并利用所述公钥对签名后的标的物使用请求数据进行验证,当签名验证通过时,开放使用权限。The data sending module may be used to send subject matter use request data. The subject matter use request data includes the contract number corresponding to the subject matter, so that the lessor can receive the subject matter use request data and obtain it according to the contract number. The public key corresponding to the contract number and the lessor’s first private key shard, and based on the lessor’s first private key shard and the lessee’s second private key shard to the subject matter through secure multi-party calculations The request data is used for joint signature, and the public key is used to verify the signed subject matter use request data. When the signature verification is passed, the use authority is opened.
本说明书的另一个实施例中还提供一种标的物端,所述标的物端可以包括;Another embodiment of this specification also provides a target end, and the target end may include;
解码模块,可以用于获取第二客户端展示的二维码信息,对所述二维码信息进行解码处理,获得合同租约信息及公钥,并根据所述合同租约信息生成标的物使用请求数据;The decoding module can be used to obtain the two-dimensional code information displayed by the second client, decode the two-dimensional code information, obtain contract lease information and public key, and generate subject matter use request data based on the contract lease information ;
第三数据获取模块,可以用于根据所述合同编号获取所述合同编号对应的出租方的第一私钥分片;The third data acquisition module may be used to acquire the first private key fragment of the lessor corresponding to the contract number according to the contract number;
第三数据签名模块,可以用于基于出租方的第一私钥分片以及承租方的第二私钥分片通过多方安全算法对所述标的物使用请求数据进行联合签名;The third data signature module can be used to jointly sign the subject matter use request data through a multi-party security algorithm based on the lessor’s first private key fragment and the lessee’s second private key fragment;
第三数据验证模块,可以用于利用所述公钥对签名后的标的物使用请求数据进行验证;The third data verification module can be used to verify the signed subject matter use request data by using the public key;
第二权限开放模块,可以用于当签名验证通过时,开放使用权限。The second permission opening module can be used to open the usage permission when the signature verification is passed.
本说明书的另一个实施例中还提供一种客户端,所述客户端可以包括SIM卡和/或TEE、数据存储模块以及数据展示模块,其中,Another embodiment of this specification also provides a client, the client may include a SIM card and/or TEE, a data storage module, and a data display module, where:
所述SIM卡和/或TEE可以用于存储承租方的第二私钥分片;The SIM card and/or TEE may be used to store the second private key fragments of the lessee;
所述数据存储模块,可以用于存储由公钥和合同租约信息生成的二维码信息;The data storage module can be used to store the QR code information generated from the public key and the contract lease information;
所述数据展示模块,可以用于展示所述二维码信息,以使出租方对所述二维码信息进行解码处理获得公钥和合同租约信息,并根据所述合同租约信息生成标的物使用请求数据,以及,根据合同租约信息中的合同编号获取出租方的第一私钥分片,基于出租方的第一私钥分片以及承租方的第二私钥分片通过多方安全算法对所述标的物使用请求数据进行联合签名,利用所述公钥对签名后的标的物使用请求数据进行验证,当签名验证通过时,开放使用权限。The data display module can be used to display the two-dimensional code information, so that the lessor can decode the two-dimensional code information to obtain the public key and contract lease information, and generate the use of the subject matter according to the contract lease information Request data, and obtain the lessor’s first private key segment based on the contract number in the contract lease information. Based on the lessor’s first private key segment and the lessee’s second private key segment, the multi-party security algorithms The subject matter uses request data for joint signature, and the public key is used to verify the signed subject matter use request data. When the signature verification is passed, the use authority is opened.
需要说明的,上述所述的装置根据方法实施例的描述还可以包括其他的实施方式。具体的实现方式可以参照相关方法实施例的描述,在此不作一一赘述。It should be noted that the above-mentioned device may also include other implementation manners according to the description of the method embodiment. For specific implementation manners, reference may be made to the description of the related method embodiments, which will not be repeated here.
本说明书一个或多个实施例提供的临时身份认证装置,可以通过在出租方与承租方达成协议后,自动生成公钥和私钥,并将私钥至少分成两片,由出租方和承租方各持一片私钥。当承租方使用标的物时,可以基于承租方的第二私钥分片以及出租方的第一私钥分片通过安全多方计算对使用请求数据联合进行签名。然后,再利用公钥对签名的正确性进行验证,以验证承租方的身份及对标的物的使用权,当验证签名正确时,标的物向承租方开发使用权限。利用本说明书各个实施例,通过利用安全多方计算联合签名的方式,可以快速、简单、安全的确认用户对标的物的临时使用权。The temporary identity authentication device provided by one or more embodiments of this specification can automatically generate a public key and a private key after the lessor and the lessee reach an agreement, and divide the private key into at least two pieces. The lessor and the lessee Each holds a private key. When the lessee uses the subject matter, the use request data can be jointly signed based on the lessee's second private key fragment and the lessor's first private key fragment through secure multi-party computing. Then, the public key is used to verify the correctness of the signature to verify the identity of the lessee and the right to use the subject matter. When the signature is verified, the subject matter develops the use right to the lessee. Using the various embodiments of this specification, by using a secure multi-party calculation of the joint signature, the user's right to temporarily use the subject matter can be quickly, simply and safely confirmed.
本说明书提供的上述实施例所述的方法或装置可以通过计算机程序实现业务逻辑并记录在存储介质上,所述的存储介质可以计算机读取并执行,实现本说明书实施例所描述方案的效果。因此,本说明书还提供一种临时身份认证设备,包括处理器及存储处理器可执行指令的存储器,所述指令被所述处理器执行时实现上述任意一个实施例中所述临时身份认证方法的步骤。The method or device described in the foregoing embodiment provided in this specification can implement business logic through a computer program and record it on a storage medium, and the storage medium can be read and executed by a computer to achieve the effects of the solution described in the embodiment of this specification. Therefore, this specification also provides a temporary identity authentication device, including a processor and a memory storing executable instructions of the processor. When the instructions are executed by the processor, the temporary identity authentication method described in any of the above embodiments is implemented. step.
需要说明的,上述所述的设备根据方法实施例的描述还可以包括其他的实施方式。具体的实现方式可以参照相关方法实施例的描述,在此不作一一赘述。It should be noted that the above-mentioned device may also include other implementation manners according to the description of the method embodiment. For specific implementation manners, reference may be made to the description of the related method embodiments, which will not be repeated here.
本说明书实施例所提供的方法实施例可以在移动终端、计算机终端、服务器或者类似的运算装置中执行。以运行在服务器上为例,图9是应用本说明书实施例的临时身份认证服务器的硬件结构框图。如图9所示,服务器10可以包括一个或多个(图中仅示出一个)处理器100(处理器100可以包括但不限于微处理器MCU或可编程逻辑器件FPGA等的处理装置)、用于存储数据的存储器200、以及用于通信功能的传输模块300。本邻域普通技术人员可以理解,图9所示的结构仅为示意,其并不对 上述电子装置的结构造成限定。例如,服务器10还可包括比图9中所示更多或者更少的组件,例如还可以包括其他的处理硬件,如数据库或多级缓存、GPU,或者具有与图9所示不同的配置。The method embodiments provided in the embodiments of this specification can be executed in a mobile terminal, a computer terminal, a server or a similar computing device. Taking running on a server as an example, FIG. 9 is a hardware structural block diagram of a temporary identity authentication server applying the embodiment of this specification. As shown in FIG. 9, the server 10 may include one or more (only one is shown in the figure) processor 100 (the processor 100 may include, but is not limited to, a processing device such as a microprocessor MCU or a programmable logic device FPGA), The memory 200 for storing data, and the transmission module 300 for communication functions. Those of ordinary skill in the neighborhood can understand that the structure shown in FIG. 9 is only for illustration, and does not limit the structure of the above-mentioned electronic device. For example, the server 10 may also include more or fewer components than shown in FIG. 9, for example, may also include other processing hardware, such as a database or multi-level cache, GPU, or have a different configuration from that shown in FIG. 9.
存储器200可用于存储应用软件的软件程序以及模块,如本发明实施例中的搜索方法对应的程序指令/模块,处理器100通过运行存储在存储器200内的软件程序以及模块,从而执行各种功能应用以及数据处理。存储器200可包括高速随机存储器,还可包括非易失性存储器,如一个或者多个磁性存储装置、闪存、或者其他非易失性固态存储器。在一些实例中,存储器200可进一步包括相对于处理器100远程设置的存储器,这些远程存储器可以通过网络连接至计算机终端。上述网络的实例包括但不限于互联网、企业内部网、局域网、移动通信网及其组合。The memory 200 can be used to store software programs and modules of application software, such as program instructions/modules corresponding to the search method in the embodiment of the present invention. The processor 100 executes various functions by running the software programs and modules stored in the memory 200 Application and data processing. The memory 200 may include a high-speed random access memory, and may also include a non-volatile memory, such as one or more magnetic storage devices, flash memory, or other non-volatile solid-state memory. In some examples, the memory 200 may further include a memory remotely provided with respect to the processor 100, and these remote memories may be connected to a computer terminal through a network. Examples of the aforementioned networks include but are not limited to the Internet, corporate intranets, local area networks, mobile communication networks, and combinations thereof.
传输模块300用于经由一个网络接收或者发送数据。上述的网络具体实例可包括计算机终端的通信供应商提供的无线网络。在一个实例中,传输模块300包括一个网络适配器(Network Interface Controller,NIC),其可通过基站与其他网络设备相连从而可与互联网进行通讯。在一个实例中,传输模块300可以为射频(Radio Frequency,RF)模块,其用于通过无线方式与互联网进行通讯。The transmission module 300 is used to receive or send data via a network. The foregoing specific examples of the network may include a wireless network provided by a communication provider of a computer terminal. In one example, the transmission module 300 includes a network adapter (Network Interface Controller, NIC), which can be connected to other network devices through a base station to communicate with the Internet. In an example, the transmission module 300 may be a radio frequency (RF) module, which is used to communicate with the Internet in a wireless manner.
所述存储介质可以包括用于存储信息的物理装置,通常是将信息数字化后再以利用电、磁或者光学等方式的媒体加以存储。所述存储介质有可以包括:利用电能方式存储信息的装置如,各式存储器,如RAM、ROM等;利用磁能方式存储信息的装置如,硬盘、软盘、磁带、磁芯存储器、磁泡存储器、U盘;利用光学方式存储信息的装置如,CD或DVD。当然,还有其他方式的可读存储介质,例如量子存储器、石墨烯存储器等等。The storage medium may include a physical device for storing information, and the information is usually digitized and then stored in an electric, magnetic, or optical medium. The storage medium may include: devices that use electrical energy to store information, such as various types of memory, such as RAM, ROM, etc.; devices that use magnetic energy to store information, such as hard disks, floppy disks, magnetic tapes, magnetic core memory, bubble memory, U disk; a device that uses optical means to store information, such as CD or DVD. Of course, there are other ways of readable storage media, such as quantum memory, graphene memory, and so on.
上述实施例所述的临时身份认证设备,可以通过在出租方与承租方达成协议后,自动生成公钥和私钥,并将私钥至少分成两片,由出租方和承租方各持一片私钥。当承租方使用标的物时,可以基于承租方的第二私钥分片以及出租方的第一私钥分片通过安全多方计算对使用请求数据联合进行签名。然后,再利用公钥对签名的正确性进行验证,以验证承租方的身份及对标的物的使用权,当验证签名正确时,标的物向承租方开发使用权限。利用本说明书各个实施例,通过利用安全多方计算联合签名的方式,可以快速、简单、安全的确认用户对标的物的临时使用权。The temporary identity authentication device described in the above embodiment can automatically generate a public key and a private key after the lessor and the lessee reach an agreement, and divide the private key into at least two pieces, and the lessor and the lessee each hold one piece of private key. key. When the lessee uses the subject matter, the use request data can be jointly signed based on the lessee's second private key fragment and the lessor's first private key fragment through secure multi-party computing. Then, the public key is used to verify the correctness of the signature to verify the identity of the lessee and the right to use the subject matter. When the signature is verified, the subject matter develops the use right to the lessee. Using the various embodiments of this specification, by using a secure multi-party calculation of the joint signature, the user's right to temporarily use the subject matter can be quickly, simply and safely confirmed.
本说明书还提供一种临时身份认证系统,所述系统可以为单独的临时身份认证系统,也可以应用在多种计算机数据处理系统中。所述的系统可以为单独的服务器,也可以包括使用了本说明书的一个或多个所述方法或一个或多个实施例装置的服务器集群、系统(包括分布式系统)、软件(应用)、实际操作装置、逻辑门电路装置、量子计算机等并结合必要的实施硬件的终端装置。所述临时身份认证系统可以包括至少一个处理器以及存储计算机可执行指令的存储器,所述处理器执行所述指令时实现上述任意一个或者多个实施例中所述方法的步骤。This specification also provides a temporary identity authentication system, which can be a separate temporary identity authentication system, or can be applied to a variety of computer data processing systems. The system can be a single server, or it can include server clusters, systems (including distributed systems), software (applications), and one or more of the methods described in this specification or one or more embodiments of the device. The actual operation device, logic gate circuit device, quantum computer, etc., combined with the terminal device necessary to implement the hardware. The temporary identity authentication system may include at least one processor and a memory storing computer-executable instructions. The processor implements the steps of the method in any one or more of the foregoing embodiments when executing the instructions.
图10表示本说明书一个或者多个实施例提供的临时身份认证系统的结构示意图。如图10所示,所述临时身份认证系统可以包括第一客户端、第一标的物端、第一出租端以及区块链。Fig. 10 shows a schematic structural diagram of a temporary identity authentication system provided by one or more embodiments of this specification. As shown in FIG. 10, the temporary identity authentication system may include a first client, a first object terminal, a first rental terminal, and a blockchain.
所述第一客户端可以用于存储承租方的第二私钥分片,以及向第一出租端发送标的物使用请求数据,所述标的物使用请求数据包括标的物对应的合同编号。The first client may be used to store the second private key fragments of the lessee and send the subject matter use request data to the first renter, where the subject matter use request data includes the contract number corresponding to the subject matter.
所述第一出租端可以用于接收所述标的物使用请求数据,以及,还用于根据所述合同编号从区块链中调取所述合同编号对应公钥及出租方的第一私钥分片,并基于承租方的第二私钥分片及出租方的第一私钥分片通过安全多方计算对所述标的物使用请求数据进行联合签名,利用所述公钥对签名后的标的物使用请求数据进行验证,当签名验证通过时,向第一标的物端下达开放使用权限指令。The first rental terminal can be used to receive the subject matter use request data, and also to retrieve the public key corresponding to the contract number and the first private key of the lessor from the blockchain according to the contract number Based on the lessee’s second private key shard and the lessor’s first private key shard to jointly sign the subject matter use request data through secure multi-party computation, and use the public key to sign the subject matter The object use request data is verified, and when the signature verification is passed, an instruction to open the use permission is issued to the first object end.
所述第一标的物端可以用于接收以及响应所述第一出租端发送的开放使用权限指令。The first object terminal may be used to receive and respond to the open usage permission instruction sent by the first rental terminal.
所述区块链可以用于基于合同编号存储合同租约信息、公钥及出租方的第一私钥分片、签名后的标的物使用请求数据、验证结果。The blockchain can be used to store contract lease information, public key and lessor’s first private key fragments, signed subject matter use request data, and verification results based on the contract number.
图11表示本说明书另一个实施例提供的临时身份认证系统的结构示意图。如图11所示,所述临时身份认证系统可以包括第二客户端、第二标的物端、第二出租端以及区块链。Fig. 11 shows a schematic structural diagram of a temporary identity authentication system provided by another embodiment of this specification. As shown in FIG. 11, the temporary identity authentication system may include a second client, a second object terminal, a second lease terminal, and a blockchain.
所述第二客户端可以用于存储承租方的第二私钥分片,以及由公钥和合同租约信息生成的二维码信息;The second client can be used to store the second private key fragments of the lessee and the QR code information generated from the public key and the contract lease information;
所述第二标的物端可以用于获取第二客户端展示的二维码信息,对所述二维码信息进行解码处理获得公钥和合同租约信息,并根据所述合同租约信息生成标的物使用请求数据,以及,根据合同租约信息中的合同编号获取出租方的第一私钥分片,基于 出租方的第一私钥分片以及承租方的第二私钥分片通过多方安全算法对所述标的物使用请求数据进行联合签名,利用所述公钥对签名后的标的物使用请求数据进行验证,当签名验证通过时,开放使用权限;The second object terminal can be used to obtain the QR code information displayed by the second client, decode the QR code information to obtain the public key and contract lease information, and generate the object according to the contract lease information Use the request data, and obtain the lessor’s first private key segment based on the contract number in the contract lease information. Based on the lessor’s first private key segment and the lessee’s second private key segment, the multi-party security algorithm is used to pair The subject matter uses request data to perform a joint signature, the public key is used to verify the signed subject matter use request data, and when the signature verification is passed, the use authority is opened;
所述第二出租端可以用于接收第二标的物端发送的签名后的标的物使用请求数据及验证结果,并基于所述合同编号将所述签名后的标的物使用请求数据及验证结果存储至区块链中;The second rental end may be used to receive the signed subject matter use request data and verification result sent by the second subject matter end, and store the signed subject matter use request data and verification result based on the contract number To the blockchain;
所述区块链可以用于基于合同编号存储合同租约信息以及签名后的标的物使用请求数据、验证结果。The blockchain can be used to store contract lease information and signed subject matter use request data and verification results based on the contract number.
需要说明的,上述所述的系统根据方法或者装置实施例的描述还可以包括其他的实施方式,具体的实现方式可以参照相关方法实施例的描述,在此不作一一赘述。It should be noted that the above-mentioned system may also include other implementation manners based on the description of the method or device embodiment. For the specific implementation manner, reference may be made to the description of the relevant method embodiment, which will not be repeated here.
上述实施例所述的临时身份认证系统,可以通过在出租方与承租方达成协议后,自动生成公钥和私钥,并将私钥至少分成两片,由出租方和承租方各持一片私钥。当承租方使用标的物时,可以基于承租方的第二私钥分片以及出租方的第一私钥分片通过安全多方计算对使用请求数据联合进行签名。然后,再利用公钥对签名的正确性进行验证,以验证承租方的身份及对标的物的使用权,当验证签名正确时,标的物向承租方开发使用权限。利用本说明书各个实施例,通过利用安全多方计算联合签名的方式,可以快速、简单、安全的确认用户对标的物的临时使用权。The temporary identity authentication system described in the above embodiment can automatically generate a public key and a private key after the lessor and the lessee reach an agreement, and divide the private key into at least two pieces. The lessor and the lessee each hold a piece of private key. key. When the lessee uses the subject matter, the use request data can be jointly signed based on the lessee's second private key fragment and the lessor's first private key fragment through secure multi-party computing. Then, the public key is used to verify the correctness of the signature to verify the identity of the lessee and the right to use the subject matter. When the signature is verified, the subject matter develops the use right to the lessee. Using the various embodiments of this specification, by using a secure multi-party calculation of the joint signature, the user's right to temporarily use the subject matter can be quickly, simply and safely confirmed.
需要说明的是,本说明书上述所述的装置或者系统根据相关方法实施例的描述还可以包括其他的实施方式,具体的实现方式可以参照方法实施例的描述,在此不作一一赘述。本说明书中的各个实施例均采用递进的方式描述,各个实施例之间相同相似的部分互相参见即可,每个实施例重点说明的都是与其他实施例的不同之处。尤其,对于硬件+程序类、存储介质+程序实施例而言,由于其基本相似于方法实施例,所以描述的比较简单,相关之处参见方法实施例的部分说明即可。It should be noted that the device or system described above in this specification may also include other implementation manners based on the description of the related method embodiments. For specific implementation manners, refer to the description of the method embodiments, which will not be repeated here. The various embodiments in this specification are described in a progressive manner, and the same or similar parts between the various embodiments can be referred to each other, and each embodiment focuses on the differences from other embodiments. In particular, as for the hardware+program and storage medium+program embodiments, since they are basically similar to the method embodiments, the description is relatively simple, and for related parts, please refer to the part of the description of the method embodiments.
本说明书实施例并不局限于必须是符合标准数据模型/模板或本说明书实施例所描述的情况。某些行业标准或者使用自定义方式或实施例描述的实施基础上略加修改后的实施方案也可以实现上述实施例相同、等同或相近、或变形后可预料的实施效果。应用这些修改或变形后的数据获取、存储、判断、处理方式等获取的实施例,仍然可以属于本说明书的可选实施方案范围之内。The embodiments of this specification are not limited to the conditions described in the embodiments of this specification that must conform to the standard data model/template. Certain industry standards or implementations described in custom methods or examples with slight modifications can also achieve the same, equivalent or similar implementation effects of the foregoing examples, or predictable implementation effects after modification. The examples obtained by applying these modified or deformed data acquisition, storage, judgment, processing methods, etc., may still fall within the scope of the optional implementation solutions of this specification.
上述对本说明书特定实施例进行了描述。其它实施例在所附权利要求书的范围内。在一些情况下,在权利要求书中记载的动作或步骤可以按照不同于实施例中的顺序来执行并且仍然可以实现期望的结果。另外,在附图中描绘的过程不一定要求示出的特定顺序或者连续顺序才能实现期望的结果。在某些实施方式中,多任务处理和并行处理也是可以的或者可能是有利的。The foregoing describes specific embodiments of this specification. Other embodiments are within the scope of the appended claims. In some cases, the actions or steps described in the claims may be performed in a different order than in the embodiments and still achieve desired results. In addition, the processes depicted in the drawings do not necessarily require the specific order or sequential order shown to achieve the desired result. In certain embodiments, multitasking and parallel processing are also possible or may be advantageous.
上述实施例阐明的系统、装置、模块或单元,具体可以由计算机芯片或实体实现,或者由具有某种功能的产品来实现。一种典型的实现设备为计算机。具体的,计算机例如可以为个人计算机、膝上型计算机、车载人机交互设备、蜂窝电话、相机电话、智能电话、个人数字助理、媒体播放器、导航设备、电子邮件设备、游戏控制台、平板计算机、可穿戴设备或者这些设备中的任何设备的组合。The systems, devices, modules, or units illustrated in the above embodiments may be specifically implemented by computer chips or entities, or implemented by products with certain functions. A typical implementation device is a computer. Specifically, the computer may be, for example, a personal computer, a laptop computer, a vehicle-mounted human-computer interaction device, a cellular phone, a camera phone, a smart phone, a personal digital assistant, a media player, a navigation device, an email device, a game console, and a tablet. Computers, wearable devices, or any combination of these devices.
为了描述的方便,描述以上装置时以功能分为各种模块分别描述。当然,在实施本说明书一个或多个时可以把各模块的功能在同一个或多个软件和/或硬件中实现,也可以将实现同一功能的模块由多个子模块或子单元的组合实现等。以上所描述的装置实施例仅仅是示意性的,例如,所述单元的划分,仅仅为一种逻辑功能划分,实际实现时可以有另外的划分方式,例如多个单元或组件可以结合或者可以集成到另一个系统,或一些特征可以忽略,或不执行。另一点,所显示或讨论的相互之间的耦合或直接耦合或通信连接可以是通过一些接口,装置或单元的间接耦合或通信连接,可以是电性,机械或其它的形式。For the convenience of description, when describing the above device, the functions are divided into various modules and described separately. Of course, when implementing one or more of this specification, the function of each module can be realized in the same one or more software and/or hardware, or the module that realizes the same function can be realized by a combination of multiple sub-modules or sub-units, etc. . The device embodiments described above are merely illustrative, for example, the division of the units is only a logical function division, and there may be other divisions in actual implementation, for example, multiple units or components can be combined or integrated To another system, or some features can be ignored, or not implemented. In addition, the displayed or discussed mutual coupling or direct coupling or communication connection may be indirect coupling or communication connection through some interfaces, devices or units, and may be in electrical, mechanical or other forms.
本领域技术人员也知道,除了以纯计算机可读程序代码方式实现控制器以外,完全可以通过将方法步骤进行逻辑编程来使得控制器以逻辑门、开关、专用集成电路、可编程逻辑控制器和嵌入微控制器等的形式来实现相同功能。因此这种控制器可以被认为是一种硬件部件,而对其内部包括的用于实现各种功能的装置也可以视为硬件部件内的结构。或者甚至,可以将用于实现各种功能的装置视为既可以是实现方法的软件模块又可以是硬件部件内的结构。Those skilled in the art also know that in addition to implementing the controller in a purely computer-readable program code manner, it is entirely possible to program the method steps to make the controller use logic gates, switches, application specific integrated circuits, programmable logic controllers and embedded The same function can be realized in the form of a microcontroller, etc. Therefore, such a controller can be regarded as a hardware component, and the devices included in the controller for realizing various functions can also be regarded as a structure within the hardware component. Or even, the device for realizing various functions can be regarded as both a software module for realizing the method and a structure within a hardware component.
本发明是参照根据本发明实施例的方法、设备(系统)、和计算机程序产品的流程图和/或方框图来描述的。应理解可由计算机程序指令实现流程图和/或方框图中的每一流程和/或方框、以及流程图和/或方框图中的流程和/或方框的结合。可提供这些计算机程序指令到通用计算机、专用计算机、嵌入式处理机或其他可编程数据处理设备的处理器以产生一个机器,使得通过计算机或其他可编程数据处理设备的处 理器执行的指令产生用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的装置。The present invention is described with reference to flowcharts and/or block diagrams of methods, devices (systems), and computer program products according to embodiments of the present invention. It should be understood that each process and/or block in the flowchart and/or block diagram, and the combination of processes and/or blocks in the flowchart and/or block diagram can be implemented by computer program instructions. These computer program instructions can be provided to the processor of a general-purpose computer, a special-purpose computer, an embedded processor, or other programmable data processing equipment to generate a machine, so that the instructions executed by the processor of the computer or other programmable data processing equipment are generated It is a device that realizes the functions specified in one process or multiple processes in the flowchart and/or one block or multiple blocks in the block diagram.
这些计算机程序指令也可存储在能引导计算机或其他可编程数据处理设备以特定方式工作的计算机可读存储器中,使得存储在该计算机可读存储器中的指令产生包括指令装置的制造品,该指令装置实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能。These computer program instructions can also be stored in a computer-readable memory that can guide a computer or other programmable data processing equipment to work in a specific manner, so that the instructions stored in the computer-readable memory produce an article of manufacture including the instruction device. The device implements the functions specified in one process or multiple processes in the flowchart and/or one block or multiple blocks in the block diagram.
这些计算机程序指令也可装载到计算机或其他可编程数据处理设备上,使得在计算机或其他可编程设备上执行一系列操作步骤以产生计算机实现的处理,从而在计算机或其他可编程设备上执行的指令提供用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的步骤。These computer program instructions can also be loaded on a computer or other programmable data processing equipment, so that a series of operation steps are executed on the computer or other programmable equipment to produce computer-implemented processing, so as to execute on the computer or other programmable equipment. The instructions provide steps for implementing functions specified in a flow or multiple flows in the flowchart and/or a block or multiple blocks in the block diagram.
在一个典型的配置中,计算设备包括一个或多个处理器(CPU)、输入/输出接口、网络接口和内存。In a typical configuration, the computing device includes one or more processors (CPU), input/output interfaces, network interfaces, and memory.
还需要说明的是,术语“包括”、“包含”或者其任何其他变体意在涵盖非排他性的包含,从而使得包括一系列要素的过程、方法、商品或者设备不仅包括那些要素,而且还包括没有明确列出的其他要素,或者是还包括为这种过程、方法、商品或者设备所固有的要素。在没有更多限制的情况下,由语句“包括一个……”限定的要素,并不排除在包括所述要素的过程、方法或者设备中还存在另外的相同要素。It should also be noted that the terms "include", "include" or any other variants thereof are intended to cover non-exclusive inclusion, so that a process, method, product or equipment including a series of elements not only includes those elements, but also includes Other elements that are not explicitly listed, or include elements inherent to this process, method, commodity, or equipment. If there are no more restrictions, the element defined by the sentence "including a..." does not exclude the existence of other same elements in the process, method, or device that includes the element.
本领域技术人员应明白,本说明书一个或多个实施例可提供为方法、系统或计算机程序产品。因此,本说明书一个或多个实施例可采用完全硬件实施例、完全软件实施例或结合软件和硬件方面的实施例的形式。而且,本说明书一个或多个实施例可采用在一个或多个其中包含有计算机可用程序代码的计算机可用存储介质(包括但不限于磁盘存储器、CD-ROM、光学存储器等)上实施的计算机程序产品的形式。Those skilled in the art should understand that one or more embodiments of this specification can be provided as a method, a system, or a computer program product. Therefore, one or more embodiments of this specification may adopt the form of a complete hardware embodiment, a complete software embodiment, or an embodiment combining software and hardware. Moreover, one or more embodiments of this specification may adopt a computer program implemented on one or more computer-usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) containing computer-usable program codes. The form of the product.
本说明书一个或多个实施例可以在由计算机执行的计算机可执行指令的一般上下文中描述,例如程序模块。一般地,程序模块包括执行特定任务或实现特定抽象数据类型的例程、程序、对象、组件、数据结构等等。也可以在分布式计算环境中实践本本说明书一个或多个实施例,在这些分布式计算环境中,由通过通信网络而被连接的远程处理设备来执行任务。在分布式计算环境中,程序模块可以位于包括存储设备在内的本地和远程计算机存储介质中。One or more embodiments of this specification may be described in the general context of computer-executable instructions executed by a computer, such as program modules. Generally, program modules include routines, programs, objects, components, data structures, etc. that perform specific tasks or implement specific abstract data types. One or more embodiments of this specification can also be practiced in distributed computing environments. In these distributed computing environments, tasks are performed by remote processing devices connected through a communication network. In a distributed computing environment, program modules can be located in local and remote computer storage media including storage devices.
本说明书中的各个实施例均采用递进的方式描述,各个实施例之间相同相似的部 分互相参见即可,每个实施例重点说明的都是与其他实施例的不同之处。尤其,对于系统实施例而言,由于其基本相似于方法实施例,所以描述的比较简单,相关之处参见方法实施例的部分说明即可。在本说明书的描述中,参考术语“一个实施例”、“一些实施例”、“示例”、“具体示例”、或“一些示例”等的描述意指结合该实施例或示例描述的具体特征、结构、材料或者特点包含于本说明书的至少一个实施例或示例中。在本说明书中,对上述术语的示意性表述并不必须针对的是相同的实施例或示例。而且,描述的具体特征、结构、材料或者特点可以在任一个或多个实施例或示例中以合适的方式结合。此外,在不相互矛盾的情况下,本领域的技术人员可以将本说明书中描述的不同实施例或示例以及不同实施例或示例的特征进行结合和组合。The various embodiments in this specification are described in a progressive manner, and the same or similar parts between the various embodiments can be referred to each other, and each embodiment focuses on the differences from other embodiments. In particular, as for the system embodiment, since it is basically similar to the method embodiment, the description is relatively simple, and for related parts, please refer to the part of the description of the method embodiment. In the description of this specification, descriptions with reference to the terms "one embodiment", "some embodiments", "examples", "specific examples", or "some examples" etc. mean specific features described in conjunction with the embodiment or example , Structure, materials or features are included in at least one embodiment or example in this specification. In this specification, the schematic representations of the above terms do not necessarily refer to the same embodiment or example. Moreover, the described specific features, structures, materials or characteristics can be combined in any one or more embodiments or examples in a suitable manner. In addition, those skilled in the art can combine and combine the different embodiments or examples and the characteristics of the different embodiments or examples described in this specification without contradicting each other.
以上所述仅为本说明书的实施例而已,并不用于限制本说明书。对于本领域技术人员来说,本说明书可以有各种更改和变化。凡在本说明书的精神和原理之内所作的任何修改、等同替换、改进等,均应包含在本说明书的权利要求范围之内。The above descriptions are only examples of this specification and are not intended to limit this specification. For those skilled in the art, this specification can have various modifications and changes. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of this specification shall be included in the scope of the claims of this specification.

Claims (23)

  1. 一种临时身份认证方法,其特征在于,包括:A temporary identity authentication method, characterized in that it comprises:
    获取标的物使用请求数据,所述标的物使用请求数据包括标的物对应的合同编号;Obtain subject matter use request data, where the subject matter use request data includes the contract number corresponding to the subject matter;
    根据所述合同编号获取所述合同编号对应的公钥及出租方的第一私钥分片,其中,所述合同编号对应的私钥及公钥由出租方在租约签订时生成,所述私钥被划分成至少两片,包括出租方用于签名的第一私钥分片及承租方用于签名的第二私钥分片;Obtain the public key corresponding to the contract number and the lessor’s first private key fragment according to the contract number, wherein the private key and public key corresponding to the contract number are generated by the lessor when the lease is signed, and the private The key is divided into at least two pieces, including the first private key fragment used by the lessor for signing and the second private key fragment used by the lessee for signing;
    基于所述第一私钥分片及第二私钥分片通过安全多方计算对所述标的物使用请求数据进行联合签名;Perform a joint signature on the subject matter use request data through secure multi-party calculation based on the first private key fragment and the second private key fragment;
    利用所述公钥对签名后的标的物使用请求数据进行验证,当签名验证通过时,开放使用权限。The public key is used to verify the signed subject matter use request data, and when the signature verification is passed, the use right is opened.
  2. 根据权利要求1所述的方法,其特征在于,所述根据所述合同编号获取所述合同编号对应的公钥以及出租方的第一私钥分片,包括:The method according to claim 1, wherein the obtaining the public key corresponding to the contract number and the first private key fragment of the lessor according to the contract number comprises:
    根据所述合同编号从区块链中获取所述合同编号对应的公钥以及出租方的第一私钥分片,其中,所述合同编号对应的公钥以及出租方的第一私钥分片预先由出租方基于所述合同编号存储在区块链中。Obtain the public key corresponding to the contract number and the lessor’s first private key fragment from the blockchain according to the contract number, wherein the public key corresponding to the contract number and the lessor’s first private key fragment It is stored in the blockchain by the lessor based on the contract number in advance.
  3. 根据权利要求1所述的方法,其特征在于,所述获取标的物使用请求数据,包括:The method according to claim 1, wherein said obtaining subject matter use request data comprises:
    获取标的物使用请求二维码信息,所述二维码信息由出租方在租约签订时基于公钥和合同租约信息生成;Obtain the two-dimensional code information of the target use request, the two-dimensional code information is generated by the lessor based on the public key and the contract lease information when the lease is signed;
    对所述二维码信息进行解码处理获得合同租约信息,根据所述合同租约信息生成标的物使用请求数据;Decoding the two-dimensional code information to obtain contract lease information, and generate subject matter use request data according to the contract lease information;
    相应的,所述根据合同编号获取所述合同编号对应的公钥包括从对所述二维码信息进行解码处理后获得的数据中获取所述合同编号对应的公钥。Correspondingly, the obtaining the public key corresponding to the contract number according to the contract number includes obtaining the public key corresponding to the contract number from the data obtained after decoding the two-dimensional code information.
  4. 根据权利要求1-3任一项所述的方法,其特征在于,所述方法还包括:The method according to any one of claims 1-3, wherein the method further comprises:
    当签名验证通过时,根据所述合同编号获取所述合同编号对应的合同租约信息;When the signature verification is passed, obtain the contract lease information corresponding to the contract number according to the contract number;
    根据所述合同租约信息对所述标的物使用请求数据进行使用权验证,相应的,当使用权验证通过后,开放使用权限。The use right verification is performed on the subject matter use request data according to the contract lease information, and correspondingly, the use right is opened after the use right verification is passed.
  5. 根据权利要求4所述的方法,其特征在于,所述方法还包括:The method according to claim 4, wherein the method further comprises:
    将签名后的标的物使用请求数据及验证结果基于所述合同编号存储至区块链中。The signed subject matter use request data and the verification result are stored in the blockchain based on the contract number.
  6. 一种临时身份认证装置,其特征在于,所述装置包括:A temporary identity authentication device, characterized in that the device includes:
    第一数据获取模块,用于获取标的物使用请求数据,所述标的物使用请求数据包括标的物对应的合同编号;The first data acquisition module is configured to acquire subject matter use request data, where the subject matter use request data includes the contract number corresponding to the subject matter;
    第二数据获取模块,用于根据所述合同编号获取所述合同编号对应的公钥及出租方的第一私钥分片,其中,所述合同编号对应的私钥及公钥由出租方在租约签订时生成,所述私钥被划分成至少两片,包括出租方用于签名的第一私钥分片及承租方用于签名的第二私钥分片;The second data acquisition module is used to acquire the public key corresponding to the contract number and the lessor’s first private key fragments according to the contract number, wherein the private key and public key corresponding to the contract number are shared by the lessor Generated when the lease is signed, the private key is divided into at least two pieces, including the first private key fragment used by the lessor for signing and the second private key fragment used by the lessee for signing;
    第一数据签名模块,用于基于所述第一私钥分片及第二私钥分片通过安全多方计算对所述标的物使用请求数据进行联合签名;The first data signature module is configured to jointly sign the subject matter use request data through secure multi-party calculation based on the first private key fragment and the second private key fragment;
    第一数据验证模块,用于利用所述公钥对签名后的标的物使用请求数据进行验证;The first data verification module is configured to use the public key to verify the signed subject matter use request data;
    第一权限开放模块,用于当签名验证通过时,开放使用权限。The first permission opening module is used to open the usage permission when the signature verification is passed.
  7. 根据权利要求6所述的装置,其特征在于,所述第二数据获取模块包括:The device according to claim 6, wherein the second data acquisition module comprises:
    第一数据获取单元,用于根据所述合同编号从区块链中获取所述合同编号对应的公钥以及出租方的第一私钥分片,其中,所述合同编号对应的公钥以及出租方的第一私钥分片预先由出租方基于所述合同编号存储在区块链中。The first data acquisition unit is configured to acquire the public key corresponding to the contract number and the first private key segment of the lessor from the blockchain according to the contract number, wherein the public key corresponding to the contract number and the lease The first private key segment of the party is pre-stored in the blockchain by the lessor based on the contract number.
  8. 根据权利要求6所述的装置,其特征在于,所述第一数据获取模块包括:The device according to claim 6, wherein the first data acquisition module comprises:
    第二数据获取单元,用于获取标的物使用请求二维码信息,其中,所述二维码信息由出租方在租约签订时基于公钥和合同租约信息生成;The second data acquisition unit is used to acquire the two-dimensional code information of the subject matter use request, wherein the two-dimensional code information is generated by the lessor based on the public key and the contract lease information when the lease is signed;
    解码单元,用于对所述二维码信息进行解码处理获得合同租约信息,根据所述合同租约信息生成标的物使用请求数据;A decoding unit, configured to decode the two-dimensional code information to obtain contract lease information, and generate subject matter use request data according to the contract lease information;
    相应的,所述第二数据获取模块还用于从对所述二维码信息进行解码处理后获得 的数据中获取所述合同编号对应的公钥。Correspondingly, the second data obtaining module is further configured to obtain the public key corresponding to the contract number from the data obtained after decoding the two-dimensional code information.
  9. 根据权利要求6-8任一项所述的装置,其特征在于,所述装置还包括:The device according to any one of claims 6-8, wherein the device further comprises:
    使用权确认模块,用于当签名验证通过时,根据所述合同编号获取所述合同编号对应的合同租约信息,根据所述合同租约信息对所述标的物使用请求数据进行使用权验证;The use right confirmation module is configured to obtain the contract lease information corresponding to the contract number according to the contract number when the signature verification is passed, and verify the use right of the subject matter use request data according to the contract lease information;
    相应的,所述第一权限开发模块还用于当使用权验证通过后,开放使用权限。Correspondingly, the first permission development module is also used to open the usage right after the usage right is verified.
  10. 根据权利要求9所述的装置,其特征在于,所述装置还包括:The device according to claim 9, wherein the device further comprises:
    数据更新模块,用于将签名后的标的物使用请求数据及验证结果基于所述合同编号存储至区块链中。The data update module is used to store the signed subject matter use request data and the verification result in the blockchain based on the contract number.
  11. 一种临时身份认证设备,其特征在于,包括处理器及用于存储处理器可执行指令的存储器,所述指令被所述处理器执行时实现包括权利要求1-5任一项所述方法的步骤。A temporary identity authentication device, characterized by comprising a processor and a memory for storing executable instructions of the processor. When the instructions are executed by the processor, the method including the method according to any one of claims 1 to 5 is realized. step.
  12. 一种临时身份认证方法,其特征在于,包括:A temporary identity authentication method, characterized in that it comprises:
    第一客户端向第一出租端发送标的物使用请求数据,所述标的物使用请求数据包括标的物对应的合同编号;The first client sends the subject matter use request data to the first rental terminal, where the subject matter use request data includes the contract number corresponding to the subject matter;
    第一出租端接收所述标的物使用请求数据,并根据所述合同编号从区块链中获取所述合同编号对应的公钥及出租方的第一私钥分片,其中,The first rental terminal receives the subject matter use request data, and obtains the public key corresponding to the contract number and the first private key fragment of the lessor from the blockchain according to the contract number, wherein,
    所述合同编号对应的私钥及公钥由第一出租端在租约签订时生成,所述私钥被划分成至少两片,包括出租方用于签名的第一私钥分片及承租方用于签名的第二私钥分片,所述公钥以及第一私钥分片预先由出租方基于所述合同编号存储在区块链中,所述第二私钥分片存储在第一客户端中;The private key and public key corresponding to the contract number are generated by the first lessor when the lease is signed. The private key is divided into at least two pieces, including the first private key fragment used by the lessor for signing and the lessee For the signed second private key segment, the public key and the first private key segment are pre-stored in the blockchain by the lessor based on the contract number, and the second private key segment is stored in the first client End in
    第一客户端及第一出租端基于所述第一私钥分片及第二私钥分片通过多方安全算法对所述标的物使用请求数据进行联合签名;The first client and the first renter jointly sign the subject matter use request data through a multi-party security algorithm based on the first private key fragment and the second private key fragment;
    第一出租端利用所述公钥对签名后的标的物使用请求数据进行验证,当签名验证通过时,向第一标的物端下达开放使用权限指令,以使得所述第一标的物端开放使用权限。The first rental end uses the public key to verify the signed subject matter use request data, and when the signature verification is passed, it issues an open use permission instruction to the first subject matter end, so that the first subject matter end is open for use Permissions.
  13. 根据权利要求12所述的方法,其特征在于,所述方法还包括:The method of claim 12, wherein the method further comprises:
    当签名验证通过时,第一出租端根据所述合同编号从区块链中获取所述合同编号对应的合同租约信息,其中,所述合同编号对应的合同租约信息预先由出租方基于所述合同编号存储在区块链中;When the signature verification is passed, the first renter obtains the contract lease information corresponding to the contract number from the blockchain according to the contract number, wherein the contract lease information corresponding to the contract number is pre-assigned by the lessor based on the contract The serial number is stored in the blockchain;
    第一出租端根据所述合同租约信息对所述标的物使用请求数据进行使用权验证;The first rental terminal verifies the use right of the subject matter use request data according to the contract lease information;
    相应的,当使用权验证通过后,第一出租端向第一标的物端下达开放使用权限指令,以使得所述第一标的物端开放使用权限。Correspondingly, after the verification of the use right is passed, the first rental terminal issues an instruction to open the use right to the first subject end, so that the first subject end opens the use right.
  14. 根据权利要求12所述的方法,其特征在于,所述方法还包括:The method of claim 12, wherein the method further comprises:
    所述第一出租端将签名后的标的物使用请求数据及验证结果基于所述合同编号存储至区块链中。The first rental terminal stores the signed subject matter use request data and the verification result in the blockchain based on the contract number.
  15. 一种出租端,其特征在于,所述出租端包括:A rental terminal, characterized in that, the rental terminal includes:
    数据接收模块,用于接收标的物使用请求数据,所述标的物使用请求数据包括标的物对应的合同编号;A data receiving module for receiving subject matter use request data, where the subject matter use request data includes the contract number corresponding to the subject matter;
    数据调取模块,用于根据所述合同编号获取从区块链中调取所述合同编号对应的公钥以及出租方的第一私钥分片,其中,The data retrieval module is used to retrieve the public key corresponding to the contract number and the first private key segment of the lessor from the blockchain according to the contract number, wherein,
    所述合同编号对应的私钥及公钥由第一出租端在租约签订时生成,所述私钥被划分成至少两片,包括出租方用于签名的第一私钥分片及承租方用于签名的第二私钥分片,所述公钥以及第一私钥分片预先由出租方基于所述合同编号存储在区块链中;The private key and public key corresponding to the contract number are generated by the first lessor when the lease is signed. The private key is divided into at least two pieces, including the first private key fragment used by the lessor for signing and the lessee For the second private key segment of the signature, the public key and the first private key segment are pre-stored in the blockchain by the lessor based on the contract number;
    第二数据签名模块,用于基于所述第一私钥分片及第二私钥分片通过安全多方计算对所述标的物使用请求数据进行联合签名;The second data signature module is configured to jointly sign the subject matter use request data through secure multi-party calculation based on the first private key fragment and the second private key fragment;
    第二数据验证模块,用于利用所述公钥对签名后的标的物使用请求数据进行验证;The second data verification module is configured to use the public key to verify the signed subject matter use request data;
    指令发送模块,用于当签名验证通过时,向标的物端下达开放使用权限指令。The instruction sending module is used to issue an open use permission instruction to the subject end when the signature verification is passed.
  16. 一种客户端,其特征在于,所述客户端包括SIM卡和/或TEE、以及数据发送模块,其中,所述SIM卡和/或TEE用于存储承租方的第二私钥分片;A client terminal, characterized in that the client terminal includes a SIM card and/or TEE, and a data sending module, wherein the SIM card and/or TEE is used to store a second private key fragment of a lessee;
    所述数据发送模块,用于发送标的物使用请求数据,所述标的物使用请求数据包 括标的物对应的合同编号,以使出租方接收所述标的物使用请求数据,根据所述合同编号获取所述合同编号对应的公钥以及出租方的第一私钥分片,以及,基于出租方的第一私钥分片以及承租方的第二私钥分片通过安全多方计算对所述标的物使用请求数据进行联合签名,并利用所述公钥对签名后的标的物使用请求数据进行验证,当签名验证通过时,开放使用权限。The data sending module is configured to send subject matter use request data, the subject matter use request data including the contract number corresponding to the subject matter, so that the lessor can receive the subject matter use request data, and obtain all data according to the contract number. The public key corresponding to the contract number and the lessor’s first private key fragment, and the use of the subject matter through secure multi-party calculation based on the lessor’s first private key fragment and the lessee’s second private key fragment The request data is jointly signed, and the signed subject matter use request data is verified by using the public key. When the signature verification is passed, the use authority is opened.
  17. 一种临时身份认证系统,其特征在于,所述系统包括第一客户端、第一标的物端、第一出租端以及区块链,其中,A temporary identity authentication system, characterized in that, the system includes a first client, a first object terminal, a first rental terminal and a blockchain, wherein:
    所述第一客户端用于存储承租方的第二私钥分片,以及向第一出租端发送标的物使用请求数据,所述标的物使用请求数据包括标的物对应的合同编号;The first client is used to store the second private key fragments of the lessee, and send the subject matter use request data to the first renter, the subject matter use request data including the contract number corresponding to the subject matter;
    所述第一出租端用于接收所述标的物使用请求数据,以及,还用于根据所述合同编号从区块链中调取所述合同编号对应公钥及出租方的第一私钥分片,并基于承租方的第二私钥分片及出租方的第一私钥分片通过安全多方计算对所述标的物使用请求数据进行联合签名,利用所述公钥对签名后的标的物使用请求数据进行验证,当签名验证通过时,向第一标的物端下达开放使用权限指令;The first rental terminal is used to receive the subject matter use request data, and is also used to retrieve the public key corresponding to the contract number and the first private key of the lessor from the blockchain according to the contract number. Based on the lessee’s second private key shard and the lessor’s first private key shard to jointly sign the subject matter use request data through secure multi-party computing, and use the public key to sign the subject matter Use the requested data for verification, and when the signature verification is passed, issue an open-use permission instruction to the first subject;
    所述第一标的物端用于接收以及响应所述第一出租端发送的开放使用权限指令;The first subject end is used to receive and respond to the open use permission instruction sent by the first rental end;
    所述区块链用于基于合同编号存储合同租约信息、公钥及出租方的第一私钥分片、签名后的标的物使用请求数据、验证结果。The blockchain is used to store contract lease information, public key and lessor’s first private key fragments, signed subject matter use request data, and verification results based on the contract number.
  18. 一种临时身份认证方法,其特征在于,包括:A temporary identity authentication method, characterized in that it comprises:
    第二标的物端获取第二客户端展示的二维码信息,所述二维码信息由出租方在租约签订时基于合同租约信息和公钥生成;The second object terminal obtains the QR code information displayed by the second client, and the QR code information is generated by the lessor based on the contract lease information and the public key when the lease is signed;
    其中,所述合同租约信息以及对应的私钥、公钥由出租方在租约签订时生成,所述私钥被划分成至少两片,包括出租方用于签名的第一私钥分片及承租方用于签名的第二私钥分片,所述第一私钥分片存储在第一标的物端,所述第二私钥分片存储在第二客户端;Wherein, the contract lease information and the corresponding private key and public key are generated by the lessor when the lease is signed, and the private key is divided into at least two pieces, including the first private key segment used by the lessor for signing and the lease The second private key fragment used by the party for signing, the first private key fragment is stored on the first subject end, and the second private key fragment is stored on the second client;
    所述第二标的物端对所述二维码信息进行解码处理,获得合同租约信息及公钥,并根据所述合同租约信息生成标的物使用请求数据;The second object terminal decodes the two-dimensional code information, obtains contract lease information and a public key, and generates object use request data according to the contract lease information;
    所述第二标的物端根据所述合同租约信息中的合同编号获取所述合同编号对应 的第一私钥分片;The second object terminal obtains the first private key fragment corresponding to the contract number according to the contract number in the contract lease information;
    第二标的物端及第二客户端基于所述第一私钥分片及所述第二私钥分片通过多方安全算法对所述标的物使用请求数据进行联合签名;The second subject end and the second client use a multi-party security algorithm to jointly sign the subject use request data based on the first private key fragment and the second private key fragment;
    第二标的物端利用所述公钥对签名后的标的物使用请求数据进行验证,以及当签名验证通过时,开放使用权限。The second subject end uses the public key to verify the signed subject use request data, and when the signature verification is passed, the use right is opened.
  19. 根据权利要求18所述的方法,其特征在于,所述方法还包括:The method of claim 18, wherein the method further comprises:
    当签名验证通过时,第二标的物端根据对二维码解码处理后获得的合同租约信息对所述标的物使用请求数据进行使用权验证;When the signature verification is passed, the second subject end verifies the use right of the subject matter use request data according to the contract lease information obtained after decoding the QR code;
    相应的,当使用权验证通过后,所述第二标的物端开放使用权限。Correspondingly, after the verification of the use right is passed, the end of the second target object opens the use right.
  20. 根据权利要求18所述的方法,其特征在于,所述方法还包括:The method of claim 18, wherein the method further comprises:
    所述第二标的物端将签名后的标的物使用请求数据及验证结果发送至第二出租端;The second object terminal sends the signed object use request data and the verification result to the second rental terminal;
    所述第二出租端将所述签名后的标的物使用请求数据及验证结果基于所述合同编号存储至区块链中。The second rental terminal stores the signed subject matter use request data and the verification result in the blockchain based on the contract number.
  21. 一种标的物端,其特征在于,所述标的物端包括;A subject end, characterized in that the subject end includes;
    解码模块,用于获取第二客户端展示的二维码信息,对所述二维码信息进行解码处理,获得合同租约信息及公钥,并根据所述合同租约信息生成标的物使用请求数据;The decoding module is used to obtain the two-dimensional code information displayed by the second client, decode the two-dimensional code information, obtain contract lease information and public key, and generate subject matter use request data according to the contract lease information;
    第三数据获取模块,用于根据所述合同编号获取所述合同编号对应的出租方的第一私钥分片;The third data acquisition module is configured to acquire the first private key fragment of the lessor corresponding to the contract number according to the contract number;
    第三数据签名模块,用于基于出租方的第一私钥分片以及承租方的第二私钥分片通过多方安全算法对所述标的物使用请求数据进行联合签名;The third data signature module is used to jointly sign the subject matter use request data through a multi-party security algorithm based on the lessor’s first private key fragment and the lessee’s second private key fragment;
    第三数据验证模块,用于利用所述公钥对签名后的标的物使用请求数据进行验证;The third data verification module is configured to use the public key to verify the signed subject matter use request data;
    第二权限开放模块,用于当签名验证通过时,开放使用权限。The second permission opening module is used to open the usage permission when the signature verification is passed.
  22. 一种客户端,其特征在于,所述客户端包括SIM卡和/或TEE、数据存储模块以及数据展示模块,其中,A client terminal, characterized in that the client terminal includes a SIM card and/or TEE, a data storage module and a data display module, wherein:
    所述SIM卡和/或TEE用于存储承租方的第二私钥分片;The SIM card and/or TEE is used to store the second private key fragments of the lessee;
    所述数据存储模块用于存储由公钥和合同租约信息生成的二维码信息;The data storage module is used to store the QR code information generated from the public key and the contract lease information;
    所述数据展示模块,用于展示所述二维码信息,以使出租方对所述二维码信息进行解码处理获得公钥和合同租约信息,并根据所述合同租约信息生成标的物使用请求数据,以及,根据合同租约信息中的合同编号获取出租方的第一私钥分片,基于出租方的第一私钥分片以及承租方的第二私钥分片通过多方安全算法对所述标的物使用请求数据进行联合签名,利用所述公钥对签名后的标的物使用请求数据进行验证,当签名验证通过时,开放使用权限。The data display module is used to display the two-dimensional code information, so that the lessor can decode the two-dimensional code information to obtain the public key and contract lease information, and generate a subject matter use request based on the contract lease information Data, and, according to the contract number in the contract lease information to obtain the lessor’s first private key fragment, based on the lessor’s first private key fragment and the lessee’s second private key fragment, the multi-party security algorithm The subject matter uses the request data for joint signature, and the public key is used to verify the signed subject matter use request data. When the signature verification is passed, the use authority is opened.
  23. 一种临时身份认证系统,其特征在于,所述系统包括第二客户端、第二标的物端、第二出租端以及区块链,其中,A temporary identity authentication system, characterized in that, the system includes a second client, a second object terminal, a second rental terminal, and a blockchain, wherein:
    所述第二客户端用于存储承租方的第二私钥分片,以及由公钥和合同租约信息生成的二维码信息;The second client is used to store the second private key fragments of the lessee and the QR code information generated from the public key and the contract lease information;
    所述第二标的物端用于获取第二客户端展示的二维码信息,对所述二维码信息进行解码处理获得公钥和合同租约信息,并根据所述合同租约信息生成标的物使用请求数据,以及,根据合同租约信息中的合同编号获取出租方的第一私钥分片,基于出租方的第一私钥分片以及承租方的第二私钥分片通过多方安全算法对所述标的物使用请求数据进行联合签名,利用所述公钥对签名后的标的物使用请求数据进行验证,当签名验证通过时,开放使用权限;The second subject end is used to obtain the two-dimensional code information displayed by the second client, decode the two-dimensional code information to obtain the public key and contract lease information, and generate the use of the subject matter according to the contract lease information Request data, and obtain the lessor’s first private key segment based on the contract number in the contract lease information. Based on the lessor’s first private key segment and the lessee’s second private key segment, the multi-party security algorithms The subject matter use request data is jointly signed, the public key is used to verify the signed subject matter use request data, and when the signature verification is passed, the use authority is opened;
    所述第二出租端用于接收第二标的物端发送的签名后的标的物使用请求数据及验证结果,并基于所述合同编号将所述签名后的标的物使用请求数据及验证结果存储至区块链中;The second rental terminal is used to receive the signed subject matter use request data and the verification result sent by the second subject matter terminal, and store the signed subject matter use request data and the verification result in the contract number based on the contract number. In the blockchain;
    所述区块链用于基于合同编号存储合同租约信息以及签名后的标的物使用请求数据、验证结果。The blockchain is used to store contract lease information, signed subject matter use request data, and verification results based on the contract number.
PCT/CN2019/085941 2019-05-08 2019-05-08 Temporary identity authentication method, apparatus and system WO2020223918A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/CN2019/085941 WO2020223918A1 (en) 2019-05-08 2019-05-08 Temporary identity authentication method, apparatus and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2019/085941 WO2020223918A1 (en) 2019-05-08 2019-05-08 Temporary identity authentication method, apparatus and system

Publications (1)

Publication Number Publication Date
WO2020223918A1 true WO2020223918A1 (en) 2020-11-12

Family

ID=73051258

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2019/085941 WO2020223918A1 (en) 2019-05-08 2019-05-08 Temporary identity authentication method, apparatus and system

Country Status (1)

Country Link
WO (1) WO2020223918A1 (en)

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112615719A (en) * 2020-12-15 2021-04-06 平安消费金融有限公司 Decentralized online contract signing method, device, equipment and medium
CN113051623A (en) * 2021-03-11 2021-06-29 华控清交信息科技(北京)有限公司 Data processing method and device and electronic equipment
CN114021187A (en) * 2021-11-04 2022-02-08 海南南海云控股股份有限公司 Data processing system and method and electronic equipment
CN114499938A (en) * 2021-12-21 2022-05-13 广东纬德信息科技股份有限公司 Unified identity authentication method and device based on mobile terminal
CN115088003A (en) * 2020-12-11 2022-09-20 维萨国际服务协会 System, method and computer program product for secure real-time N-party computing
CN115393982A (en) * 2022-08-10 2022-11-25 湖北第二师范学院 Digital platform based on internet support
US11811933B2 (en) 2019-11-27 2023-11-07 Visa International Service Association System and method for fair, secure n-party computation using at least one blockchain
US12081677B2 (en) 2023-09-06 2024-09-03 Visa International Service Association System, method, and computer program product for secure real-time N-party computation

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104243456A (en) * 2014-08-29 2014-12-24 中国科学院信息工程研究所 Signing and decrypting method and system applied to cloud computing and based on SM2 algorithm
US20170019253A1 (en) * 2011-12-12 2017-01-19 International Business Machines Corporation Decrypting segmented data in a distributed computing system
CN107302438A (en) * 2017-08-07 2017-10-27 收付宝科技有限公司 A kind of private key protection method based on key updating, system and device
CN107864037A (en) * 2017-10-25 2018-03-30 深圳奥联信息安全技术有限公司 SM9 Combination with Digital endorsement method and device

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20170019253A1 (en) * 2011-12-12 2017-01-19 International Business Machines Corporation Decrypting segmented data in a distributed computing system
CN104243456A (en) * 2014-08-29 2014-12-24 中国科学院信息工程研究所 Signing and decrypting method and system applied to cloud computing and based on SM2 algorithm
CN107302438A (en) * 2017-08-07 2017-10-27 收付宝科技有限公司 A kind of private key protection method based on key updating, system and device
CN107864037A (en) * 2017-10-25 2018-03-30 深圳奥联信息安全技术有限公司 SM9 Combination with Digital endorsement method and device

Cited By (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11811933B2 (en) 2019-11-27 2023-11-07 Visa International Service Association System and method for fair, secure n-party computation using at least one blockchain
US11784826B2 (en) 2020-12-11 2023-10-10 Visa International Service Association System, method, and computer program product for secure real-time n-party computation
CN115088003A (en) * 2020-12-11 2022-09-20 维萨国际服务协会 System, method and computer program product for secure real-time N-party computing
CN115088003B (en) * 2020-12-11 2023-10-31 维萨国际服务协会 Systems, methods, and computer program products for secure real-time N-party computing
CN112615719A (en) * 2020-12-15 2021-04-06 平安消费金融有限公司 Decentralized online contract signing method, device, equipment and medium
CN112615719B (en) * 2020-12-15 2023-07-25 平安消费金融有限公司 Off-centering on-line contract signing method, device, equipment and medium
CN113051623A (en) * 2021-03-11 2021-06-29 华控清交信息科技(北京)有限公司 Data processing method and device and electronic equipment
CN113051623B (en) * 2021-03-11 2024-07-09 华控清交信息科技(北京)有限公司 Data processing method and device and electronic equipment
CN114021187B (en) * 2021-11-04 2023-02-28 云海链控股股份有限公司 Data processing system and method and electronic equipment
CN114021187A (en) * 2021-11-04 2022-02-08 海南南海云控股股份有限公司 Data processing system and method and electronic equipment
CN114499938A (en) * 2021-12-21 2022-05-13 广东纬德信息科技股份有限公司 Unified identity authentication method and device based on mobile terminal
CN115393982A (en) * 2022-08-10 2022-11-25 湖北第二师范学院 Digital platform based on internet support
CN115393982B (en) * 2022-08-10 2024-04-26 湖北第二师范学院 Digital platform based on internet support
US12081677B2 (en) 2023-09-06 2024-09-03 Visa International Service Association System, method, and computer program product for secure real-time N-party computation

Similar Documents

Publication Publication Date Title
WO2020223918A1 (en) Temporary identity authentication method, apparatus and system
CN110177088B (en) Temporary identity authentication method, device and system
AU2019201720B2 (en) Method of using one device to unlock another device
CN110555029B (en) Ticket management method, device and storage medium based on block chain
US11736944B2 (en) Dynamic policy-based on-boarding of devices in enterprise environments
WO2017197974A1 (en) Biometric characteristic-based security authentication method, device and electronic equipment
CN110958118B (en) Certificate authentication management method, device, equipment and computer readable storage medium
US8855312B1 (en) Mobile trust broker
WO2017071249A1 (en) Access management method and system
US10250613B2 (en) Data access method based on cloud computing platform, and user terminal
WO2018040639A1 (en) Authorization method and system for virtual key, mobile terminal and server
CN105099673A (en) Authorization method, authorization requesting method and devices
CN105007274A (en) Mobile terminal-based identity authentication system and method
CN109272617B (en) Unlocking verification method, server, door lock, electronic device and storage medium
CN104715187A (en) Method and apparatus used for authenticating nodes of electronic communication system
WO2020258839A1 (en) Secure check-in method and device
CN111651794A (en) Alliance chain-based electronic data management method and device and storage medium
WO2014110877A1 (en) Mobile terminal device and user authentication method based on pki technology
CN109639644B (en) Authorization verification method and device, storage medium and electronic equipment
CN114567447B (en) Data sharing management method and device based on cloud server
CN105656627A (en) Identity verification method, device and system
WO2019056971A1 (en) Authentication method and device
WO2016070611A1 (en) Method for processing data, server and terminal
CN114175578B (en) Secure sharing of private information
CN110855441A (en) Method, device and equipment for authenticating electronic identity and storage medium

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 19928181

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 19928181

Country of ref document: EP

Kind code of ref document: A1