CN109670825B - Digital asset real name registration system based on certificate association - Google Patents

Digital asset real name registration system based on certificate association Download PDF

Info

Publication number
CN109670825B
CN109670825B CN201811563235.6A CN201811563235A CN109670825B CN 109670825 B CN109670825 B CN 109670825B CN 201811563235 A CN201811563235 A CN 201811563235A CN 109670825 B CN109670825 B CN 109670825B
Authority
CN
China
Prior art keywords
identity
user
asset
information
real
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201811563235.6A
Other languages
Chinese (zh)
Other versions
CN109670825A (en
Inventor
姚前
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Priority to CN201811563235.6A priority Critical patent/CN109670825B/en
Publication of CN109670825A publication Critical patent/CN109670825A/en
Application granted granted Critical
Publication of CN109670825B publication Critical patent/CN109670825B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/36Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes
    • G06Q20/367Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes involving electronic purses or money safes
    • G06Q20/3674Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes involving electronic purses or money safes involving authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3829Payment protocols; Details thereof insuring higher security of transaction involving key management
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4014Identity check for transactions
    • G06Q20/40145Biometric identity checks
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • G06Q40/04Trading; Exchange, e.g. stocks, commodities, derivatives or currency exchange

Landscapes

  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Engineering & Computer Science (AREA)
  • Finance (AREA)
  • Strategic Management (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Development Economics (AREA)
  • Economics (AREA)
  • Marketing (AREA)
  • Technology Law (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention discloses a certificate association-based digital asset real name registration system, and relates to the technical field of digital assets. One embodiment of the system comprises: the system comprises an asset hosting system, an asset application terminal system, an identity authentication module and a certificate authentication center; the asset application terminal system sends the asset ledger address and the signed identity authentication request to the asset hosting system; the asset hosting system sends the signed identity authentication request to an identity authentication module; the identity authentication module returns an identity authentication result to the asset hosting system; the asset hosting system generates identity information according to the identity authentication result and sends the identity information and the public key to a certificate authentication center; the certificate authentication center generates an identity certificate; the asset hosting system registers the real-name ledger record for the user. The identity authentication module is adopted to uniformly manage the identity information of the user, so that the management and the maintenance are convenient, and the safety is high; based on the identity information and the asset account book address of the certificate association user, the safety is high.

Description

Digital asset real name registration system based on certificate association
Technical Field
The invention relates to the technical field of digital assets, in particular to a digital asset real-name registration system based on certificate association.
Background
At present, the blockchain technology is rapidly developed, and the blockchain is used as a decentralized novel distributed database computing paradigm, so that technical support is provided for the operation of various digital assets on a distributed network. The digital assets run on a distributed network of a block chain, the global multi-node consensus accounting is carried out in a mode of sharing an account book without depending on accounting of a specific third party or a central party, and a safety system of technical guarantee is realized through an encryption algorithm. In some designs of real-name asset trading and financing methods based on the blockchain technology, the traditional method is realized by a centralized system, a certain third party serves as a service provider, all participating parties are connected to the third party platform, and the third party is relied on to carry out indirect trading.
In the process of implementing the invention, the inventor finds that at least the following problems exist in the prior art:
1) Existing blockchain wallets are anonymous and cannot be truly mapped to the real-name identity of traditional assets or to the identity of a user on an existing asset registration platform.
2) Existing blockchain wallets lack the ability to interact with an asset check-in platform.
3) Existing blockchain wallets and asset registration platforms lack unified identity management and applications.
Disclosure of Invention
In view of this, embodiments of the present invention provide a certificate association-based digital asset real-name registration system, which implements unified management of a blockchain ledger address, user real-name authentication, and a user identity certificate, thereby avoiding a drawback of transaction control by a main body, and solving various problems of a conventional third-party system, thereby implementing a distributed network application ecological environment that is more efficient, safe, and reliable in digital economy. The system is an innovative operation mode for controlling transactions based on the blockchain technology, and provides a foundation for realizing various complex transactions by a technical means without depending on a third party in the future.
In order to achieve the above object, an embodiment of the present invention provides a digital asset real name registration system based on certificate association.
The digital asset real name registration system based on certificate association according to the embodiment of the invention comprises: the system comprises an asset hosting system, an asset application terminal system, an identity authentication module and a certificate authentication center; wherein,
the identity authentication module associates real-name identity element information and identity identification information of the user according to a registration request of the user;
the asset application terminal system generates a public key and a private key of a user; generating an asset ledger address of the user according to the public key, and sending the public key and the asset ledger address to the asset hosting system; generating an identity authentication request, signing the identity authentication request by using the private key, and sending the signed identity authentication request to the asset hosting system;
the asset hosting system sends the signed identity authentication request to the identity authentication module; the identity authentication module returns an identity authentication result to the asset hosting system according to the signature, the associated real-name identity element information and the identity identification information;
the asset hosting system generates identity information of the user according to the identity authentication result, and sends the identity information and the public key to the certificate authentication center;
the certificate authentication center generates an identity certificate of the user according to the identity information and the public key, wherein the identity certificate carries the identity information; returning the identity certificate to the asset hosting system;
the asset hosting system registers the real-name book record of the user and returns the association result of the identity information and the asset book address to the asset application terminal;
the real-name account book record comprises: the identity information, an identity certificate associated with the identity information, an asset ledger address associated with the identity information.
Optionally, the identity authentication request includes real-name identity element information and identity identification information of the user, and the identity authentication result is: description information indicating whether the real-name identity element information of the user is consistent with the identity identification information; or,
the identity authentication request comprises: identification information of the user; the identity authentication result is as follows: real-name identity element information associated with the user identity information, or an identity of the user generated according to the real-name identity element information associated with the user identity information.
Optionally, the asset hosting system generates the identity information of the user according to the identity authentication result, including:
if the identity authentication result is: if the real-name identity element information associated with the identity identification information of the user is used as the identity information of the user, or the asset hosting system generates the identity of the user according to the real-name identity element information of the user and uses the identity as the identity information of the user;
if the identity authentication result is: and generating the identity of the user according to the real-name identity element information associated with the identity identification information of the user, and directly taking the identity of the user as the identity information of the user.
Optionally, the real-name identity element information includes at least one of: name, identification card number, mobile phone number, bank card information, and network electronic identity (eID) signature.
Optionally, each asset hosting system corresponds to one piece of identification information; the identity authentication request further comprises: identification information of the target asset hosting system; when the asset hosting system sends the signed identity authentication request to the identity authentication module, the asset hosting system sends the identification information of the signed identity authentication request to the identity authentication module; the identification information includes: a unique identification of the asset hosting system or a public key of the asset hosting system;
before the identity authentication module returns the identity query result to the asset hosting system, the method further includes: confirming that the unique identification of the target asset hosting system in the identity authentication request is consistent with the unique identification sent by the asset hosting system; or, verifying the signature of the asset hosting system by using the public key of the asset hosting system, and confirming that the verification is passed.
Optionally, the identity authentication request further includes: authority information;
the asset hosting system is further to: marking the authority information in the real-name account book record, and returning an identity query result to a query entity according to the authority information when receiving an identity query request of the query entity for querying the identity information of the user; and the identity query result is the identity certificate or real-name identity element information of the user.
Optionally, the authority information includes: permission to disclose the inquiry authority and non-permission to disclose the inquiry authority;
and returning an identity query result to the query entity according to the authority information, wherein the identity query result comprises the following steps:
if the authority information is permission to disclose the inquiry authority, the asset hosting system directly acquires an identity inquiry result and returns the identity inquiry result to the inquiry entity;
if the authority information is not allowed to disclose the inquiry authority, the asset hosting system acquires an identity inquiry result and returns the identity inquiry result to an inquiry entity after confirming that the identity inquiry request meets the following conditions:
the identity query request carries the private key signature of the user and the unique identification or the public key of the target query entity; the unique identifier of the query entity is consistent with the unique identifier of the target query entity, or the identity query request carries the public key of the target query entity, and the public key of the query entity is the same as the public key of the target query entity.
Optionally, the identity query request includes: an asset ledger address of the user; the identity query result is an identity certificate or an identity of the user;
the asset hosting system obtains identity query results, including: and acquiring an identity certificate associated with the asset ledger address of the user or an identity corresponding to the asset ledger address of the user from the real-name ledger record.
Optionally, the identity query request includes: an asset ledger address of the user; the identity query result is real-name identity element information of the user;
the asset hosting system obtains identity query results, including: acquiring an identity corresponding to the asset account book address of the user, and analyzing an issuer of the identity; and if the issuer is the asset hosting system, directly acquiring the real-name identity element information of the user from the asset hosting system.
Optionally, the identity query request further includes: authorizing the asset hosting system to query information of real-name identity element information; or after the asset hosting system analyzes that the issuer of the identity is the identity authentication module, acquiring information that a user authorizes the asset hosting system to inquire real-name identity element information from the asset application terminal system;
the asset hosting system obtaining identity query results further comprises: if the issuer is the identity authentication module, the asset hosting system sends the identity query request to the identity authentication module to acquire real-name identity element information of the user;
the identity authentication module is further configured to: and responding to the identity inquiry request to return the real-name identity element information of the user to the inquiry entity.
One embodiment of the above invention has the following advantages or benefits: because the technical means of determining the user identity certificate associated with the user identity information according to the identity information of the real name of the user and the public key in the locally generated key pair and generating the asset ledger address of the user by using the public key is adopted, the technical problems that the existing block chain wallets are anonymous and cannot correspond to the real name identity of the user, the existing block chain wallets lack the interaction capacity with an asset registration platform and the existing block chain wallets and asset registration platforms lack unified identity management and application are solved, further the unified management of the block chain ledger address, the user real name identity authentication and the user identity certificate is realized, the defect that a main body controls transactions is avoided, various problems of a traditional third-party system are solved, and the distributed network application ecological environment which is more efficient, safe and credible under digital economy is realized. In addition, the identity authentication module is adopted to uniformly manage the identity information of the user, so that the management and the maintenance are convenient, and the safety is high; the identity information and the asset account book address of the user are associated based on the certificate generated by the certificate authentication center, and the safety is high.
Further effects of the above-mentioned non-conventional alternatives will be described below in connection with the embodiments.
Drawings
FIG. 1 is a schematic diagram of the main registration flow of a certificate association-based digital asset real name registration system according to a first embodiment of the present invention;
FIG. 2 is a schematic diagram of the main registration flow of a certificate association-based digital asset real name registration system according to a second embodiment of the present invention;
fig. 3 is a schematic diagram of the main registration flow of the certificate association-based digital asset real name registration system according to the third embodiment of the present invention.
Detailed Description
Exemplary embodiments of the present invention are described below with reference to the accompanying drawings, in which various details of embodiments of the invention are included to assist understanding, and which are to be considered as merely exemplary. Accordingly, those of ordinary skill in the art will recognize that various changes and modifications of the embodiments described herein can be made without departing from the scope and spirit of the invention. Also, descriptions of well-known functions and constructions are omitted in the following description for clarity and conciseness.
The digital asset real name registration system based on certificate association according to the embodiment of the invention comprises: the system comprises an asset hosting system, an asset application terminal system, an identity authentication module and a certificate authentication center; wherein,
the identity authentication module associates real-name identity element information and identity identification information of the user according to a registration request of the user;
the asset application terminal system generates a public key and a private key of a user; generating an asset ledger address of the user according to the public key, and sending the public key and the asset ledger address to the asset hosting system; generating an identity authentication request, signing the identity authentication request by using the private key, and sending the signed identity authentication request to the asset hosting system;
the asset hosting system sends the signed identity authentication request to the identity authentication module; the identity authentication module returns an identity authentication result to the asset hosting system according to the signature, the associated real-name identity element information and the identity identification information;
the asset hosting system generates identity information of the user according to the identity authentication result, and sends the identity information and the public key to the certificate authentication center;
the certificate authentication center generates an identity certificate of the user according to the identity information and the public key, wherein the identity certificate carries the identity information; returning the identity certificate to the asset hosting system;
the asset hosting system registers the real-name book record of the user and returns the association result of the identity information and the asset book address to the asset application terminal;
the real-name account book record comprises: the identity information, an identity certificate associated with the identity information, an asset ledger address associated with the identity information.
The identity authentication module associates and stores real-name identity element information and identity identification information of each user in advance, so that the identity authentication module can be used as a credible identity management side to manage the identity information of the user. The real-name identity element information refers to real-name identity information of the user. In some embodiments, the real-name identity factor information of the user comprises at least one of: name, identification card number, mobile phone number, bank card information, and network electronic identity (eID) signature. The identification information refers to information that can be used for identifying users, and each identification information uniquely corresponds to one user. The identification information may be an identification card, biometric features (e.g., fingerprint, eye mask, etc.), private key signature, certificate, etc.
The asset hosting system can be a system capable of supporting uplink of the down-link assets in a hosting manner; the uplink of the down-link assets is the process of hosting the down-link assets registered by the user in the asset right registration system by the hosting party and issuing the down-link assets to the chain as digital assets through the hosting asset system. The user may access the asset hosting system via the Web or otherwise.
The asset application terminal system is system software which is installed on the terminal equipment and corresponds to the asset ledger system; a user may download and install an asset application terminal system from an asset hosting system by accessing the asset hosting system.
The key broadly refers to a digital key for various network products. The key pair includes a public key and a private key. The public key, i.e. the public key, is published by the user and can be used for corresponding verification of data information signed by the private key. The private key, i.e. the private key, must be kept secret. The user private key can be used for signing data information such as user identity information, user bank card information, user biological identification code information or user identity certificate and the like, and can also be used for signing digital asset information in subsequent asset transaction or financing processes so as to confirm ownership of transaction.
The identity certificate is a digital certificate, is a string of numbers for marking identity information of each communication party in Internet communication, and provides a mode for verifying the identity of a communication entity on the Internet. The identity certificate is issued by a certificate authority (CA center), and may be an electronic certificate provided for communication security.
In the embodiment of the invention, the step of generating the asset ledger address of the user by the asset application terminal system according to the public key of the user can be executed firstly, then the step of acquiring the identity certificate of the user by the asset hosting system through the identity authentication module and the certificate authentication center is executed, and finally the step of associating the identity certificate with the asset ledger address is executed. Or the step of the asset hosting system acquiring the identity certificate of the user through the identity authentication module and the certificate authentication center may be executed first, the step of the asset application terminal system generating the asset ledger address of the user according to the user public key is executed, and the step of associating the identity certificate with the asset ledger address is executed finally. Of course, the first step and the second step may also be performed simultaneously, and this is not particularly limited in the embodiment of the present invention.
The invention realizes the unified management of the block chain ledger address, the user real-name identity authentication and the user identity certificate, thereby avoiding the defect of transaction control by a main body, solving various problems of the traditional dependence on a third party system, such as main body credit and safety problems, or being difficult to find a third party meeting requirements, and the like. Therefore, a distributed network application ecological environment which is more efficient, safe and credible under digital economy is realized. The system and the method are an innovative operation mode for controlling the transaction based on the blockchain technology, and provide a foundation for realizing various complex transactions by a technical means without depending on a third party in the future. In addition, the identity authentication module is adopted to uniformly manage the identity information of the user, so that the management and the maintenance are convenient, and the safety is high; the identity information of the user and the asset account book address are associated based on the certificate generated by the certificate authentication center, so that the problem that the identity information of the user and the asset account book address are directly associated in the asset hosting system, so that mutual trust among asset hosting systems is avoided, the problems of main body credit, safety and the like are solved, and the safety is high.
In some embodiments, the identity authentication request includes real-name identity element information and identity recognition information of the user, and the identity authentication result is: and the description information indicates whether the real-name identity element information and the identity identification information of the user are consistent. For example, the identity authentication request includes a name a and an identification number ID1 of the user, and the identity authentication result is: yes or no; the 'yes' represents that the name a and the identity card number ID1 of the user contained in the identity authentication request are consistent, namely the identity card number of the user with the name a is ID1; "no" represents that the name a and the identification number ID1 of the user included in the identity authentication request are not consistent, that is, the identification number of the user whose name is a is not ID1. Compared with the method for directly returning the real-name identity element information of the user, the method for returning the description information indicating whether the real-name identity element information of the user is consistent with the identity identification information can protect the privacy and the safety of the user to the maximum extent.
In further embodiments, the identity authentication request comprises: identification information of the user; the identity authentication result is as follows: real-name identification element information associated with the user identification information. For example, the identity authentication request includes a name b of the user, and the identity authentication result is: the identification number ID2, i.e., the identification number of the user whose name is b, is ID2.
Fig. 1 is a schematic diagram of a main registration flow of a certificate association-based digital asset real name registration system according to a first embodiment of the present invention. As shown in fig. 1, the main registration flow of the certificate association-based digital asset real name registration system includes:
s101, sending real-name identity element information and identity identification information through a registration request;
s102, storing real-name identity element information and identity identification information of a user in an associated manner;
s103, logging in an asset application terminal system by a user to apply for real-name authentication;
s104, the asset application terminal system generates a local key pair and generates an asset account book address of the user according to the public key;
s105, the asset application terminal system sends the public key and the asset account book address to the asset hosting system;
s106, the asset application terminal system generates an identity authentication request, signs the identity authentication request by using a private key, and sends the signed identity authentication request to the asset hosting system;
s107, the asset hosting system sends the signed identity authentication request to an identity authentication module;
s108, the identity authentication module returns real-name identity element information of the user to the asset hosting system;
s109, the asset hosting system takes real-name identity element information as identity information;
s110, the asset hosting system sends real-name identity element information and a public key of a user to a certificate authentication center;
s111, a certificate authentication center generates an identity certificate of a user according to real-name identity element information and a public key of the user;
s112, the certificate authentication center returns the identity certificate of the user to the asset hosting system;
s113, the asset hosting system stores the identity certificate and the asset account book address in an associated mode;
and S114, the asset hosting system returns the association result to the asset application terminal system, for example, information of association success or failure is returned to the asset application terminal system.
It should be noted that, step S101 and step S102 in the above steps are executed before applying for real-name authentication, and mainly aim to store real-name identity element information and identity identification information of each user in the identity authentication module after registration, so that the identity authentication module returns an identity authentication result according to a request of the asset hosting system. This step need not be repeated after the application for real-name authentication.
In this embodiment, the asset hosting system directly uses the real-name identity element information of the user as the identity information, so that the certificate authentication center can make the identity certificate according to the real-name identity element information of the user, and the asset application terminal system can directly obtain the real-name identity element information of the user according to the identity certificate.
In still other embodiments, the identity authentication request comprises: identification information of the user; the identity authentication result is as follows: and generating the identity of the user according to the real-name identity element information associated with the identity identification information of the user. The identity is the only identity given to the user by the system, and one identity is only corresponding to one user. The identity may be a real name, for example, an identity card number of the user is used as the identity of the user, and the identity may also be a hidden name, such as a mailbox account of the user.
Fig. 2 is a schematic diagram of the main registration flow of the certificate association-based digital asset real name registration system according to the second embodiment of the present invention. As shown in fig. 2, the main registration flow of the certificate association-based digital asset real name registration system includes:
step S201, sending real-name identity element information and identity identification information through a registration request;
s202, storing real-name identity element information and identity identification information of a user in an associated manner;
s203, a user logs in an asset application terminal system and applies for real-name authentication;
s204, the asset application terminal system generates a local key pair and generates an asset account book address of the user according to the public key;
s205, the asset application terminal system sends a public key and an asset account book address to an asset hosting system;
s206, the asset application terminal system generates an identity authentication request, signs the identity authentication request by using a private key and sends the signed identity authentication request to the asset hosting system;
s207, the asset hosting system sends the signed identity authentication request to an identity authentication module;
s208, the identity authentication module returns real-name identity element information of the user to the asset hosting system;
s209, the asset hosting system generates an identity according to the real-name identity element information;
s210, the asset hosting system sends the identity and the public key of the user to a certificate authentication center;
s211, a certificate authentication center generates an identity certificate of a user according to an identity of the user and a public key;
step S212, the certificate authentication center returns the identity certificate of the user to the asset hosting system;
s213, the asset hosting system stores the identity certificate and the asset account book address in an associated manner;
step s214, the asset hosting system returns the association result to the asset application terminal system, for example, information of success or failure of association is returned to the asset application terminal system.
It should be noted that step S201 and step S202 in the above steps are executed before applying for real-name authentication, and mainly aim to store real-name identity element information and identity identification information of each user in an identity authentication module after registration, so that the identity authentication module returns an identity authentication result according to a request of the asset hosting system. This step need not be repeated after the application for real-name authentication.
In this embodiment, the asset hosting system generates an identity identifier according to the real-name identity element information, and then uses the identity identifier of the user as the identity information, and the certificate authentication center can only make an identity certificate according to the identity identifier of the user, so that the asset application terminal system cannot directly obtain the real-name identity element information of the user according to the identity certificate.
Fig. 3 is a schematic diagram of the main registration flow of the certificate association-based digital asset real name registration system according to the third embodiment of the present invention. As shown in fig. 3, the main registration flow of the certificate association-based digital asset real name registration system includes:
s301, sending real-name identity element information and identity identification information through a registration request;
s302, storing real-name identity element information and identity identification information of a user in an associated manner;
s303, a user logs in an asset application terminal system and applies for real-name authentication;
s304, the asset application terminal system generates a local key pair and generates an asset account book address of the user according to the public key;
s305, the asset application terminal system sends a public key and an asset account book address to an asset hosting system;
s306, the asset application terminal system generates an identity authentication request, signs the identity authentication request by using a private key, and sends the signed identity authentication request to the asset hosting system;
s307, the asset hosting system sends the signed identity authentication request to an identity authentication module;
s308, the identity authentication module generates an identity according to the real-name identity element information;
s309, the identity authentication module returns real-name identity element information of the user to the asset hosting system;
s310, the asset hosting system sends the identity and the public key of the user to a certificate authentication center;
s311, a certificate authentication center generates an identity certificate of a user according to the identity of the user and a public key;
step S312, the certificate authentication center returns the identity certificate of the user to the asset hosting system;
step S313, the asset hosting system stores the identity certificate and the asset account book address in an associated manner;
step s314, the asset hosting system returns the association result to the asset application terminal system, for example, information of success or failure of association is returned to the asset application terminal system.
It should be noted that, in the above steps, step S301 and step S302 are executed before applying for real-name authentication, and mainly aim to store real-name identity element information and identity identification information of each user in the identity authentication module after registration, so that the identity authentication module returns an identity authentication result according to a request of the asset hosting system. This step need not be repeated after the application for real-name authentication.
In this embodiment, the identity authentication module does not directly return the real-name identity element information of the user to the asset hosting system, but generates an identity identifier according to the real-name identity element information of the user and then returns the identity identifier to the asset hosting system, the asset hosting system directly uses the identity identifier of the user as the identity information, and the certificate authentication center can make an identity certificate according to the identity identifier of the user, so that other systems or modules (such as the asset hosting system, the certificate authentication center, and the asset application terminal system) except the identity authentication module cannot directly obtain the real-name identity element information of the user according to the identity certificate.
The identity generated according to the real-name identity element information of the user can be regarded as the anonymous identity of the user. The identity is generated according to the real-name identity element information submitted by the user, and the significance lies in that the identity can be used as a hidden-name identity in the concrete implementation of the subsequent process, can be associated with the real-name identity information of the user, and can also ensure that other systems except a system for processing the identity element information cannot directly acquire the real-name identity information of the user, so that the possibility that the personal privacy of the user is revealed is reduced.
Optionally, the asset hosting system generates the identity information of the user according to the identity authentication result, including:
if the identity authentication result is: if the real-name identity element information associated with the identity identification information of the user is used as the identity information of the user, or the asset hosting system generates the identity of the user according to the real-name identity element information of the user and uses the identity as the identity information of the user;
if the identity authentication result is: and generating the identity of the user according to the real-name identity element information associated with the identity identification information of the user, and directly taking the identity of the user as the identity information of the user.
In the embodiment shown in fig. 1, the asset hosting system directly uses the real-name identity element information of the user as the identity information, and the certificate authentication center can make an identity certificate according to the real-name identity element information of the user, so that the asset application terminal system can directly obtain the real-name identity element information of the user according to the identity certificate.
In the embodiment shown in fig. 2, the identity authentication module directly returns the real-name identity element information of the user to the asset hosting system, and the asset hosting system does not directly associate the real-name identity element information of the user with the asset book address, but generates an identity according to the real-name identity element information of the user and then associates the generated identity with the asset book address. Therefore, only the identity authentication module and the asset hosting system can directly acquire the real-name identity information of the user, and other systems cannot directly acquire the real-name identity information of the user, so that the privacy safety of the user is improved.
In the embodiment illustrated in FIG. 3, the identity authentication module does not directly return the user's real-name identity element information to the asset hosting system, but instead returns an identity generated from the user's real-name identity element information. Therefore, the real-name identity element information of the user is only stored in the identity authentication module, only the identity authentication module can directly acquire the real-name identity information of the user, other systems cannot directly acquire the real-name identity information of the user, and the privacy safety of the user can be further improved.
Optionally, each asset hosting system corresponds to one piece of identification information; the identity authentication request further comprises: identification information of the target asset hosting system; when the asset hosting system sends the signed identity authentication request to the identity authentication module, the asset hosting system sends the identification information of the signed identity authentication request to the identity authentication module; the identification information includes: a unique identifier of the asset hosting system (i.e. an identifier capable of uniquely identifying one asset hosting system, and a generation method thereof may be selectively determined according to actual conditions) or a public key of the asset hosting system;
before the identity authentication module returns the identity query result to the asset hosting system, the method further includes: confirming that the unique identification of the target asset hosting system in the identity authentication request is consistent with the unique identification sent by the asset hosting system; or, verifying the signature of the asset hosting system by using the public key of the asset hosting system, and confirming that the verification is passed.
Assume that the target asset hosting system is asset hosting system z1, whose unique identification is idz1. And the asset application terminal system sends the signed identity authentication request to the asset hosting system z1. And when the asset hosting system z1 sends the signed identity authentication request to the identity authentication module, the unique identifier idz1 of the identity authentication request is sent to the identity authentication module. Since the unique identifier of the asset hosting system that sends the identity authentication request to the identity authentication module is the same as the unique identifier of the target asset hosting system, it can be assumed that the two are the same asset hosting system, and at this time, the identity authentication module can return the identity query result to the asset hosting system z1.
If the asset application terminal system is intercepted by the asset hosting system z2 in the process of sending the signed identity authentication request to the asset hosting system z1, the asset hosting system z2 sends the signed identity authentication request to the identity authentication module, and then sends the unique identification idz2 to the identity authentication module. Since the unique identifier of the asset hosting system z2 that sends the identity authentication request to the identity authentication module is different from the unique identifier of the target asset hosting system z1, it can be determined that the two are not the same asset hosting system, and at this time, the identity authentication module does not return the identity query result to the asset hosting system z1.
Assume that the target asset hosting system is asset hosting system z3, whose public key is gongyao3. The asset application terminal system sends the signed identity authentication request to the asset hosting system z3. When the asset hosting system z3 sends the signed identity authentication request to the identity authentication module, the public key gongyao3 thereof is sent to the identity authentication module. If the signature of the asset hosting system z3 on the identity authentication request can be verified by using the public key gongyao3, the signature passes the verification and the two can be determined to be the same asset hosting system, and at this time, the identity authentication module can return an identity query result to the asset hosting system z 3; otherwise, the verification fails, and the two are determined not to be the same asset hosting system, and at this time, the identity authentication module does not return the identity query result to the asset hosting system z1.
Before the identity authentication module returns the identity query result to the asset hosting system, the identity authentication module verifies the identification information of the target asset hosting system and the identification information sent by the asset hosting system in the identity authentication request, so that the privacy safety of a user can be further ensured, and the system safety is improved.
Optionally, the identity authentication request further includes: authority information; the asset hosting system is further to: marking the authority information in the real-name account book record, and returning an identity query result to a query entity according to the authority information when receiving an identity query request of the query entity for querying the identity information of the user; and the identity query result is the identity certificate or real-name identity element information of the user. And the set authority information is convenient for flexibly managing the assets in each asset account book address of the user according to the actual condition and the user requirement.
The rights information may include: permission to disclose the query right and no permission to disclose the query right. When the authority information in the user real-name account book record is permission to open the inquiry authority, the user is indicated that anyone or an inquiring party authorized by the user can inquire the real-name element information of the user real-name account book record. Returning an identity query result to the querying entity according to the permission information may include:
if the authority information is the permission of public inquiry, the asset hosting system directly acquires an identity inquiry result and returns the identity inquiry result to an inquiry entity;
if the authority information is not allowed to disclose the inquiry authority, the asset hosting system acquires an identity inquiry result and returns the identity inquiry result to an inquiry entity after confirming that the identity inquiry request meets the following conditions:
the identity query request carries the private key signature of the user and the unique identifier of the target query entity (namely, the identifier capable of uniquely identifying one query entity, and the generation method can be selectively determined according to the actual situation) or a public key; the unique identifier of the query entity is consistent with the unique identifier of the target query entity, or the identity query request carries the public key of the target query entity, and the public key of the query entity is the same as the public key of the target query entity. Wherein, the identity inquiry request carries the private key signature of the user to indicate that the request is authorized by the user.
For example, the asset account book address of the user contains a proprietary asset, so that the authority information of the asset account book address can be marked as permission to be publicly inquired in order to facilitate the inquiry and the acquisition of the proprietary asset by the public, and thus, anyone can inquire and acquire the real identity of the user. When the authority information in the user real-name account book record does not allow the public inquiry authority, the user is indicated that the user does not authorize anyone or an inquiring party to inquire the real-name element information, and the user authorization is required to be obtained when the user wants to inquire the real-name element information of the user.
For another example, the user's asset account address may contain a piece of house asset, and in order to maintain personal privacy, the user may mark the authority information of the asset account address as not allowing public inquiry authority, so that no one can inquire and know the real identity of the user unless the user authorizes the authority information.
In some embodiments, the identity query request comprises: an asset ledger address of the user; the identity query result is an identity certificate or an identity label of the user;
the asset hosting system obtains identity query results, including: and acquiring an identity certificate associated with the asset account book address of the user or an identity corresponding to the asset account book address of the user from the real-name account book record. The embodiment is suitable for the situation of only inquiring the identity certificate or the anonymous identity corresponding to the asset account book address of the user.
In other embodiments, the identity query request comprises: an asset ledger address of the user; the identity query result is real-name identity element information of the user;
the asset hosting system obtains identity query results, including: acquiring an identity corresponding to the asset account book address of the user, and analyzing an issuer of the identity; and if the issuer is the asset hosting system, directly acquiring the real-name identity element information of the user from the asset hosting system.
The issuer of the identity refers to the principal that generated the identity. If the identity is generated by the identity authentication module and sent to the asset hosting system, the issuer of the identity is the identity authentication module; if the identity is generated by the asset hosting system according to the real-name identity element information of the user, the issuer of the identity is the asset hosting system. The embodiment is suitable for the situation of inquiring the real-name identity corresponding to the asset account book address of the user.
The query entity refers to a system or a module which needs to query the identity information of the user. For a specific user, the querying entity may be an asset hosting system other than the asset hosting system that associates the identity information of the specific user with the asset book address, for example, if the association operation between the identity information of the user C and the asset book address is completed in the asset hosting system z3, the asset hosting system z4 may be regarded as the querying entity in this embodiment when it needs to query the identity information of the user C. It should be noted that the query entity in the embodiment of the present invention may also be other systems or modules.
Optionally, the identity query request further includes: authorizing the asset hosting system to query information of real-name identity element information; or after the asset hosting system analyzes that the issuer of the identity is the identity authentication module, acquiring information that a user authorizes the asset hosting system to inquire real-name identity element information from the asset application terminal system;
the asset hosting system obtains the identity query result, and further comprises: if the issuer is the identity authentication module, the asset hosting system sends the identity query request to the identity authentication module to acquire real-name identity element information of the user;
the identity authentication module is further configured to: and responding to the identity inquiry request to return the real-name identity element information of the user to the inquiry entity.
In this embodiment, when the asset hosting system stores the real-name identity element information of the user, the real-name identity element information is directly returned to the querying entity, and if the asset hosting system does not store the real-name identity element information, the identity authentication module needs to be queried. At this time, if the identity query request carries a request authorizing the querying entity to query the real-name identity element information, it indicates that the querying entity obtains the authorization permission of the user and can query the real-name identity element information of the user to the identity authentication module. If the identity query request does not carry a request for authorizing the query entity to query the real-name identity element information, which indicates that the query entity does not obtain the authorization permission of the user, at this moment, the asset hosting system does not directly query the real-name identity element information of the user to the identity authentication module, but first obtains the information that the user authorizes the user to query the real-name identity element information through the asset application terminal system, and then queries the real-name identity element information of the user to the identity authentication module. Therefore, the privacy of the real-name identity of the user can be greatly improved, and the system safety is ensured.
According to the technical scheme of the embodiment of the invention, because the technical means that the user identity certificate associated with the user identity information is determined according to the identity information of the real name of the user and the public key in the locally generated key pair and the asset account book address of the user is generated by using the public key is adopted, the technical problems that the existing block chain wallets are anonymous and cannot correspond to the real name identity of the user, the existing block chain wallets lack the interaction capacity with an asset registration platform and the existing block chain wallets and asset registration platforms lack unified identity management and application are solved, further the block chain account book address, the real name identity authentication of the user and the unified management of the user identity certificate are realized, the defect that the transaction is controlled by a main body is avoided, various problems depending on a third-party system in the prior art are solved, and the distributed network application ecological environment which is more efficient, safe and credible under the digital economy is realized. In addition, the identity authentication module is adopted to uniformly manage the identity information of the user, so that the management and the maintenance are convenient, and the safety is high; the identity information of the user and the asset account book address are associated based on the certificate generated by the certificate authentication center, and the safety is high.
The above-described embodiments should not be construed as limiting the scope of the invention. Those skilled in the art will appreciate that various modifications, combinations, sub-combinations, and substitutions can occur, depending on design requirements and other factors. Any modification, equivalent replacement, and improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.

Claims (10)

1. A digital asset real name registration system based on certificate association, comprising: the system comprises an asset hosting system, an asset application terminal system, an identity authentication module and a certificate authentication center; wherein,
the identity authentication module associates real-name identity element information and identity identification information of the user according to a registration request of the user;
the asset application terminal system generates a public key and a private key of a user; generating an asset ledger address of the user according to the public key, and sending the public key and the asset ledger address to the asset hosting system; generating an identity authentication request, signing the identity authentication request by using the private key, and sending the signed identity authentication request to the asset hosting system;
the asset hosting system sends the signed identity authentication request to the identity authentication module; the identity authentication module returns an identity authentication result to the asset hosting system according to the signature, the associated real-name identity element information and the identity identification information;
the asset hosting system generates identity information of the user according to the identity authentication result, and sends the identity information and the public key to the certificate authentication center;
the certificate authentication center generates an identity certificate of the user according to the identity information and the public key, wherein the identity certificate carries the identity information; returning the identity certificate to the asset hosting system;
the asset hosting system registers a real-name ledger record of the user and returns a correlation result of the identity information and the asset ledger address to the asset application terminal system;
the real-name account book record comprises: the identity information, an identity certificate associated with the identity information, an asset ledger address associated with the identity information.
2. The system of claim 1, wherein the identity authentication request includes real-name identity element information and identity recognition information of the user, and the identity authentication result is: description information indicating whether the real-name identity element information of the user is consistent with the identity identification information; or,
the identity authentication request comprises: identification information of the user; the identity authentication result is as follows: real-name identity element information associated with the user identity information, or an identity of the user generated according to the real-name identity element information associated with the user identity information.
3. The system of claim 2, wherein the asset hosting system generating the identity information of the user from the identity authentication result comprises:
if the identity authentication result is: if the real-name identity element information associated with the identity identification information of the user is used as the identity information of the user, or the identity of the user is generated according to the real-name identity element information of the user and is used as the identity information of the user;
if the identity authentication result is: and generating the identity of the user according to the real-name identity element information associated with the identity identification information of the user, and directly taking the identity of the user as the identity information of the user.
4. The system of claim 2, wherein the real-name identity element information comprises at least one of: name, identification card number, mobile phone number, bank card information, and network electronic identity (eID) signature.
5. The system of claim 2, wherein each asset hosting system corresponds to an identification information; the identity authentication request further comprises: identification information of the target asset hosting system; when the asset hosting system sends the signed identity authentication request to the identity authentication module, the asset hosting system sends the identification information of the signed identity authentication request to the identity authentication module; the identification information includes: a unique identification of the asset hosting system or a public key of the asset hosting system;
before the identity authentication module returns the identity query result to the asset hosting system, the method further comprises: confirming that the unique identification of the target asset hosting system in the identity authentication request is consistent with the unique identification sent by the asset hosting system; or, verifying the signature of the asset hosting system by using the public key of the asset hosting system, and confirming that the verification is passed.
6. The system of any of claims 3-5, wherein the identity authentication request further comprises: authority information;
the asset hosting system is further to: marking the authority information in the real-name account book record, and returning an identity query result to a query entity according to the authority information when receiving an identity query request of the query entity for querying the identity information of the user; and the identity query result is the identity certificate or real-name identity element information of the user.
7. The system of claim 6, wherein the rights information comprises: permission to disclose the inquiry authority and non-permission to disclose the inquiry authority;
and returning an identity query result to a query entity according to the authority information, wherein the identity query result comprises the following steps:
if the authority information is the permission of public inquiry, the asset hosting system directly acquires an identity inquiry result and returns the identity inquiry result to an inquiry entity;
if the authority information is not allowed to disclose the inquiry authority, the asset hosting system acquires an identity inquiry result and returns the identity inquiry result to an inquiry entity after confirming that the identity inquiry request meets the following conditions:
the identity query request carries the private key signature of the user and the unique identification or the public key of the target query entity; the unique identifier of the query entity is consistent with the unique identifier of the target query entity, or the identity query request carries the public key of the target query entity, and the public key of the query entity is the same as the public key of the target query entity.
8. The system of claim 7, wherein the identity lookup request comprises: an asset ledger address of the user; the identity query result is an identity certificate or an identity of the user;
the asset hosting system obtains identity query results, including: and acquiring an identity certificate associated with the asset ledger address of the user or an identity corresponding to the asset ledger address of the user from the real-name ledger record.
9. The system of claim 7, wherein the identity lookup request comprises: an asset ledger address of the user; the identity query result is real-name identity element information of the user;
the asset hosting system obtains identity query results, including: acquiring an identity corresponding to the asset account book address of the user, and analyzing an issuer of the identity; and if the issuer is the asset hosting system, directly acquiring the real-name identity element information of the user from the asset hosting system.
10. The system of claim 9, wherein the identity lookup request further comprises: authorizing the asset hosting system to query for information of real-name identity element information; or after the asset hosting system analyzes that the issuer of the identity is the identity authentication module, acquiring information that a user authorizes the asset hosting system to inquire real-name identity element information from the asset application terminal system;
the asset hosting system obtaining identity query results further comprises: if the issuer is the identity authentication module, the asset hosting system sends the identity query request to the identity authentication module to acquire real-name identity element information of the user;
the identity authentication module is further configured to: and responding to the identity inquiry request to return the real-name identity element information of the user to the inquiry entity.
CN201811563235.6A 2018-12-20 2018-12-20 Digital asset real name registration system based on certificate association Active CN109670825B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811563235.6A CN109670825B (en) 2018-12-20 2018-12-20 Digital asset real name registration system based on certificate association

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811563235.6A CN109670825B (en) 2018-12-20 2018-12-20 Digital asset real name registration system based on certificate association

Publications (2)

Publication Number Publication Date
CN109670825A CN109670825A (en) 2019-04-23
CN109670825B true CN109670825B (en) 2022-12-23

Family

ID=66144535

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811563235.6A Active CN109670825B (en) 2018-12-20 2018-12-20 Digital asset real name registration system based on certificate association

Country Status (1)

Country Link
CN (1) CN109670825B (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110851857B (en) * 2019-10-14 2022-07-01 上海唯链信息科技有限公司 Method and device for realizing identity endorsement on block chain
CN110827150B (en) * 2019-11-11 2023-06-27 成都三泰智能设备有限公司 Digital asset storage management system
CN111064734B (en) * 2019-12-25 2020-11-03 中国科学院信息工程研究所 Block chain system user identity anonymity and traceable method, corresponding storage medium and electronic device
CN111859348B (en) * 2020-07-31 2022-07-19 上海微位网络科技有限公司 Identity authentication method and device based on user identification module and block chain technology

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102201919A (en) * 2011-06-17 2011-09-28 刘明晶 System and method for realizing real-name information transmission of mobile terminal based on digital certificate
CN106529946A (en) * 2016-11-01 2017-03-22 北京金股链科技有限公司 Method for realizing user identity digitalization based on block chain
CN107682378A (en) * 2017-11-22 2018-02-09 国民认证科技(北京)有限公司 A kind of real name identification method and system based on block chain
WO2018050081A1 (en) * 2016-09-13 2018-03-22 ***通信有限公司研究院 Device identity authentication method and apparatus, electric device, and storage medium
CN109039655A (en) * 2018-09-13 2018-12-18 全链通有限公司 Real name identity identifying method and device, identity block chain based on block chain

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102201919A (en) * 2011-06-17 2011-09-28 刘明晶 System and method for realizing real-name information transmission of mobile terminal based on digital certificate
WO2018050081A1 (en) * 2016-09-13 2018-03-22 ***通信有限公司研究院 Device identity authentication method and apparatus, electric device, and storage medium
CN106529946A (en) * 2016-11-01 2017-03-22 北京金股链科技有限公司 Method for realizing user identity digitalization based on block chain
CN107682378A (en) * 2017-11-22 2018-02-09 国民认证科技(北京)有限公司 A kind of real name identification method and system based on block chain
CN109039655A (en) * 2018-09-13 2018-12-18 全链通有限公司 Real name identity identifying method and device, identity block chain based on block chain

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
基于区块链技术的跨域身份认证机制研究;张昊迪等;《广东通信技术》;20180715(第07期);全文 *

Also Published As

Publication number Publication date
CN109670825A (en) 2019-04-23

Similar Documents

Publication Publication Date Title
US11055802B2 (en) Methods and apparatus for implementing identity and asset sharing management
US20230245019A1 (en) Use of identity and access management for service provisioning
US10708070B2 (en) System and method for utilizing connected devices to enable secure and anonymous electronic interaction in a decentralized manner
US20220092586A1 (en) Off network identity tracking in anonymous cryptocurrency exchange networks
US10829088B2 (en) Identity management for implementing vehicle access and operation management
US10896586B2 (en) Methods and apparatus for management of intrusion detection systems using verified identity
US11151260B2 (en) Providing and checking the validity of a virtual document
CN110383757B (en) System and method for secure processing of electronic identities
US11838425B2 (en) Systems and methods for maintaining decentralized digital identities
CN109670825B (en) Digital asset real name registration system based on certificate association
CN109685664B (en) Digital asset real-name registration system based on asset hosting system association
CN109361688B (en) Evidence storing method and system based on 5G architecture and block chain
CN110874464A (en) Method and equipment for managing user identity authentication data
CN108122109B (en) Electronic credential identity management method and device
CN109150547B (en) System and method for real-name registration of digital assets based on block chain
US20190141048A1 (en) Blockchain identification system
CN110535807B (en) Service authentication method, device and medium
KR20220028870A (en) Method for mobile identification card authentication service using decentralized identifier based on blockchain networks and user device executing mobile identification card authentication service
CN109669955A (en) A kind of digital asset inquiry system and method based on block chain
KR102396824B1 (en) Blockchain-based identity system
KR101603058B1 (en) System and method for identification with I-PIN and electric wallet
Rahat et al. Blockchain based secured multipurpose identity (smid) management system for smart cities
KR101831497B1 (en) Method for Providing Identification Service
CN109658104A (en) The system and method for assets consistency confirmation on a kind of chain
KR101330245B1 (en) Anonymous certificate processing system by distributed autority

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant