WO2021114872A1 - Procédé, appareil et dispositif de traitement de service basé sur une revendication véritable - Google Patents

Procédé, appareil et dispositif de traitement de service basé sur une revendication véritable Download PDF

Info

Publication number
WO2021114872A1
WO2021114872A1 PCT/CN2020/121874 CN2020121874W WO2021114872A1 WO 2021114872 A1 WO2021114872 A1 WO 2021114872A1 CN 2020121874 W CN2020121874 W CN 2020121874W WO 2021114872 A1 WO2021114872 A1 WO 2021114872A1
Authority
WO
WIPO (PCT)
Prior art keywords
statement
business
verifiable
verifiable statement
field
Prior art date
Application number
PCT/CN2020/121874
Other languages
English (en)
Chinese (zh)
Inventor
杨仁慧
刘佳伟
孙善禄
Original Assignee
支付宝(杭州)信息技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 支付宝(杭州)信息技术有限公司 filed Critical 支付宝(杭州)信息技术有限公司
Publication of WO2021114872A1 publication Critical patent/WO2021114872A1/fr

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6227Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures

Definitions

  • This specification relates to the field of computer technology, and in particular to a business processing method, device and equipment based on verifiable claims.
  • the unique identity verification method of digital identity can be used, but under this identity verification method, it can only be carried out in the same scene or specified scene, and consensus and mutual recognition are often not possible in different scenes. This is the application and management of identity verification. All have brought great inconvenience. Therefore, it is necessary to provide a technical solution that can effectively ensure that user information is stored safely, users can manage their user information, and can controllably present user information to relevant third parties.
  • the purpose of the embodiments of this specification is to provide a business processing method, device, and equipment based on verifiable claims, so as to provide a method that can effectively guarantee that user information is stored safely, that users can manage their user information, and that user information can be controlled.
  • the embodiment of this specification provides a business processing method based on a verifiable statement, the method includes: receiving a business processing request of a target business, wherein the target business is processed based on the verifiable statement, and the business processing request includes The verifiable statement processed by the first data processing rule; in the verifiable statement processed by the first data processing rule, the field value of the statement field required by the target business is plain text, and at least one of the remaining statement fields The field value of the declared field is the ciphertext encrypted based on the specified hash algorithm. The validity of the verifiable statement is verified. If the verification result is valid, the business processing corresponding to the target business is executed based on the field value of the statement field required by the target business in the verifiable statement.
  • the embodiment of this specification provides a business processing method based on a verifiable statement, the method includes: determining the target statement field required by the target business according to the target business to be processed of the user holding the verifiable statement;
  • the target statement field is at least one statement field in the verifiable statement.
  • the first data processing rule includes: keeping the field value of the target statement field as plain text, and removing the target statement from the verifiable statement
  • the field value of at least one of the declaration fields other than the field is encrypted, and the encryption processing is an encryption processing based on a specified hash algorithm. Based on the verifiable statement after data processing, the business processing corresponding to the target business is performed.
  • the embodiment of this specification provides a service processing device based on a verifiable statement.
  • the device includes a request receiving module that receives a service processing request of a target service.
  • the target service is processed based on the verifiable claim.
  • the processing request includes the verifiable statement processed by the first data processing rule; in the verifiable statement processed by the first data processing rule, the value of the statement field required by the target business is plain text, and the remaining statement fields
  • the field value of at least one declaration field in the ciphertext is encrypted based on a specified hash algorithm.
  • the verification module verifies the validity of the verifiable statement.
  • the business processing module if the verification result is valid, execute the business processing corresponding to the target business based on the field value of the statement field required by the target business in the verifiable statement.
  • the embodiment of this specification provides a business processing device based on a verifiable statement
  • the device includes: a field determination module, which determines the target required by the target business according to the target business to be processed of the user holding the verifiable statement Statement field; the target statement field is at least one statement field in the verifiable statement.
  • the data processing module performs data processing on the verifiable statement based on the first data processing rule; the first data processing rule includes: keeping the field value of the target statement field as plain text, and excluding the verifiable statement
  • the field value of at least one of the declaration fields other than the target declaration field is encrypted, and the encryption processing is an encryption processing based on a specified hash algorithm.
  • the business processing module performs business processing corresponding to the target business based on the verifiable statement after data processing.
  • An embodiment of this specification provides a business processing device based on a verifiable statement.
  • the business processing device based on a verifiable statement includes: a processor; and a memory arranged to store computer-executable instructions, where the executable instructions are When executed, the processor is caused to receive a service processing request of a target service, wherein the target service is processed based on a verifiable statement, and the service processing request includes the verifiable statement processed by the first data processing rule;
  • the field value of the statement field required by the target business is plain text, and the field value of at least one of the remaining statement fields is encrypted based on a specified hash algorithm The processed ciphertext.
  • the validity of the verifiable statement is verified. If the verification result is valid, the business processing corresponding to the target business is executed based on the field value of the statement field required by the target business in the verifiable statement.
  • An embodiment of this specification provides a business processing device based on a verifiable statement.
  • the business processing device based on a verifiable statement includes: a processor; and a memory arranged to store computer-executable instructions, where the executable instructions are When executed, the processor is caused to: determine the target statement field required by the target business according to the target business to be processed of the user holding the verifiable statement; the target statement field is at least one of the verifiable claims A declaration field.
  • the first data processing rule includes: keeping the field value of the target statement field as plain text, and removing the target statement from the verifiable statement
  • the field value of at least one of the declaration fields other than the field is encrypted, and the encryption processing is an encryption processing based on a specified hash algorithm.
  • the business processing corresponding to the target business is performed.
  • Figure 1 is an embodiment of a business processing method based on verifiable claims in this specification
  • Figure 2 is another embodiment of the business processing method based on verifiable claims in this specification
  • Figure 3 is another embodiment of a business processing method based on verifiable claims in this specification.
  • Figure 4 is an embodiment of a business processing device based on verifiable claims in this specification
  • Figure 5 is another embodiment of a business processing device based on verifiable claims in this specification.
  • Figure 6 is an embodiment of a business processing device based on verifiable claims in this specification.
  • Figure 7 is another embodiment of a business processing device based on verifiable claims in this specification.
  • the embodiments of this specification provide a business processing method, device and equipment based on verifiable claims.
  • the embodiment of this specification provides a business processing method based on verifiable claims.
  • the execution subject of the method can be a server, where the server can be an independent server or can be composed of multiple servers. Server clusters, etc.
  • the server may be a server on the side of the claiming user or a server of an agent that performs encryption processing for the claim of the claiming user.
  • the method may specifically include steps S102 to S106.
  • step S102 according to the target business to be processed of the user holding the verifiable claim, a target statement field required by the target business is determined, where the target statement field is at least one statement field in the verifiable statement.
  • a verifiable statement can be a kind of normative information used to describe certain attributes of entities such as individuals, organizations, etc.
  • a verifiable statement can realize evidence-based trust, and a verifiable statement can prove to other entities that the current Information about certain attributes of the entity is credible.
  • the target business needs can be the business needs of the target business, etc.
  • the business needs can be the requirements needed to perform a certain business.
  • the business needs can be a bachelor's degree or above, or an age of 18 or older. Different businesses can have different business requirements, which can be set according to actual conditions.
  • the target declaration field can be one or more declaration fields contained in the verifiable declaration.
  • the verifiable declaration contains declaration fields such as name, ID number, date of birth, and academic information.
  • the target declaration field can be any of the above declaration fields.
  • a declaration field such as the declaration field of the date of birth, etc.
  • the target declaration field may also be multiple declaration fields of the above declaration fields, such as two declaration fields of the date of birth and education information.
  • the unique identity verification method of digital identity can be used, but under this identity verification method, it can only be carried out in the same scene or specified scene, and consensus and mutual recognition are often not possible in different scenes. This is the application and management of identity verification. All have brought great inconvenience. Therefore, it is necessary to provide a technical solution that can effectively ensure that user information is stored safely, users can manage their user information, and can controllably present user information to relevant third parties.
  • the embodiment of this specification provides a feasible technical solution, which may specifically include the following content:
  • the verifiable statement may include Information related to the properties of the.
  • the business processor or business provider
  • the business processor can set the processing mechanism of the aforementioned business according to the actual needs of the one or more businesses, that is, the business processor can set a verifiable basis
  • a statement performs business processing.
  • the business processing requester (which can be a user requesting a certain business service) can send a business processing request to the business processing party.
  • the business processing requester can include multiple types, such as a user who holds a verifiable statement. , It can also be a claim holder or an agent that encrypts the verifiable claim of the claim holder, etc.
  • the business processing requester is an example of a user.
  • the user who can verify the claim can start the corresponding application through the terminal device.
  • the relevant information of different services can be set.
  • the terminal device can obtain the relevant information of the service (such as the identification of the service, etc.) and send it to the server.
  • the server can according to the relevant information of the service.
  • the information determines the target business and the business requirements of the target business, etc.
  • Different services can have different business requirements, and different business requirements may correspond to different attribute information (that is, corresponding to different declaration fields), and different services (or business requirements) and declaration fields can be preset in the server
  • the server can search for the declaration field corresponding to the target business from the above correspondence, and can determine the found declaration field as the target declaration field required to execute the target business.
  • the relevant information about the target business performed by the user can be input into a predetermined model (such as a classification model, etc.) for analysis to output the corresponding result (ie target statement field).
  • the target business that the user needs to perform needs to meet If you have a bachelor’s degree or above, you can determine that the target declaration field corresponding to the above target business is an academic information field based on a predetermined classification model.
  • the business requirements that the user needs to perform the target business need to meet include a bachelor’s degree or above , And the age is over 18 years old, based on the predetermined classification model, it is determined that the target declaration fields required by the above target business are two declaration fields such as academic information and date of birth.
  • step S104 data processing is performed on the verifiable statement based on the first data processing rule.
  • the first rule includes: keeping the field value of the target statement field as plain text, and checking the statement fields other than the target statement field in the verifiable statement.
  • Encryption processing is performed on the field value of at least one of the declared fields, and the encryption processing is an encryption processing based on a specified hash algorithm.
  • the verifiable statement can include the statement field and the corresponding field value.
  • the statement field can be information indicating the common characteristics of the corresponding field value, such as name, date of birth, education information, etc., and the field value can be corresponding to the statement field
  • the specified hash algorithm can be any hash algorithm, such as SHA-1 algorithm, SHA-224 algorithm, SHA-256 algorithm, etc.
  • the specific hash algorithm to be used as the specified hash algorithm can be set according to the actual situation The embodiments of this specification do not limit this.
  • different business requirements may correspond to different declaration fields.
  • other declaration fields except the target declaration field corresponding to the business requirement are not necessary in the business processing process corresponding to the business requirement.
  • the verifiable statement contains all the statement fields and their field values, which will cause the field values of some statement fields to be leaked.
  • the verifiable statement Processing rules that is, the first data processing rules
  • the specified field values in the verifiable statement can be encrypted, and some field values can be kept in plaintext, etc., specifically, according to user needs
  • the target business executed determines the target declaration field required to execute the target business
  • the field value of the target declaration field needs to be used in the business processing corresponding to the target business
  • the field value of the target declaration field in the verifiable declaration can be maintained
  • the plain text does not change, and at the same time, other declaration fields except the target declaration field in the verifiable declaration can be obtained, and the field value of at least one of the other declaration fields can be encrypted through a specified hash algorithm.
  • the verifiable statement processed based on the first data processing rule may be stored in the server for subsequent execution of the business processing of the target business.
  • the specified hash algorithm used for the field values of multiple different declaration fields should be the same A kind of hashing algorithm, for example, use the SHA-256 algorithm to encrypt the field value of each of the above declaration fields or use MD5 (Message-Digest Algorithm 5, the fifth message digest algorithm) to perform the field value of each of the above declaration fields Encryption processing, etc.
  • MD5 Message-Digest Algorithm 5, the fifth message digest algorithm
  • step S106 the business processing corresponding to the target business is performed based on the verifiable statement after the data processing.
  • a verifiable statement based on data processing can be implemented in a variety of ways to perform business processing corresponding to the target business.
  • the server on the side of the statement holding the user directly sends the target business to the server of the business processor
  • the service processing request which triggers the service processing party’s server to perform business processing on the target service according to the service processing request, or (declaring that it holds the user’s side) the server receives the request from the user to the service processing party’s server
  • the notification message or prompt information can be sent to the user whose statement can be verified, and the user can send the service processing request of the target service to the server of the service processor through the terminal device.
  • the corresponding verifiable statement after data processing and the service processing request can be sent to the server of the service processor to trigger the server of the service processor to perform service processing on the target service according to the service processing request.
  • the specific method by which the business processing corresponding to the target business needs to be performed can be set according to the actual situation, which is not limited in the embodiment of this specification.
  • the embodiment of this specification provides a business processing method based on a verifiable statement.
  • data processing is performed on the verifiable statement, that is, the field of the statement field required by the target business
  • the value is plain text
  • the field value of at least one of the remaining claim fields is the cipher text that has been encrypted based on the specified hash algorithm, and then the validity of the verifiable claim is verified, and when the verification result is valid, based on the target
  • the field value of the statement field required by the business executes the business processing corresponding to the target business, so that by verifying the validity of the verifiable statement, and then using the field value in the verifiable statement, the safe storage of user information is effectively guaranteed.
  • the embodiment of this specification provides a business processing method based on verifiable claims.
  • the execution subject of the method can be a server, where the server can be an independent server or can be composed of multiple servers. Server clusters, etc.
  • the server may be a server of a party that processes one or more services based on a verifiable statement.
  • the method may specifically include steps S202 to S206.
  • step S202 a business processing request of the target business is received, wherein the target business is processed based on a verifiable statement, and the business processing request includes the verifiable statement processed by the first data processing rule; the business processing request processed by the first data processing rule In the verifiable statement, the field value of the statement field required by the target business is plain text, and the field value of at least one statement field in the remaining statement fields is cipher text that has been encrypted based on a specified hash algorithm.
  • the service processing request may be a message requesting the execution of a certain service processing.
  • the service processing request may also include the identifier of the service (such as the service name or code, etc.) and the identifier of the service processing requester (such as the account of the service processing requester). , Name or IMSI code, IP address, MAC address, communication number, etc. of the terminal equipment used by the requesting party for service processing.
  • the business can be any business, and the specific business can be set according to the actual situation.
  • the target business may be the target business required to be performed by the holder user that can be verified and declared in the first embodiment. As described in the first embodiment above, in the process of encrypting the field values of multiple statement fields in the remaining statement fields through a specified hash algorithm, the specified hash algorithm used for the field values of multiple different statement fields should be It is the same hash algorithm.
  • the service processing requester can start the corresponding application program through the terminal device.
  • the application program can be set up with different service processing trigger mechanisms.
  • the terminal device can obtain information such as business Identification, business processing requester identification and other relevant information, and obtain the verifiable statement required to perform the business processing corresponding to the target business, where the obtained verifiable statement may be the verifiable statement that has been processed by the first data processing rule , That is, the field value of the statement field required by the target business in the verifiable statement is plain text, and the field value of at least one of the other statement fields is cipher text that has been encrypted based on the specified hash algorithm.
  • the service processing request can be generated from the acquired information, and the terminal device can send the service processing request to the server, so that the server can receive the service processing request.
  • the requirements in the process of business processing may be different.
  • the required declaration fields and field values will also be different.
  • the insurance business a certain insurance is only for the specified work
  • the user’s "work location" declaration field is required; for another example, in the information recommendation business, a piece of information to be recommended It is necessary to recommend to users with a bachelor’s degree and a bachelor’s degree or above.
  • the user’s "Educational Information" statement field value is required.
  • the field values of the aforementioned declaration fields can be encrypted, and the field values of the aforementioned declaration fields required by the target business need to be kept in plain text for subsequent business processing.
  • step S204 the validity of the verifiable statement is verified.
  • the server after the server receives a business processing request based on a verifiable statement, it can first verify the verifiable statement to determine whether the verifiable statement is valid, and if it is determined that the verifiable statement is valid, then based on the verifiable statement Perform business processing to further ensure the security of business processing. Specifically, after the server receives the business processing request, it can extract the verifiable statement processed by the first data processing rule contained therein from the business processing request, and then can perform the verification of the verifiable statement processed by the first data processing rule. authenticating. Among them, the verification of the verifiable statement can include multiple methods.
  • the encryption method used for the ciphertext in the verifiable statement or the related information of the specified hash algorithm can be obtained, and then the obtained encryption method or specified hash can be obtained.
  • the field value of the plaintext included in the verifiable statement is encrypted, so that the field value of the statement field included in the verifiable statement can be made ciphertext.
  • the calculation is performed through a predetermined algorithm to obtain the final calculation result.
  • the verifiable statement also includes the benchmark value of the above calculation results. The calculated result can be compared with the benchmark value in the verifiable statement. If the two are the same, the verification is passed and the statement is valid. If the two are not the same , The verification fails and the verification statement is invalid.
  • the verifiable statement may include the verification value of the verifiable statement processed by the first data, and the server obtains the verifiable statement processed by the first data processing rule. After verifying the statement, the verification value of the verifiable statement can be determined by a predetermined verification algorithm, and then the calculated verification value can be compared with the verification value in the verifiable statement. If the two are the same, the verification is passed , You can verify that the statement is valid, if the two are not the same, the verification fails, you can verify that the statement is invalid, etc.
  • the method of verifying the validity of the verifiable statement not only includes the above two methods, but also includes other multiple achievable methods, which can be specifically set according to the actual situation. The embodiment of this specification does not include this. Make a limit.
  • step S206 if the verification result is valid, the business processing corresponding to the business processing request is executed based on the field value of the statement field corresponding to the business requirement in the verifiable statement.
  • the business processing process corresponding to the target business only the target business location in the verifiable statement needs to be used.
  • the field value of the required statement field, and the field value is plain text, therefore, the business processing corresponding to the above business processing request can be performed directly based on the field value of the statement field required by the target business in the verifiable statement.
  • the business requirement corresponding to the information to be recommended is to recommend to users with a bachelor’s degree or above. You can verify that the declared field required for the information recommendation business in the statement is academic information. If the corresponding field value is For undergraduates, based on the field value, it can be determined that the service processing corresponding to the above information recommendation service can be performed. At this time, the server can send the information to be recommended to the user, etc.
  • the embodiment of this specification provides a business processing method based on a verifiable statement.
  • the target business to be processed by the user determines the required target statement field, keeps the field value of the target statement field as plain text, and removes the target statement from the verifiable statement.
  • the field value of at least one of the declared fields other than the field is encrypted, so that in the user’s verifiable information, the declaration field that is not required to be used in the target business is encrypted to prevent the declaration field outside the target declaration field from being encrypted.
  • the field value is leaked, which can effectively ensure that user information is stored safely, and users can manage their user information (that is, information that can be encrypted), and can control and show user information to relevant third parties without worrying Some data leaks.
  • the embodiment of this specification provides a business processing method based on verifiable claims.
  • the execution subject of the method can be a first server and a second server, where the first server can be a claim holder or a
  • the first server may be an independent server, or a server cluster composed of multiple servers.
  • the second server may also be an independent server, or a server cluster composed of multiple servers.
  • the method may specifically include steps S302 to S314.
  • step S302 the first server determines the target statement field required by the target business according to the target business to be processed of the user holding the verifiable statement, and the target statement field is at least one statement field in the verifiable statement.
  • the verifiable statement of the user can be as follows before data processing:
  • the declaration fields can be the above-mentioned "name”, “ID number”, “gender”, “date of birth”, “telephone number”, “educational background”, etc.
  • the target declaration field required by the target business can be the above declaration field One or more of.
  • step S304 the first server performs data processing on the verifiable statement based on the first data processing rule;
  • the first data processing rule includes: keeping the field value of the target statement field as plain text, and for the verifiable statement except for the target statement field
  • the field value of at least one of the other declaration fields of is subjected to encryption processing, and the encryption processing is an encryption processing based on a specified hash algorithm.
  • the verifiable statement obtained after data processing of the verifiable statement based on the first data processing rule may be as follows:
  • the target statement fields required by the target business are located in the "Education Information” item, which includes the statement fields of "Education”, “Graduation College” and “Professional”, among which "Item1"
  • the field value corresponding to the declaration field of "Item2” and “Item3” corresponds to the field value of the ciphertext (that is, the hash value), and the field value corresponding to the declaration field in "Item2” and “Item3” is also the ciphertext (that is, the hash value), where “Item1" is the above step
  • the "Basic Information” item in the example of S3022 is the corresponding items such as “Education”, “Graduation College”, “Major”, and “Date of Graduation” in the example of step S302 above, and “Item3” is the above
  • the verifiable statement of the user or the verifiable statement processed by the first data processing rule can be stored in the blockchain to ensure the accuracy of the verifiable statement.
  • the specified hash algorithm is the same as the algorithm used in the hash processing in the specified block chain, and the specified block chain stores the hash value of the verifiable claim.
  • the algorithm used in the hash processing in the specified blockchain should be the same as the specified hash algorithm.
  • the column algorithm is the same.
  • the business processor can perform corresponding business processing based on the verifiable statement of the user, which can be specifically See the processing of step S306 to step S314 below.
  • step S306 the first server sends a service processing request of the target service to the second server (that is, the server of the service processor of the target service), and the service processing request includes a verifiable statement after data processing; so that the second server Perform business processing on the target business based on the verifiable statement after data processing.
  • the second server that is, the server of the service processor of the target service
  • the corresponding user can be notified to prepare a verifiable statement.
  • the user can send the target service that the user needs to perform to the first server through the terminal device.
  • the server may execute the processing of step S302 and step S304 above to process the verifiable statement to obtain a verifiable statement processed based on the first data processing rule.
  • the processed verifiable claims may be different for different business requirements.
  • the first server may store verifiable claims of the same original content of the same user after being processed by different data processing rules.
  • the first server can obtain the verifiable statement and other information after the data processing to generate the business processing request of the target business , And send the service processing request to the second server, and the second server can receive the service processing request of the target service based on the verifiable statement.
  • the service processing request of the target service can be triggered in a variety of ways. In addition to the above-mentioned methods, it can also be implemented in the following ways, which can specifically include the following content: the first server receives the indication information of the service processor; the indication information It is used to instruct the holder of the verifiable claim to send the service processing request of the target service to the service processor.
  • the first server may receive the instruction information of the service processor (second server) to instruct the holder of the verifiable claim to send the service processing request of the target service to the service processor (second server).
  • the user can obtain the above verifiable statement from the first server through the terminal device, and can generate the service processing request of the target service based on the terminal device.
  • the terminal device sends the service processing request of the target service to the second server, or the first server sends the The instruction information and the above verifiable statement are sent to the user's terminal device, and the user's terminal device can generate a service processing request for the target service, and send the service processing request to the second server.
  • the second server may first verify the validity of the verifiable statement in the service processing request to ensure the security of the service processing. For details, refer to the processing of the following steps S308 to S312.
  • step S308 the second server encrypts the field value of the plaintext contained in the verifiable statement based on the specified hash algorithm.
  • the verifiable statement contains plaintext and ciphertext
  • the ciphertext is encrypted by a specified hash algorithm
  • the verifiable statement can be verified in the manner of, specifically, the ciphertext in the verifiable statement can be kept unchanged, and the plain text in the verifiable statement can be processed, that is, the display of each statement field in the verifiable statement can be displayed as plain text
  • the field value of is encrypted.
  • the encryption processing and the above-mentioned encryption algorithm used in the process of processing the verifiable statement based on the first data processing rule should be Same, that is, the encryption algorithm is a designated hash algorithm.
  • the second server can encrypt the field values of the plaintext contained in the verifiable statement based on the specified hash algorithm, so that all the field values in the verifiable statement have been adjusted to ciphertext.
  • the specific processing of the above step S308 can be various. In addition to the above processing methods, it can also include other methods.
  • the following provides an optional processing method, that is, in practical applications, the statement can be verified It is impossible to determine whether the field value in is plaintext or ciphertext. In this case, the following steps A2 to A6 can be included.
  • Step A2 The second server obtains the field value of the statement field contained in the verifiable statement.
  • the second server can analyze the content of the verifiable statement to determine the statement fields contained in the verifiable statement, where the determined statement field can be all the statement fields contained in the verifiable statement, or it can be a verifiable statement.
  • Some specified declaration fields in the verification statement such as the declaration fields related to user information in the verification statement (such as name, date of birth, ID card number, and other declaration fields), etc.
  • all the statement fields in the verifiable statement can be taken as an example for description.
  • Step A4 If the above field value includes a field value that meets a predetermined composition rule, the second server obtains the statement index information corresponding to the verifiable statement, and the statement index information records that the field value is plain text or the field value is cipher text.
  • the predetermined composition rule may be a ciphertext composition rule obtained by encrypting the original field value based on a specified hash algorithm, etc.
  • the predetermined composition rule may be determined according to actual conditions, which is not limited in the embodiment of this specification.
  • the declared index information can be information used to record the value of a certain field in plaintext or ciphertext.
  • the declared index information can have multiple presentation forms. For example, the declared index information can be presented in the form of a Claim index field, and it can pass "0" or The "1" mode records whether each field value is plaintext or ciphertext, or the field value of the ciphertext can also be recorded by marking "hash" (as the example in step S304 above), and the remaining field values are plaintext.
  • the verifiable statement it may not be able to accurately distinguish which field value is plain text and which field value is cipher text.
  • a user’s ID number is a string of numbers, and the user’s ID number is encrypted. After it is still a string of numbers, it may not be possible to determine whether the ID number is ciphertext or plaintext. For this reason, the first server can generate the statement index information corresponding to the verifiable statement while generating the verifiable statement.
  • the second server After the second server obtains the field value of the statement field contained in the verifiable statement, it can analyze each field value to determine whether each field value meets the predetermined composition rule, and if one or more of the field values meet the predetermined In order to determine which fields are in plaintext and which fields are in ciphertext, so that the corresponding field values can be processed later, the verifiable statement can be obtained from the first server. Verify the statement index information corresponding to the statement. The information recorded in the statement index information can determine which fields in the verifiable statement are in plaintext and which fields are in ciphertext.
  • Step A6 The second server encrypts the field value of the plain text contained in the verifiable statement based on the specified hash algorithm according to the statement index information.
  • the field values of the plain text can be found from the verifiable declaration, and
  • the field value of the plaintext contained in the verifiable statement is encrypted based on the specified hash algorithm to obtain the ciphertext of the field value.
  • the specified hash algorithm can be the MD5 algorithm, and the MD5 algorithm can be used to calculate the field value of each plaintext separately to obtain the MD5 value corresponding to each field value.
  • the column algorithm ie, the MD5 algorithm
  • the field value of the ciphertext contained in the verifiable statement is also the corresponding MD5 value. In this way, the field value of the statement field contained in the verifiable statement is all the MD5 value.
  • step S310 the second server determines the Merkel root corresponding to the ciphertext in the verifiable statement based on the ciphertext in the verifiable statement.
  • the Kerr tree method verifies the validity of the verifiable statement.
  • the Merkle tree ie Merkle tree
  • the construction of a complete Merkle tree requires recursively The node pairs are hashed, and the newly generated hash node is inserted into the Merkle tree until there is only one node left (this node is the root node of the Merkle tree).
  • the value corresponding to the root node of the Merkle tree is calculated, and the value corresponding to the root node can be regarded as the Merkle root.
  • the field values of the statement fields included in the statement are all MD5 values
  • the corresponding Merkel tree can be constructed from the above MD5 values to obtain a Merkel tree composed of MD5 values.
  • the Merkel tree will contain a root node, and the MD5 value of the root node can be calculated based on the above MD5 value, and the obtained MD5 value of the root node can be used as the Merkel root corresponding to the ciphertext in the verifiable statement.
  • step S310 can be various. In addition to the above methods, it can also be implemented in other ways.
  • the following provides an optional processing method, but it does not specifically include the following steps B2 to B6. .
  • step B2 the second server constructs a binary tree based on the cipher text corresponding to the declared fields contained in the verifiable statement according to the order of the declared fields in the verifiable statement.
  • the binary tree may have a tree structure in which each node has at most two subtrees.
  • the second server can determine the order in which the various statement fields in the verifiable statement appear in the verifiable statement. For example, the verifiable statement records from front to back: "Name”: “Zhang San”, “Gender”: “Male”, “Date of birth”: "19880102", the order in which the statement fields in the verifiable statement appear in the verifiable statement is: name-gender-date of birth, or it can be the statement in the verifiable statement. The order of the fields from back to front, etc., in practical applications, may also be in other order, which is not limited in the embodiment of this specification.
  • the second server can obtain the order of the declared fields in the verifiable statement.
  • the second server can construct a binary tree based on the ciphertext corresponding to the declared fields contained in the verifiable statement according to the order of the declared fields in the verifiable statement. .
  • a node can be constructed based on the ciphertext corresponding to the name, and a node can be constructed based on the ciphertext corresponding to the gender, and then a new node can be generated through the above two nodes.
  • a node can be constructed based on the ciphertext corresponding to the date of birth, and then a second new node can be generated by constructing a node based on the ciphertext corresponding to the date of birth and the new node generated to form a complete binary tree.
  • Step B4 The second server determines the check value of the root node in the above binary tree according to the Merkel algorithm.
  • a binary tree can be constructed by the method in step B2 above.
  • the binary tree includes multiple nodes (including leaf nodes and root nodes, etc.).
  • the nodes in the binary tree can be calculated step by step according to the Merkel algorithm to obtain each
  • the check value of each node is used to obtain the check value of the root node in the binary tree.
  • the ciphertext corresponding to the name and the ciphertext corresponding to the gender can be combined into a piece of information, and the hash value of the piece of information can be calculated by a specified hash algorithm, and then the calculated hash value corresponding to the date of birth
  • the ciphertext is combined into a piece of information, and the hash value of the piece of information is calculated through the specified hash algorithm again, and the finally calculated hash value can be used as the check value of the root node in the binary tree.
  • Step B6 The second server determines the check value of the root node in the above binary tree as the Merkel root corresponding to the ciphertext in the verifiable statement.
  • step S312 the second server verifies the validity of the verifiable statement based on the verification information in the above-mentioned Merkel root and verifiable statement.
  • the verification information in the verifiable statement can include the Merkel root corresponding to the cipher text in the verifiable statement.
  • the calculated Merkel root can be combined with the verification information in the verifiable statement. Merkel root makes a comparison. If the two are the same, it indicates that the verifiable claim is valid. If the two are different, it indicates that the verifiable claim is invalid. At this time, the same notification message can be sent to the business processing requester.
  • step S312 can be processed in a variety of ways. In addition to the above-mentioned methods, it can also be implemented in many other ways.
  • the following provides an optional processing method, which can specifically include the following steps C2 to C6 Processing.
  • Step C2 The second server obtains the verification information in the verifiable statement and the key corresponding to the verifiable statement.
  • the verification information in the verifiable statement may be the signature information obtained after signing the Merkel root corresponding to the ciphertext in the verifiable statement, where the Merkel root corresponding to the ciphertext in the verifiable statement
  • the signature processing can be a process of using a key to encrypt the Merkel root corresponding to the ciphertext in the verifiable statement.
  • the Merkel root corresponding to the ciphertext in the verifiable statement is signed and processed. It may be processed in other ways, which is not limited in the embodiment of this specification.
  • the process of encrypting the Merkel root corresponding to the ciphertext in the verifiable statement using a key is taken as an example for description.
  • the key can be the public key of the provider of the verifiable claim, etc.
  • the second server can find the verification information from the verifiable statement, and can extract the verifiable information therefrom.
  • the key (such as a public key, etc.) of the verifiable claim can also be obtained from the provider of the verifiable claim.
  • the signature information can be obtained by the provider of the verifiable claim through the private key of the encryption process, and the Merkel root corresponding to the signature information can be obtained through the public key of the provider of the verifiable claim.
  • Step C4 The second server verifies the verification information in the verifiable statement based on the key to obtain the reference Merkel root corresponding to the verification information in the verifiable statement.
  • the key corresponding to the verifiable statement (such as the public key of the provider of the verifiable statement) can be used to verify the verification information in the verifiable statement (that is, the process of verifying the signature information), if the verification is successful , You can get the benchmark Merkel root corresponding to the verification information in the verifiable statement. If the verification fails, it indicates that the verifiable statement may be at risk.
  • Step C6 The second server determines that the verifiable statement is valid if the aforementioned Merkel root matches the reference Merkel root.
  • An optional processing method is provided below, which may specifically include the following content: the verification of the verifiable statement based on the above specified hash algorithm
  • the field value of the plaintext contained in is encrypted, where the specified hash algorithm is the same as the algorithm used in the hash processing in the specified blockchain, and the specified blockchain stores the hash value of the verifiable claim.
  • the hash value of the verifiable statement corresponding to the statement identifier can be obtained from the specified blockchain above, and then, based on the specified block
  • the hash value corresponding to the field value of each field contained in the verification statement can be obtained by matching the hash value corresponding to the field value of each field with the hash value or ciphertext of the above plaintext. If each field of both parties If the hash values corresponding to the field values of all match, the claim can be verified as valid, otherwise, the claim can be verified as invalid.
  • step S314 if the verification result is valid, the second server executes the business processing corresponding to the business processing request based on the field value of the statement field corresponding to the business requirement in the verifiable statement.
  • the second server is based on the verifiable statement corresponding to the above business requirements
  • the business processing For example, in the information recommendation business, a piece of information to be recommended needs to be recommended to users with a bachelor’s degree or above. In the business process, it is necessary to determine whether the user has a bachelor’s degree or a bachelor’s degree or above. For this, the user’s The field value of the "Education Information" declaration field.
  • the first server can keep the field value of the user's "Education Information" declaration field in plaintext, and the field values of other declaration fields are encrypted, and then the second server is executing
  • the processed verifiable statement can be validated based on the above processing process.
  • the second server can use the field value of the "educational information" statement field to determine whether the user is The requirements for information recommendation are met. If they are met, the corresponding information can be pushed to the user. If they are not met, the next user can be acquired to continue the above processing process to push the corresponding information to the corresponding user.
  • the embodiment of this specification provides a business processing method based on a verifiable statement. Based on the target business to be processed, the required target statement field is determined, and the field value of the target statement field is kept in plain text.
  • the field value of at least one of the declared fields other than the field is encrypted, so that in the user’s verifiable information, the declaration field that is not required to be used in the target business is encrypted to prevent the declaration field outside the target declaration field from being encrypted.
  • the field value is leaked, which can effectively ensure that user information is stored safely, and users can manage their user information (that is, information that can be encrypted), and can control and show user information to relevant third parties without worrying Some data leaks.
  • data processing is performed on the verifiable statement, that is, the field value of the statement field required by the target business is plain text, and the value of at least one of the other statement fields is
  • the field value is the ciphertext encrypted based on the specified hash algorithm, and then the validity of the verifiable statement is verified, and when the verification result is valid, based on the field value of the statement field required by the target business, execute the target business correspondence
  • the safe storage of user information is further ensured.
  • the above embodiment of this specification provides a business processing method based on a verifiable statement. Based on the same idea, the embodiment of this specification also provides a service processing device based on a verifiable statement, as shown in FIG. 4.
  • the service processing device based on a verifiable statement includes: a request receiving module 401, a verification module 402, and a service processing module 403.
  • the request receiving module 401 receives a service processing request for a target service, wherein the target service is based on a verifiable claim Processing, the business processing request includes the verifiable statement processed by the first data processing rule; in the verifiable statement processed by the first data processing rule, the field value of the statement field required by the target business It is plain text, and the field value of at least one of the remaining statement fields is the cipher text that has been encrypted based on the specified hash algorithm; the verification module 402 verifies the validity of the verifiable statement; the business processing module 403, if If the verification result is valid, the business processing corresponding to the target business is executed based on the field value of the statement field required by the target business in the verifiable statement.
  • the verification module 402 includes: an encryption unit that encrypts the field value of the plaintext contained in the verifiable statement based on the specified hash algorithm; the Merkel root determination unit is based on the specified hash algorithm; The ciphertext in the verifiable statement determines the Merkel root corresponding to the ciphertext in the verifiable statement; the verification unit, based on the Merkel root and the verification information in the verifiable statement, The validity of the verification statement can be verified.
  • the encryption unit obtains the field value of the statement field contained in the verifiable statement; if the field value includes a field value that satisfies a predetermined composition rule, obtains the corresponding verifiable statement
  • the statement index information it is recorded that the field value is plaintext or the field value is ciphertext; according to the statement index information, based on the specified hash algorithm, the verifiable statement contains The field value of the plaintext is encrypted.
  • the Merkel root determination unit constructs a binary tree based on the ciphertext corresponding to the declared fields contained in the verifiable statement according to the order of the declared fields in the verifiable statement; according to the Merkel algorithm , Determine the check value of the root node in the binary tree; determine the check value of the root node in the binary tree as the Merkel root corresponding to the ciphertext in the verifiable statement.
  • the verification information in the verifiable statement is signature information
  • the verification unit obtains the verification information in the verifiable statement and the key corresponding to the verifiable statement; based on the key Perform signature verification processing on the verification information in the verifiable statement to obtain the reference Merkel root corresponding to the verification information in the verifiable statement; if the Merkel root matches the reference Merkel root , It is determined that the verifiable statement is valid.
  • the embodiment of this specification provides a business processing device based on a verifiable statement.
  • data processing is performed on the verifiable statement, that is, the field of the statement field required by the target business
  • the value is plain text
  • the field value of at least one of the remaining claim fields is the cipher text that has been encrypted based on the specified hash algorithm, and then the validity of the verifiable claim is verified, and when the verification result is valid, based on the target
  • the field value of the statement field required by the business executes the business processing corresponding to the target business, so that by verifying the validity of the verifiable statement, and then using the field value in the verifiable statement, the safe storage of user information can be effectively guaranteed.
  • the embodiment of this specification also provides a service processing device based on a verifiable statement, as shown in FIG. 5.
  • the business processing device based on the verifiable statement includes: a field determination module 501, a data processing module 502, and a business processing module 503.
  • the field determination module 501 determines the target business to be processed according to the verifiable statement holding the user’s target business.
  • the first data processing rule includes: keeping the field value of the target statement field as plain text, and encrypting the field value of at least one of the statement fields other than the target statement field in the verifiable statement Processing, the encryption processing is encryption processing based on a specified hash algorithm; the business processing module 503 performs business processing corresponding to the target business based on the verifiable statement after data processing.
  • the service processing module 503 sends a service processing request of the target service to the service processor of the target service, and the service processing request includes the verifiable statement after the data processing;
  • the business processor is enabled to perform business processing on the target business based on the verifiable statement after the data processing.
  • the specified hash algorithm is the same as the algorithm used in the hash processing in the specified blockchain; the specified blockchain stores the hash value of the verifiable statement.
  • it further includes: an instruction information receiving module to receive instruction information of the service processor; the instruction information is used to instruct the user holding the verifiable claim to send the target service to the service processor Business processing request.
  • the embodiment of this specification provides a business processing device based on a verifiable statement.
  • the target business to be processed by the user determines the required target statement field, keeps the field value of the target statement field in plain text, and removes the target statement from the verifiable statement.
  • the field value of at least one of the declared fields other than the field is encrypted, so that in the user’s verifiable information, the declaration field that is not required to be used in the target business is encrypted to prevent the declaration field outside the target declaration field from being encrypted. The field value is leaked, which can effectively ensure that user information is stored safely.
  • the service processing device based on verifiable claims provided in the above embodiments of this specification, based on the same idea, the embodiments of this specification also provide a service processing device based on verifiable claims, as shown in FIG. 6.
  • the service processing device based on the verifiable statement may be the second server provided in the foregoing embodiment, and the second server may be a server of the party that processes one or more services based on the verifiable statement.
  • Business processing equipment based on verifiable claims may have relatively large differences due to different configurations or performances, and may include one or more processors 601 and a memory 602, and the memory 602 may store one or more storage applications or data .
  • the memory 602 may be short-term storage or persistent storage.
  • the application program stored in the memory 602 may include one or more modules (not shown in the figure), and each module may include a series of computer-executable instructions for a business processing device based on a verifiable statement.
  • the processor 601 may be configured to communicate with the memory 602, and execute a series of computer-executable instructions in the memory 602 on a service processing device based on a verifiable statement.
  • the service processing equipment based on the verifiable statement may also include one or more power sources 603, one or more wired or wireless network interfaces 604, one or more input and output interfaces 605, and one or more keyboards 606.
  • the business processing device based on verifiable claims includes a memory and one or more programs.
  • One or more programs are stored in the memory, and one or more programs may include one or more programs.
  • Modules, and each module may include a series of computer-executable instructions in a business processing device based on verifiable claims, and is configured to be executed by one or more processors.
  • the one or more programs include a computer for performing the following Executable instruction: receiving a business processing request of a target business, wherein the target business is processed based on a verifiable statement, and the business processing request includes the verifiable statement processed by the first data processing rule;
  • the field value of the statement field required by the target business is plaintext, and the field value of at least one statement field in the remaining statement fields is ciphertext encrypted based on a specified hash algorithm;
  • the validity of the verifiable statement is verified; if the verification result is valid, the business processing corresponding to the target business is executed based on the field value of the statement field required by the target business in the verifiable statement.
  • the verification of the validity of the verifiable statement includes: encrypting the field value of the plain text contained in the verifiable statement based on the specified hash algorithm; and based on the verifiable statement; Verify the ciphertext in the statement to determine the Merkel root corresponding to the ciphertext in the verifiable statement; based on the Merkel root and the verification information in the verifiable statement, the validity of the verifiable statement Verification.
  • the encrypting the field value of the plain text contained in the verifiable statement based on the specified hash algorithm includes: obtaining the field value of the statement field contained in the verifiable statement; if If the field value includes a field value that satisfies a predetermined composition rule, the statement index information corresponding to the verifiable statement is obtained, and the statement index information records that the field value is plain text or the field value is cipher text According to the statement index information, the field value of the plaintext contained in the verifiable statement is encrypted based on the specified hash algorithm.
  • the determining the Merkel root corresponding to the ciphertext in the verifiable statement based on the ciphertext in the verifiable statement includes: in accordance with the order of the statement fields in the verifiable statement, Construct a binary tree based on the ciphertext corresponding to the statement field contained in the verifiable statement; determine the check value of the root node in the binary tree according to the Merkel algorithm; determine the check value of the root node in the binary tree as the verifiable statement
  • the ciphertext in the verification statement corresponds to the Merkel root.
  • the verification information in the verifiable statement is signature information, and the validity of the verifiable statement is verified based on the Merkel root and the verification information in the verifiable statement , Including: obtaining the verification information in the verifiable statement and the key corresponding to the verifiable statement; performing verification processing on the verification information in the verifiable statement based on the key to obtain the verifiable statement The verification information in the corresponding reference Merkel root; if the Merkel root matches the reference Merkel root, it is determined that the verifiable statement is valid.
  • the embodiment of this specification provides a business processing device based on a verifiable statement.
  • data processing is performed on the verifiable statement, that is, the field of the statement field required by the target business
  • the value is plain text
  • the field value of at least one of the remaining claim fields is the cipher text that has been encrypted based on the specified hash algorithm, and then the validity of the verifiable claim is verified, and when the verification result is valid, based on the target
  • the field value of the statement field required by the business executes the business processing corresponding to the target business, so that by verifying the validity of the verifiable statement, and then using the field value in the verifiable statement, the safe storage of user information can be effectively guaranteed.
  • the embodiment of this specification also provides a service processing device based on a verifiable statement, as shown in FIG. 7.
  • the service processing device based on the verifiable statement may be the first server provided in the above-mentioned embodiment, and the first server may be a server on the side of the statement holding user or a server of the agent that performs encryption processing for the statement holding the user’s statement .
  • Business processing equipment based on verifiable claims may have relatively large differences due to different configurations or performances, and may include one or more processors 701 and a memory 702, and the memory 702 may store one or more storage applications or data .
  • the memory 702 may be short-term storage or persistent storage.
  • the application program stored in the memory 702 may include one or more modules (not shown in the figure), and each module may include a series of computer-executable instructions for a business processing device based on verifiable claims.
  • the processor 701 may be configured to communicate with the memory 702, and execute a series of computer-executable instructions in the memory 702 on a service processing device based on a verifiable statement.
  • the service processing device based on the verifiable statement may also include one or more power supplies 703, one or more wired or wireless network interfaces 704, one or more input and output interfaces 705, and one or more keyboards 706.
  • the business processing device based on verifiable claims includes a memory and one or more programs.
  • One or more programs are stored in the memory, and one or more programs may include one or more programs.
  • Modules, and each module may include a series of computer-executable instructions in a business processing device based on verifiable claims, and is configured to be executed by one or more processors.
  • the one or more programs include a computer for performing the following Executable instruction: according to the target business to be processed of the user holding the verifiable claim, determine the target statement field required by the target business; the target statement field is at least one statement field in the verifiable statement; based on The first data processing rule performs data processing on the verifiable statement; the first data processing rule includes: keeping the field value of the target statement field as plain text, and removing the target statement field from the verifiable statement The field value of at least one of the other statement fields is encrypted, and the encryption is based on a specified hash algorithm; based on the verifiable statement after data processing, the business processing corresponding to the target business is performed .
  • the performing the business processing corresponding to the target business based on the verifiable statement after data processing includes: sending the business processing request of the target business to the business processing party of the target business, the The business processing request includes the verifiable statement after the data processing; so that the business processor performs business processing on the target business based on the verifiable statement after the data processing.
  • the specified hash algorithm is the same as the algorithm used in the hash processing in the specified blockchain; the specified blockchain stores the hash value of the verifiable statement.
  • the verifiable statement based on the data processing, before performing the business processing corresponding to the target business further includes: receiving instruction information from the business processor; the instruction information is used to indicate the verifiable The declared holder user sends a service processing request of the target service to the service processing party.
  • the embodiment of this specification provides a business processing device based on a verifiable statement.
  • the target business to be processed by the user determines the required target statement field, and keeps the field value of the target statement field as plain text. Except the target statement in the verifiable statement
  • the field value of at least one of the declared fields other than the field is encrypted, so that in the user’s verifiable information, the declaration field that is not required to be used in the target business is encrypted to prevent the declaration field outside the target declaration field from being encrypted.
  • the field value is leaked, which can effectively ensure that user information is stored safely, and users can manage their user information (that is, information that can be encrypted), and can control and present user information to relevant third parties without worrying Some data leaks.
  • the improvement of a technology can be clearly distinguished between hardware improvements (for example, improvements in circuit structures such as diodes, transistors, switches, etc.) or software improvements (improvements in method flow).
  • hardware improvements for example, improvements in circuit structures such as diodes, transistors, switches, etc.
  • software improvements improvements in method flow.
  • the improvement of many methods and processes of today can be regarded as a direct improvement of the hardware circuit structure.
  • Designers almost always get the corresponding hardware circuit structure by programming the improved method flow into the hardware circuit. Therefore, it cannot be said that the improvement of a method flow cannot be realized by the hardware entity module.
  • a programmable logic device Programmable Logic Device, PLD
  • PLD Programmable Logic Device
  • FPGA Field Programmable Gate Array
  • HDL Hardware Description Language
  • ABEL Advanced Boolean Expression Language
  • AHDL Altera Hardware Description Language
  • HDCal JHDL
  • Lava Lava
  • Lola MyHDL
  • PALASM RHDL
  • VHDL Very-High-Speed Integrated Circuit Hardware Description Language
  • Verilog Verilog
  • the controller can be implemented in any suitable manner.
  • the controller can take the form of, for example, a microprocessor or a processor and a computer-readable medium storing computer-readable program codes (such as software or firmware) executable by the (micro)processor. , Logic gates, switches, application specific integrated circuits (ASICs), programmable logic controllers and embedded microcontrollers. Examples of controllers include but are not limited to the following microcontrollers: ARC625D, Atmel AT91SAM, Microchip PIC18F26K20 and Silicon Labs C8051F320, the memory controller can also be implemented as part of the memory control logic.
  • controller in addition to implementing the controller in a purely computer-readable program code manner, it is entirely possible to program the method steps to make the controller use logic gates, switches, application specific integrated circuits, programmable logic controllers and embedded
  • the same function can be realized in the form of a microcontroller, etc. Therefore, such a controller can be regarded as a hardware component, and the devices included in it for realizing various functions can also be regarded as a structure within the hardware component. Or even, the device for realizing various functions can be regarded as both a software module for realizing the method and a structure within a hardware component.
  • a typical implementation device is a computer.
  • the computer can be, for example, a personal computer, a laptop computer, a cell phone, a camera phone, a smart phone, a personal digital assistant, a media player, a navigation device, an email device, a game console, a tablet computer, a wearable device, or Any combination of these devices.
  • embodiments of this specification can be provided as a method, a system, or a computer program product. Therefore, one or more embodiments of this specification may adopt the form of a complete hardware embodiment, a complete software embodiment, or an embodiment combining software and hardware. Moreover, one or more embodiments of this specification may adopt computer programs implemented on one or more computer-usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) containing computer-usable program codes. The form of the product.
  • computer-usable storage media including but not limited to disk storage, CD-ROM, optical storage, etc.
  • These computer program instructions can be provided to general-purpose computers, special-purpose computers, embedded processors, or other processors that can program business processing equipment based on verifiable claims to generate a machine, so that a computer or other programmable business based on verifiable claims
  • the instructions executed by the processor of the processing device generate means for implementing the functions specified in one or more processes in the flowchart and/or one or more blocks in the block diagram.
  • These computer program instructions can also be stored in a computer-readable memory that can guide a computer or other programmable business processing equipment based on verifiable claims to work in a specific manner, so that the instructions stored in the computer-readable memory generate instructions that include the instruction device.
  • the instruction device realizes the functions specified in one or more processes in the flowchart and/or one or more blocks in the block diagram.
  • These computer program instructions can also be loaded on a computer or other programmable business processing equipment based on verifiable claims, so that a series of operation steps are executed on the computer or other programmable equipment to produce computer-implemented processing, so that the computer or other
  • the instructions executed on the programming device provide steps for implementing functions specified in one or more processes in the flowchart and/or one block or more in the block diagram.
  • the computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
  • processors CPUs
  • input/output interfaces network interfaces
  • memory volatile and non-volatile memory
  • the memory may include non-permanent memory in computer readable media, random access memory (RAM) and/or non-volatile memory, such as read-only memory (ROM) or flash memory (flash RAM). Memory is an example of computer readable media.
  • RAM random access memory
  • ROM read-only memory
  • flash RAM flash memory
  • Computer-readable media include permanent and non-permanent, removable and non-removable media, and information storage can be realized by any method or technology.
  • the information can be computer-readable instructions, data structures, program modules, or other data.
  • Examples of computer storage media include, but are not limited to, phase change memory (PRAM), static random access memory (SRAM), dynamic random access memory (DRAM), other types of random access memory (RAM), read-only memory (ROM), electrically erasable programmable read-only memory (EEPROM), flash memory or other memory technology, CD-ROM, digital versatile disc (DVD) or other optical storage, Magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices or any other non-transmission media can be used to store information that can be accessed by computing devices. According to the definition in this article, computer-readable media does not include transitory media, such as modulated data signals and carrier waves.
  • one or more embodiments of this specification can be provided as a method, a system or a computer program product. Therefore, one or more embodiments of this specification may adopt the form of a complete hardware embodiment, a complete software embodiment, or an embodiment combining software and hardware. Moreover, one or more embodiments of this specification may adopt computer programs implemented on one or more computer-usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) containing computer-usable program codes. The form of the product.
  • computer-usable storage media including but not limited to disk storage, CD-ROM, optical storage, etc.
  • One or more embodiments of this specification may be described in the general context of computer-executable instructions executed by a computer, such as program modules.
  • program modules include routines, programs, objects, components, data structures, etc. that perform specific tasks or implement specific abstract data types.
  • One or more embodiments of this specification can also be practiced in distributed computing environments. In these distributed computing environments, tasks are performed by remote processing devices connected through a communication network. In a distributed computing environment, program modules can be located in local and remote computer storage media including storage devices.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Medical Informatics (AREA)
  • Storage Device Security (AREA)

Abstract

La divulgation concerne un procédé, un appareil et un dispositif de traitement de service basé sur une revendication vérifiable. Le procédé consiste : à recevoir une demande de traitement de service d'un service cible, le service cible étant traité sur la base d'une revendication vérifiable, la demande de traitement de service comprenant la revendication vérifiable traitée par une première règle de traitement de données, dans la revendication vérifiable traitée par la première règle de traitement de données, la valeur d'un champ de revendication requis par le service cible étant un texte en clair, et la valeur de champ d'au moins un des champs de revendication restants étant un texte chiffré qui est chiffré sur la base d'un algorithme de hachage spécifié ; ensuite, à vérifier la validité de la revendication vérifiable ; et si le résultat de vérification est valide, à effectuer un traitement de service correspondant au service cible sur la base de la valeur du champ de revendication requis par le service cible dans la revendication vérifiable.
PCT/CN2020/121874 2019-12-11 2020-10-19 Procédé, appareil et dispositif de traitement de service basé sur une revendication véritable WO2021114872A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201911277737.7 2019-12-11
CN201911277737.7A CN111125731A (zh) 2019-12-11 2019-12-11 一种基于可验证声明的业务处理方法、装置及设备

Publications (1)

Publication Number Publication Date
WO2021114872A1 true WO2021114872A1 (fr) 2021-06-17

Family

ID=70498529

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2020/121874 WO2021114872A1 (fr) 2019-12-11 2020-10-19 Procédé, appareil et dispositif de traitement de service basé sur une revendication véritable

Country Status (3)

Country Link
CN (1) CN111125731A (fr)
TW (1) TW202123040A (fr)
WO (1) WO2021114872A1 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116896440A (zh) * 2023-09-11 2023-10-17 中国信息通信研究院 基于区块链的声明数据的验证方法和装置、设备和介质

Families Citing this family (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111125731A (zh) * 2019-12-11 2020-05-08 支付宝(杭州)信息技术有限公司 一种基于可验证声明的业务处理方法、装置及设备
CN111342966B (zh) * 2020-05-22 2020-08-25 支付宝(杭州)信息技术有限公司 一种数据的存储方法、数据的恢复方法、装置及设备
CN113127516B (zh) * 2020-07-31 2023-12-12 支付宝(杭州)信息技术有限公司 一种区块链数据的处理方法、装置及设备
CN112052244A (zh) * 2020-09-08 2020-12-08 浙江省交通规划设计研究院有限公司 建立模型属性的方法、装置、电子设备及存储介质
CN112182509A (zh) * 2020-09-16 2021-01-05 支付宝(杭州)信息技术有限公司 一种合规数据的异常检测方法、装置及设备
CN112200585B (zh) * 2020-11-10 2021-08-20 支付宝(杭州)信息技术有限公司 业务处理方法、装置、设备及系统
CN112579321A (zh) * 2020-12-23 2021-03-30 京东数字科技控股股份有限公司 业务数据的下载方法、装置及设备
CN114944937B (zh) * 2022-04-19 2024-04-09 网易(杭州)网络有限公司 分布式数字身份验证方法、系统、电子设备及存储介质
CN114896964A (zh) * 2022-05-24 2022-08-12 中国银行股份有限公司 数据有效性的验证方法及装置

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20190222424A1 (en) * 2018-01-12 2019-07-18 Nok Nok Labs, Inc. System and method for binding verifiable claims
CN110224837A (zh) * 2019-06-06 2019-09-10 西安纸贵互联网科技有限公司 基于分布式身份标识的零知识证明方法及终端
CN111125731A (zh) * 2019-12-11 2020-05-08 支付宝(杭州)信息技术有限公司 一种基于可验证声明的业务处理方法、装置及设备

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110493007B (zh) * 2019-09-06 2021-07-13 腾讯科技(深圳)有限公司 一种基于区块链的信息验证方法、装置、设备及存储介质

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20190222424A1 (en) * 2018-01-12 2019-07-18 Nok Nok Labs, Inc. System and method for binding verifiable claims
CN110224837A (zh) * 2019-06-06 2019-09-10 西安纸贵互联网科技有限公司 基于分布式身份标识的零知识证明方法及终端
CN111125731A (zh) * 2019-12-11 2020-05-08 支付宝(杭州)信息技术有限公司 一种基于可验证声明的业务处理方法、装置及设备

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
WILLEKE DE ROOIJ: "Verifiable Claims for Digital identity", VX COMPANY, 10 August 2018 (2018-08-10), pages 1 - 8, XP055822490, Retrieved from the Internet <URL:https://vxcompany.com/insight/verifiable-claims-for-digital-identity/> [retrieved on 20210708] *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116896440A (zh) * 2023-09-11 2023-10-17 中国信息通信研究院 基于区块链的声明数据的验证方法和装置、设备和介质
CN116896440B (zh) * 2023-09-11 2023-11-10 中国信息通信研究院 基于区块链的声明数据的验证方法和装置、设备和介质

Also Published As

Publication number Publication date
TW202123040A (zh) 2021-06-16
CN111125731A (zh) 2020-05-08

Similar Documents

Publication Publication Date Title
WO2021114872A1 (fr) Procédé, appareil et dispositif de traitement de service basé sur une revendication véritable
WO2021068636A1 (fr) Procédé, appareil, dispositif et système de création sur chaîne de blocs d&#39;une revendication vérifiable
WO2021209041A1 (fr) Traitement d&#39;autorisation reposant sur un justificatif d&#39;identité vérifiable
RU2728524C1 (ru) Способ и устройство консенсусной верификации
CN109951489B (zh) 一种数字身份认证方法、设备、装置、系统及存储介质
US11288371B2 (en) Blockchain-based data processing method, apparatus, and device
US10116645B1 (en) Controlling use of encryption keys
ES2935164T3 (es) Método para registrar y compartir una identidad digital de un usuario usando contabilidad distribuida
KR20210041404A (ko) 전자 장치 및 그 전자 장치를 이용한 블록체인 주소 관리 방법
CN110263544B (zh) 结合交易类型和判断条件的收据存储方法和节点
CN110245947B (zh) 结合交易与用户类型的条件限制的收据存储方法和节点
WO2020233637A1 (fr) Procédé de stockage de reçu combinant un marquage de code avec un type d&#39;utilisateur, et nœud
CN110245942B (zh) 结合用户类型和判断条件的收据存储方法和节点
WO2020258840A1 (fr) Procédé et appareil de traitement de transaction basée sur une chaîne de blocs, et dispositif électronique
WO2020233614A1 (fr) Procédé et nœud de stockage de reçu conditionnel combinant un étiquetage de code avec un type d&#39;événement
US11496293B2 (en) Service-to-service strong authentication
CN110474775B (zh) 一种块链式账本中的用户创建方法、装置及设备
TWI782502B (zh) 資訊驗證方法、裝置及設備
CN114065271A (zh) 数据处理方法及装置
US11349658B2 (en) Blockchain data processing method, apparatus, and device
CN113922962A (zh) 一种数字身份属性的选择性披露方法和装置
CN114826736A (zh) 信息共享方法、装置、设备及存储介质
CN113901424A (zh) 一种数字身份属性的选择性披露方法和装置
CN112182509A (zh) 一种合规数据的异常检测方法、装置及设备
US20200213100A1 (en) Multi-chain information management method, storage medium and blockchain identity parser

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 20898424

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 20898424

Country of ref document: EP

Kind code of ref document: A1