CN111027099B - Identity verification method, device, system and computer readable storage medium - Google Patents

Identity verification method, device, system and computer readable storage medium Download PDF

Info

Publication number
CN111027099B
CN111027099B CN201911255058.XA CN201911255058A CN111027099B CN 111027099 B CN111027099 B CN 111027099B CN 201911255058 A CN201911255058 A CN 201911255058A CN 111027099 B CN111027099 B CN 111027099B
Authority
CN
China
Prior art keywords
request
identity
node
digital certificate
user
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201911255058.XA
Other languages
Chinese (zh)
Other versions
CN111027099A (en
Inventor
马超
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Jingdong Technology Holding Co Ltd
Jingdong Technology Information Technology Co Ltd
Original Assignee
Jingdong Technology Holding Co Ltd
Jingdong Technology Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Jingdong Technology Holding Co Ltd, Jingdong Technology Information Technology Co Ltd filed Critical Jingdong Technology Holding Co Ltd
Priority to CN201911255058.XA priority Critical patent/CN111027099B/en
Publication of CN111027099A publication Critical patent/CN111027099A/en
Application granted granted Critical
Publication of CN111027099B publication Critical patent/CN111027099B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

The present disclosure provides an identity authentication method, comprising: receiving an identity endorsement request from a client, wherein the identity endorsement request comprises a digital certificate requesting endorsement and signature information of a user on the digital certificate, and the digital certificate can represent the identity of the user; responding to the identity endorsement request, and verifying the signature information; and sending a registration request to a node in the blockchain network under the condition that the signature verification is successful, so that the node in the blockchain network responds to the registration request, and enabling the node in the blockchain network to authenticate the identity of the user initiating the transaction request on the basis of the content of the registration request under the condition that the registration is successful, wherein the user initiating the transaction request is the user represented by the digital certificate. The present disclosure also provides an authentication apparatus, an authentication system, and a computer-readable storage medium.

Description

Identity verification method, device, system and computer readable storage medium
Technical Field
The present disclosure relates to the field of block chain technologies, and in particular, to an authentication method, an authentication device, an authentication system, and a computer-readable storage medium.
Background
The block chain technology is realized by a cryptography technology, a point-to-point network, a consensus mechanism and a block data structure organized according to time sequence, and has a distributed accounting mechanism with characteristics of decentralization, non-tamper property, traceability and the like. With the development and improvement of the blockchain technology, more and more application fields adopt the blockchain technology in the collaboration business, such as finance, medical treatment, supply chain, energy, judicial law and the like.
Anonymity is one of the characteristics when the blockchain is proposed, but with the popularization of blockchain application, the blockchain is more and more used for bearing real-world value assets and sensitive information, and the anonymity brings more fraud, is difficult to monitor and is not allowed by law.
Real-name authentication is a trend in the development of current blockchain technology due to the above-mentioned problems with anonymity. A CA (Certificate Authority, CA for short) digital Certificate is legally recognized, and has a digital identity authentication Certificate with legal effectiveness equal to that of a handwritten signature or stamp, and a part of block chain systems, such as superhedger Fabric, have begun to use an identity management method based on the CA digital Certificate.
In the course of implementing the present disclosure, the inventor finds that in the existing block chain real-name authentication method based on the CA digital certificate, the CA digital certificate generally needs to be embedded into the transaction data as the identity of the transaction-related party. Therefore, although the authenticity and verifiability of the identity of the transaction related party in each transaction can be ensured, on one hand, the CA digital certificate is directly embedded into the transaction, so that the access party of the block chain network can see the identity information of the transaction related party, and the identity information of the transaction related party is easily leaked; on the other hand, the digital certificate itself contains more data, so that the size of transaction data is increased due to the fact that the digital certificate is embedded in the transaction data, and the size of blockchain data is increased due to the fact that the digital certificate is contained in the transaction data.
Disclosure of Invention
In view of the above, the present disclosure provides an authentication method, an authentication device, an authentication system, and a computer-readable storage medium.
One aspect of the present disclosure provides an identity verification method, including: receiving an identity endorsement request from a client, wherein the identity endorsement request comprises a digital certificate requesting endorsement and signature information of a user on the digital certificate, and the digital certificate can represent the identity of the user; responding to the identity endorsement request, and checking the signature information; and sending a registration request to a node in the blockchain network under the condition of successful signature verification so that the node in the blockchain network responds to the registration request, and carrying out identity verification on a user initiating a transaction request based on the content of the registration request under the condition of successful registration, wherein the user initiating the transaction request is the user characterized by the digital certificate.
According to an embodiment of the present disclosure, responding to the registration request by a node in the blockchain network includes: calling a digital identity management system contract of the block chain network; verifying the registration request based on the digital identity management system contract; and if the registration request meets the registration condition specified by the digital identity management system contract, the node in the blockchain network registers the content of the registration request.
According to an embodiment of the present disclosure, the sending a registration request to a node in the blockchain network in the case that the signature verification is successful includes: and if the signature verification is successful, sending the content of the registration request to the client so that the client sends the registration request to a node in the block chain network.
According to an embodiment of the present disclosure, the content of requesting registration includes a hash value of the digital certificate and a public key in the signature information, wherein the verifying the identity of the user initiating the transaction request by the node in the blockchain network based on the content of requesting registration includes: and the node carries out identity verification on the user initiating the transaction request based on the public key in the signature information.
According to the embodiment of the present disclosure, the identity endorsement request further includes an authority requested to be allocated by the user; and the content requested to be registered also comprises a permission list, wherein the permission list comprises the permission requested to be distributed by the user.
According to an embodiment of the present disclosure, the method further includes: receiving an identity viewing request from a transaction related party, wherein the identity viewing request is used for requesting to view digital certificate information of a user initiating a transaction request; responding to the identity checking request, and determining whether the transaction related party has the checking authority; and under the condition that the transaction-related party has the viewing right, sending the digital certificate information of the user initiating the transaction request to the transaction-related party.
Another aspect of the present disclosure provides an authentication apparatus, including: the system comprises a first receiving module, a second receiving module and a third receiving module, wherein the first receiving module is used for receiving an identity endorsement request from a client, the identity endorsement request comprises a digital certificate requesting endorsement and signature information of a user on the digital certificate, and the digital certificate can represent the identity of the user; the signature verification module is used for responding to the identity endorsement request and verifying the signature of the signature information; and a first sending module, configured to send a registration request to a node in a blockchain network in a case that the signature verification is successful, so that the node in the blockchain network responds to the registration request, and so that, in a case that the registration is successful, the node in the blockchain network performs identity verification on a user initiating a transaction request based on content of the registration request, where the user initiating the transaction request is a user characterized by the digital certificate.
According to an embodiment of the present disclosure, the apparatus further includes: the second receiving module is used for receiving an identity viewing request from a transaction related party, wherein the identity viewing request is used for requesting to view digital certificate information of a user initiating a transaction request; the determining module is used for responding to the identity checking request and determining whether the transaction related party has checking authority or not; and the second sending module is used for sending the digital certificate information of the user initiating the transaction request to the transaction related party under the condition that the transaction related party has the viewing right.
Another aspect of the present disclosure provides an authentication system, including: a supervisory node for performing: receiving an identity endorsement request from a client, wherein the identity endorsement request comprises a digital certificate requesting endorsement and signature information of a user on the digital certificate, and the digital certificate can represent the identity of the user; responding to the identity endorsement request, and checking the signature information; and sending a registration request to a node in the blockchain network under the condition that the signature verification is successful; a blockchain network comprising a plurality of blockchain nodes, each blockchain node for performing: and responding to the registration request, and authenticating the user initiating the transaction request based on the content of the registration request when the registration is successful, wherein the user initiating the transaction request is the user characterized by the digital certificate.
According to an embodiment of the present disclosure, each of the above block chain nodes is further configured to: calling a digital identity management system contract of the block chain network; verifying the registration request based on the digital identity management system contract; and if the registration request meets the registration condition specified by the digital identity management system contract, transmitting the content of the registration request to each node in the block chain network.
According to the embodiment of the present disclosure, the supervision node is further configured to send the content of the request registration to the client when the signature verification is successful;
the system further includes the client, configured to send the registration request to a node in the blockchain network after receiving the content of the registration request sent by the supervisory node.
Another aspect of the present disclosure provides a computer-readable storage medium storing computer-executable instructions for implementing the method as described above when executed.
Another aspect of the disclosure provides a computer program comprising computer executable instructions for implementing the method as described above when executed.
According to the embodiment of the disclosure, by endorsing the digital certificate outside the blockchain network, for example, endorsing the digital certificate in a signature verification manner through a supervision node outside the blockchain network, and registering the digital certificate through the blockchain network in the case of successful signature verification, the nodes in the blockchain network can authenticate the user characterized by the digital certificate based on the registered content without authenticating the transaction request by using the digital certificate itself. The effect that the digital certificate is not required to be used as the identity of the transaction related party to be embedded into the transaction data is achieved.
Through the embodiment of the disclosure, the authenticity and verifiability of the identity of the transaction related party in each transaction can be ensured, and moreover, the digital certificate is not required to be embedded in the transaction, so that the possibility that the access party of the block chain network sees the identity information of the transaction related party is reduced, and the privacy of the identity information of the transaction related party is ensured. In addition, because the digital certificate contains more data, the digital certificate does not need to be embedded in the transaction data, so that the data volume of the transaction data is reduced, and the technical problem that the block chain data scale is increased due to the fact that the transaction data contains the digital certificate is solved.
Drawings
The above and other objects, features and advantages of the present disclosure will become more apparent from the following description of embodiments of the present disclosure with reference to the accompanying drawings, in which:
fig. 1 schematically illustrates an exemplary system architecture to which the authentication method, apparatus and system may be applied, according to an embodiment of the present disclosure;
fig. 2 schematically shows a flow chart of an authentication method according to an embodiment of the present disclosure;
FIG. 3 schematically illustrates a schematic diagram of interactions between a client, a policing node, and a blockchain network, according to an embodiment of the present disclosure;
fig. 4 schematically shows a flow diagram of a node in a blockchain network responding to a registration request according to an embodiment of the present disclosure;
FIG. 5 schematically illustrates a flow diagram for viewing digital certificate information, in accordance with an embodiment of the present disclosure;
fig. 6 schematically shows a block diagram of an authentication device according to an embodiment of the present disclosure; and
FIG. 7 schematically illustrates a block diagram of a computer system suitable for implementing the above-described method, according to an embodiment of the present disclosure.
Detailed Description
Hereinafter, embodiments of the present disclosure will be described with reference to the accompanying drawings. It should be understood that the description is illustrative only and is not intended to limit the scope of the present disclosure. In the following detailed description, for purposes of explanation, numerous specific details are set forth in order to provide a thorough understanding of the embodiments of the disclosure. It may be evident, however, that one or more embodiments may be practiced without these specific details. Moreover, in the following description, descriptions of well-known structures and techniques are omitted so as to not unnecessarily obscure the concepts of the present disclosure.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the disclosure. The terms "comprises," "comprising," and the like, as used herein, specify the presence of stated features, steps, operations, and/or components, but do not preclude the presence or addition of one or more other features, steps, operations, or components.
All terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art unless otherwise defined. It is noted that the terms used herein should be interpreted as having a meaning that is consistent with the context of this specification and should not be interpreted in an idealized or overly formal sense.
Where a convention analogous to "at least one of A, B and C, etc." is used, in general such a construction is intended in the sense one having skill in the art would understand the convention (e.g., "a system having at least one of A, B and C" would include but not be limited to systems that have a alone, B alone, C alone, a and B together, a and C together, B and C together, and/or A, B, C together, etc.). Where a convention analogous to "A, B or at least one of C, etc." is used, in general such a construction is intended in the sense one having skill in the art would understand the convention (e.g., "a system having at least one of A, B or C" would include but not be limited to systems that have a alone, B alone, C alone, a and B together, a and C together, B and C together, and/or A, B, C together, etc.).
An embodiment of the present disclosure provides an identity authentication method, including: receiving an identity endorsement request from a client, wherein the identity endorsement request comprises a digital certificate requesting endorsement and signature information of a user on the digital certificate, and the digital certificate can represent the identity of the user; responding to the identity endorsement request, and verifying the signature information; and sending a registration request to a node in the blockchain network under the condition that the signature verification is successful, so that the node in the blockchain network responds to the registration request, and enabling the node in the blockchain network to authenticate the identity of the user initiating the transaction request on the basis of the content of the registration request under the condition that the registration is successful, wherein the user initiating the transaction request is the user represented by the digital certificate.
Fig. 1 schematically illustrates an exemplary system architecture to which the authentication method, apparatus and system may be applied, according to an embodiment of the present disclosure. It should be noted that fig. 1 is only an example of a system architecture to which the embodiments of the present disclosure may be applied to help those skilled in the art understand the technical content of the present disclosure, and does not mean that the embodiments of the present disclosure may not be applied to other devices, systems, environments or scenarios.
As shown in fig. 1, the application scenario illustrates a system architecture 100, which may include a client node 110, a policing node 120, and a blockchain network 130 in the system architecture 100. Among them, the supervisory node 120 may include one or more supervisors, for example, the supervisory node 120 may include a first supervisor 121 and a second supervisor 122. The blockchain network 130 may include a plurality of blockchain nodes, for example, may include a plurality of blockchain nodes 131-136, the blockchain nodes 131-136 commonly maintain a blockchain, and blocks on the blockchain may be added in a time sequence.
According to an embodiment of the present disclosure, the type of the client node 110 is not limited, and may be, for example, a personal computer, a mobile phone, a tablet computer, or the like. Client node 110 may issue a request to blockchain network 130 as a requestor.
According to the embodiment of the present disclosure, the type of the supervisory node 120 is not limited, and may be, for example, a personal computer, a mobile phone, a tablet computer, a server, or the like. Supervisory node 120 may issue a request to blockchain network 130 as a requester.
According to embodiments of the present disclosure, in some application scenarios, the client node 110 may also act as a node in the blockchain network 130, i.e., the client node 110 may communicate point-to-point with any node in the blockchain network 130, and may also create a tile and add the tile to the blockchain.
According to the embodiments of the present disclosure, the blockchain nodes 131 to 136 may be various computing nodes with the same or different computing capabilities, such as a personal computer, a network server, a database server, and the like, which are not limited herein. Any two of the blockchain nodes 131-136 may communicate point-to-point.
According to an embodiment of the present disclosure, each block link point in the block chain network 130 allows the current block link point to create a block and add the block to the block chain, the added block being the current newest block on the block chain.
The system architecture 100 may be an example of an authentication system in accordance with embodiments of the present disclosure.
The supervisory node 120 may receive an identity endorsement request from the client node 110 that includes a digital certificate requesting endorsement and user signature information for the digital certificate, and then verify the signature information in response to the identity endorsement request. And in the event that the signature verification is successful, sending a registration request to a node in the blockchain network 130.
Blockchain nodes 131-136 may respond to the registration request and, if the registration is successful, authenticate the user initiating the transaction request, which may be a user who has registered a digital certificate in the blockchain network, based on the content of the registration request.
According to an embodiment of the present disclosure, each blockchain node may invoke a digital identity management system contract of blockchain network 120, verify the registration request based on the digital identity management system contract, and send the content of the registration request to each node in blockchain network 120 if the registration request satisfies the registration condition specified by the digital identity management system contract.
In accordance with embodiments of the present disclosure, in case the supervising node 120 succeeds in signing, the content of the request for registration may also be sent to the client node 110. The client node 110, upon receiving the content from the supervising node 120 requesting registration, may send a registration request to a blockchain node in the blockchain network 120.
It should be understood that the construction of the blockchain network, the number of client nodes, the number of policing nodes, the number of blockchain nodes in the blockchain network, etc. in fig. 1 are merely illustrative. In a practical application scenario, the system can have any configuration of the blockchain network, any number of client nodes, any number of supervisory nodes, any number of blockchain nodes, and the like according to actual needs.
According to the method for managing the identity of the blockchain based on the digital certificate, the digital certificate is introduced to increase real-name identity management with legal effectiveness for the blockchain, the increase of the data scale of the blockchain caused by the introduction of the digital certificate is avoided, the exposure of user information to non-relevant aspects caused by the introduction of the digital certificate is avoided, and the privacy of a user is protected.
Fig. 2 schematically shows a flow chart of an authentication method according to an embodiment of the present disclosure.
In this embodiment, the authentication method may be performed by the supervising node. As shown in fig. 2, the method includes operations S201 to S203.
In operation S201, an identity endorsement request is received from a client, where the identity endorsement request includes a digital certificate requesting endorsement and signature information of a user on the digital certificate, and the digital certificate can represent the identity of the user.
According to an embodiment of the present disclosure, a client may sign its digital certificate before sending an identity endorsement request. The digital certificate is used for identifying the real-name identity of the user and can be issued by a digital certificate provider.
Fig. 3 schematically shows a schematic diagram of the interaction between a client, a policing node and a blockchain network according to an embodiment of the present disclosure.
As shown in fig. 3, the client 310 includes a digital identity management component 311. According to an embodiment of the present disclosure, the client 310 may include a digital identity management component 311 thereon, and the user may register a digital certificate identifying the real-name identity of the user through the digital identity management component 311.
According to embodiments of the present disclosure, a user may send an identity endorsement request to one or more supervisory nodes 320 through a digital identity management component 311 on a client 310.
According to an embodiment of the present disclosure, as shown in fig. 3, 3 supervisory nodes 320 may be included, and each supervisory node 320 may provide digital identity management services. The digital identity management service may be a data identity management server that operates independently or is configured to be integrated into other blockchain service systems, and the supervisory node 320 may verify and endorse the real-name identity represented by the digital certificate of the user through the digital identity management service.
According to the embodiment of the disclosure, for the block chain with admission and authority detailed management, the digital identity management service can also allocate corresponding authority to the user. Therefore, the identity endorsement request sent by the client can also comprise the authority which is requested to be allocated by the user. The content requested to be registered by the user may further include a rights list, wherein the rights list includes rights requested to be assigned by the user.
In addition, the digital identity management service may also be responsible for locally recording the user's digital certificates at supervisory node 320 and providing identity lookup services for other authorized users.
In operation S202, the signature information is verified in response to the identity endorsement request.
According to the embodiment of the disclosure, the supervision node can verify the signature information in the identity endorsement request, and if the verification is successful, the signature information can be signed. The supervision node can automatically or manually check the validity of the user signature through the digital identity management service, and can allocate corresponding access rights to the user according to the user requirements. If the verification is successful, the supervision node can return the hash of the digital identity of the user, the signature verification public key corresponding to the digital certificate and/or the requested authority list, which need to be stored on the block chain, to the client, and the signature of the supervision node on the registered content on the block chain. A registration request is then sent by the client to a node in the blockchain network. Alternatively, the supervising node may send the registration request directly to a node in the blockchain network.
In operation S203, in case of successful signature verification, a registration request is sent to a node in the blockchain network, so that the node in the blockchain network responds to the registration request, and so that in case of successful registration, the node in the blockchain network authenticates a user initiating a transaction request based on the content of the registration request, where the user initiating the transaction request is the user characterized by the digital certificate.
According to an embodiment of the present disclosure, in case of successful signature verification, sending the registration request to the node in the blockchain network includes sending the content of the registration request to the client, so that the client sends the registration request to the node in the blockchain network.
According to an embodiment of the present disclosure, after collecting endorsements of digital certificates of one or more supervisory nodes, a client may request, through the digital identity management component 311, the blockchain network 330 to invoke a digital identity management system contract to request registration of a digital certificate, where the request registration includes one or more of the following: the block chain stores the hash of a digital certificate of a user, a signature verification public key corresponding to the digital certificate, a necessary authority list, a supervision node signature list and the signature of the user.
According to an embodiment of the present disclosure, or after one or more supervisory nodes endorse the digital certificate, the digital identity management system contract is invoked by the digital identity management service request blockchain network 330 to request registration of the digital certificate.
According to the embodiment of the disclosure, by endorsing the digital certificate outside the blockchain network, for example, endorsing the digital certificate in a signature verification manner through a supervision node outside the blockchain network, and registering the digital certificate through the blockchain network in the case of successful signature verification, the nodes in the blockchain network can authenticate the user characterized by the digital certificate based on the registered content without authenticating the transaction request by using the digital certificate itself. The effect that the digital certificate is not required to be used as the identity of the transaction related party to be embedded into the transaction data is achieved.
Through the embodiment of the disclosure, the authenticity and verifiability of the identity of the transaction related party in each transaction can be ensured, and moreover, the digital certificate is not required to be embedded in the transaction, so that the possibility that the access party of the block chain network sees the identity information of the transaction related party is reduced, and the privacy of the identity information of the transaction related party is ensured. In addition, because the digital certificate contains more data, the digital certificate does not need to be embedded in the transaction data, so that the data volume of the transaction data is reduced, and the technical problem that the block chain data scale is increased due to the fact that the transaction data contains the digital certificate is solved.
The method shown in fig. 2 is further described with reference to fig. 4-5 in conjunction with specific embodiments.
Fig. 4 schematically shows a flow chart of a node in a blockchain network responding to a registration request according to an embodiment of the present disclosure.
As shown in fig. 4, responding to a registration request by a node in a blockchain network includes operations S401 to S403.
In operation S401, a digital identity management system contract of a blockchain network is invoked.
According to the embodiment of the disclosure, the digital identity management system contract is a user digital identity management system contract which is deployed and operated on each node of a blockchain network and needs to supervise the node endorsement execution. The contract can realize the functions of registering and viewing the authorization record of the digital certificate of the user and necessary user authority management and authority inquiry. To ensure privacy of the user's identity, only the hash of the user's digital certificate may be recorded in the contract. The user can register the real-name identity and the necessary authority list of the endorsement of the supervision node through the contract. Calling the contract to check whether the user has real name registration or not in block chain transaction execution, or checking whether the user has specific operation authority or not according to the requirement; the user can record the authorization of other users through the contract, or the supervision node strongly authorizes the user to view the digital certificate information of other users.
In operation S402, the registration request is verified based on the digital identity management system contract.
According to embodiments of the present disclosure, a digital identity management system contract may check both the signature of a supervisory node and a user signature.
In operation S403, a node in the blockchain network registers the content of the registration request if the registration request satisfies a registration condition specified by the digital identity management system contract.
According to an embodiment of the present disclosure, the registration condition specified by the digital identity management system contract may include that the signature of the supervisory node satisfies an endorsement condition built in the contract, and the user signature is legal. The digital identity of the user registered by the digital identity management system contract is propagated to all blockchain nodes through the blockchain consensus network.
According to an embodiment of the present disclosure, the content requested to be registered may include a hash value of the digital certificate and a public key in signature information of the user. Nodes in the blockchain network may authenticate the user initiating the transaction request based on the content of the request registration. For example, a node in the blockchain network authenticates the user initiating the transaction request based on the public key in the signature information.
According to the embodiment of the disclosure, a user can use a private key of a digital certificate to sign in a transaction and provide a signature verification public key (or other public and private key pairs registered in real name) without revealing the digital certificate, so that the legal effectiveness of the signature is guaranteed, the user identity is not leaked, and the increase of transaction data caused by the use of the digital certificate can be effectively avoided.
According to the embodiment of the disclosure, the user can use the public key which is registered in association with the digital certificate to sign in the blockchain transaction process instead of directly using the digital certificate, so that the traceability of the real identity of the transaction user is ensured, and meanwhile, the problems that the real identity of the user is directly exposed due to the use of the digital certificate in the transaction and the data scale of the blockchain is greatly increased due to the direct use of the digital certificate are avoided.
According to the embodiment of the disclosure, besides directly using the public key/private key corresponding to the digital certificate to carry out signature, a plurality of pairs of public keys/private keys can be registered based on the digital certificate, and the registered public/private keys are used in transaction, so that the user identity has more privacy.
According to the embodiment of the disclosure, in addition to storing the Hash value Hash of the digital certificate on the blockchain, the encrypted digital certificate can be stored on the blockchain, and the decryption private key for transferring the digital certificate is encrypted in the viewing authorization recorded on the blockchain.
FIG. 5 schematically shows a flow diagram for viewing digital certificate information, in accordance with an embodiment of the present disclosure.
As shown in FIG. 5, viewing digital certificate information includes operations S501-S503.
In operation S501, an identity check request is received from a transaction-related party, where the identity check request is used to request to check digital certificate information of a user who initiated a transaction request.
According to embodiments of the present disclosure, for example, a user may initiate a transaction request and transfer money to other users who are transaction related parties to the user initiating the transaction request.
When a user initiates a transaction request, the user does not sign the transaction request by using the digital certificate itself, but signs the transaction request by using pre-registered content, for example, the user may sign the transaction request by using a public key registered in association with the digital certificate, and at this time, a transaction related party cannot know more identity information of the user initiating the transaction request. Through the embodiment of the disclosure, the transaction related party can initiate the identity checking request to check the identity of the user.
As shown in fig. 3, transaction-related party 340 may initiate an identity view request to supervisory node 320 through digital identity verification component 341. The transaction-related party 340 may authorize or view verification of the digital identity of the user initiating the transaction request through the digital identity verification component 341. According to embodiments of the present disclosure, the client 310 used by the user initiating the transaction request may also include a digital identity verification component 341 through which the user may authorize or view a digital identity to verify a party associated with the transaction.
In operation S502, it is determined whether the transaction-related party has a viewing right in response to the identity viewing request.
According to an embodiment of the present disclosure, transaction-related party 340 may apply to supervisory node 320 for viewing identity information of the user initiating the transaction request by providing a relevant transaction proof.
In operation S503, in case that the transaction-related party has the viewing right, the digital certificate information of the user who initiated the transaction request is transmitted to the transaction-related party.
According to the embodiment of the present disclosure, the supervising node 320 may endorse the transaction related party 340, determine that the transaction related party 340 has the viewing right, and then send the endorsement result to the blockchain network 330, where the transaction related party 340 sends the viewing request to the blockchain network 330, and the blockchain network 330 sends the digital certificate information of the user who initiated the transaction request to the transaction related party 340.
Through the embodiment of the disclosure, the identity of the user initiating the transaction request in the transaction is private to the ordinary user, but the supervision node can trace the real identity of the user registered based on the digital certificate. The supervisor can authorize and check the digital certificate for identifying the real identity to the transaction related party which can provide the certification based on the supervision requirement, and all authorized access records are recorded on the record chain and cannot be tampered. According to the embodiment of the disclosure, the supervising node can check, register and store the digital certificate of the user out of the chain, and the registered digital certificate information is only visible to the supervising node and other users authorized by the user.
Through the embodiment of the disclosure, the viewing permission of finer-grained attribute level can be authorized besides directly providing the viewing digital certificate for other users.
According to an embodiment of the present disclosure, a user initiating a transaction request may spontaneously provide digital identity information to a transaction-related user before or after execution of a related transaction, and a main process may include the following.
First, a user initiating a transaction request may invoke a digital identity management system contract requesting that viewing authorization be recorded on the blockchain, and the request content may include its own identity, an authorized user identity (signature) and its own signature. The user can selectively authorize and check the digital certificate for identifying the real identity to the transaction related party according to the trust requirement, and all the authorized access records are recorded in the record chain and cannot be tampered.
Second, the digital identity management system contract may check whether the user's signature is legitimate, and record the user's viewing authorization on the blockchain if it is legitimate.
Third, after obtaining the digital certificate viewing authorization, the transaction related party may invoke a digital identity management service request through a digital identity verification component to obtain digital certificate information, as shown in fig. 3.
Fourthly, the digital identity management service verifies whether the transaction related party has the checking authorization, and if so, the digital certificate of the user is returned.
Fifthly, the transaction related party can call a digital identity management system contract through the digital identity verification component to obtain, and compares the registered digital certificate with the digital certificate of the user returned by the digital management service to judge whether the registered digital certificate is consistent with the digital certificate of the user returned by the digital management service.
Through the embodiment of the disclosure, the user initiating the transaction request can authorize the transaction related party at the client, so that the user experience is improved.
Fig. 6 schematically shows a block diagram of an authentication device according to an embodiment of the present disclosure.
As shown in fig. 6, the authentication apparatus 600 includes a first receiving module 601, a signature verification module 602, and a first sending module 603.
The first receiving module 601 is configured to receive an identity endorsement request from a client, where the identity endorsement request includes a digital certificate requesting endorsement and signature information of a user on the digital certificate, and the digital certificate can represent the identity of the user.
The signature verification module 602 is configured to verify the signature information in response to the identity endorsement request.
The first sending module 603 is configured to send, in case of successful signature verification, a registration request to a node in the blockchain network, so that the node in the blockchain network responds to the registration request, and so that, in case of successful registration, the node in the blockchain network authenticates, based on the content of the registration request, the user who initiated the transaction request, where the user who initiated the transaction request is the user characterized by the digital certificate.
According to the embodiment of the disclosure, by endorsing the digital certificate outside the blockchain network, for example, endorsing the digital certificate in a signature verification manner through a supervision node outside the blockchain network, and registering the digital certificate through the blockchain network in the case of successful signature verification, the nodes in the blockchain network can authenticate the user characterized by the digital certificate based on the registered content without authenticating the transaction request by using the digital certificate itself. The effect that the digital certificate is not required to be used as the identity of the transaction related party to be embedded into the transaction data is achieved.
Through the embodiment of the disclosure, the authenticity and verifiability of the identity of the transaction related party in each transaction can be ensured, and moreover, the digital certificate is not required to be embedded in the transaction, so that the possibility that the access party of the block chain network sees the identity information of the transaction related party is reduced, and the privacy of the identity information of the transaction related party is ensured. In addition, because the digital certificate contains more data, the digital certificate does not need to be embedded in the transaction data, so that the data volume of the transaction data is reduced, and the technical problem that the block chain data scale is increased due to the fact that the transaction data contains the digital certificate is solved.
According to an embodiment of the present disclosure, the authentication apparatus 600 further includes a second receiving module, a determining module, and a second sending module.
The second receiving module is used for receiving an identity viewing request from a transaction related party, wherein the identity viewing request is used for requesting to view digital certificate information of a user initiating a transaction request.
The determination module is used for responding to the identity viewing request and determining whether the transaction related party has the viewing authority.
The second sending module is used for sending the digital certificate information of the user initiating the transaction request to the transaction related party under the condition that the transaction related party has the viewing right.
Any of the modules according to embodiments of the present disclosure, or at least part of the functionality of any of them, may be implemented in one module. Any one or more of the modules according to the embodiments of the present disclosure may be implemented by being split into a plurality of modules. Any one or more of the modules, sub-modules, units, sub-units according to embodiments of the present disclosure may be implemented at least in part as a hardware circuit, such as a Field Programmable Gate Array (FPGA), a Programmable Logic Array (PLA), a system on a chip, a system on a substrate, a system on a package, an Application Specific Integrated Circuit (ASIC), or may be implemented in any other reasonable manner of hardware or firmware by integrating or packaging a circuit, or in any one of or a suitable combination of software, hardware, and firmware implementations. Alternatively, one or more of the modules according to embodiments of the disclosure may be implemented at least partly as computer program modules which, when executed, may perform corresponding functions.
For example, any plurality of the first receiving module 601, the signature verification module 602 and the first sending module 603 may be combined and implemented in one module/unit/sub-unit, or any one of the modules/units/sub-units may be split into a plurality of modules/units/sub-units. Alternatively, at least part of the functionality of one or more of these modules/units/sub-units may be combined with at least part of the functionality of other modules/units/sub-units and implemented in one module/unit/sub-unit. According to an embodiment of the present disclosure, at least one of the first receiving module 601, the signature verifying module 602, and the first sending module 603 may be at least partially implemented as a hardware circuit, such as a Field Programmable Gate Array (FPGA), a Programmable Logic Array (PLA), a system on a chip, a system on a substrate, a system on a package, an Application Specific Integrated Circuit (ASIC), or may be implemented by hardware or firmware in any other reasonable manner of integrating or packaging a circuit, or implemented in any one of three implementations of software, hardware, and firmware, or in a suitable combination of any of them. Alternatively, at least one of the first receiving module 601, the signature verification module 602 and the first sending module 603 may be at least partly implemented as a computer program module, which when executed may perform the respective function.
It should be noted that the authentication device portion in the embodiment of the present disclosure corresponds to the authentication method portion in the embodiment of the present disclosure, and the description of the authentication device portion specifically refers to the authentication method portion, which is not described herein again.
FIG. 7 schematically illustrates a block diagram of a computer system suitable for implementing the above-described method, according to an embodiment of the present disclosure. The computer system illustrated in FIG. 7 is only one example and should not impose any limitations on the scope of use or functionality of embodiments of the disclosure.
As shown in fig. 7, a computer system 700 according to an embodiment of the present disclosure includes a processor 701, which can perform various appropriate actions and processes according to a program stored in a Read Only Memory (ROM)702 or a program loaded from a storage section 708 into a Random Access Memory (RAM) 703. The processor 701 may include, for example, a general purpose microprocessor (e.g., a CPU), an instruction set processor and/or associated chipset, and/or a special purpose microprocessor (e.g., an Application Specific Integrated Circuit (ASIC)), among others. The processor 701 may also include on-board memory for caching purposes. The processor 701 may comprise a single processing unit or a plurality of processing units for performing the different actions of the method flows according to embodiments of the present disclosure.
In the RAM 703, various programs and data necessary for the operation of the system 700 are stored. The processor 701, the ROM 702, and the RAM 703 are connected to each other by a bus 704. The processor 701 performs various operations of the method flows according to the embodiments of the present disclosure by executing programs in the ROM 702 and/or the RAM 703. It is noted that the programs may also be stored in one or more memories other than the ROM 702 and RAM 703. The processor 701 may also perform various operations of method flows according to embodiments of the present disclosure by executing programs stored in the one or more memories.
According to an embodiment of the present disclosure, the system 700 may also include an input/output (I/O) interface 705, the input/output (I/O) interface 705 also being connected to the bus 704. The system 700 may also include one or more of the following components connected to the I/O interface 705: an input portion 706 including a keyboard, a mouse, and the like; an output section 707 including a display such as a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and the like, and a speaker; a storage section 708 including a hard disk and the like; and a communication section 709 including a network interface card such as a LAN card, a modem, or the like. The communication section 709 performs communication processing via a network such as the internet. A drive 710 is also connected to the I/O interface 705 as needed. A removable medium 711 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is mounted on the drive 710 as necessary, so that a computer program read out therefrom is mounted into the storage section 708 as necessary.
According to embodiments of the present disclosure, method flows according to embodiments of the present disclosure may be implemented as computer software programs. For example, embodiments of the present disclosure include a computer program product comprising a computer program embodied on a computer readable storage medium, the computer program containing program code for performing the method illustrated by the flow chart. In such an embodiment, the computer program can be downloaded and installed from a network through the communication section 709, and/or installed from the removable medium 711. The computer program, when executed by the processor 701, performs the above-described functions defined in the system of the embodiment of the present disclosure. The systems, devices, apparatuses, modules, units, etc. described above may be implemented by computer program modules according to embodiments of the present disclosure.
The present disclosure also provides a computer-readable storage medium, which may be contained in the apparatus/device/system described in the above embodiments; or may exist separately and not be assembled into the device/apparatus/system. The computer-readable storage medium carries one or more programs which, when executed, implement the method according to an embodiment of the disclosure.
According to an embodiment of the present disclosure, the computer-readable storage medium may be a non-volatile computer-readable storage medium. Examples may include, but are not limited to: a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the present disclosure, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
For example, according to embodiments of the present disclosure, a computer-readable storage medium may include the ROM 702 and/or the RAM 703 and/or one or more memories other than the ROM 702 and the RAM 703 described above.
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions. Those skilled in the art will appreciate that various combinations and/or combinations of features recited in the various embodiments and/or claims of the present disclosure can be made, even if such combinations or combinations are not expressly recited in the present disclosure. In particular, various combinations and/or combinations of the features recited in the various embodiments and/or claims of the present disclosure may be made without departing from the spirit or teaching of the present disclosure. All such combinations and/or associations are within the scope of the present disclosure.
The embodiments of the present disclosure have been described above. However, these examples are for illustrative purposes only and are not intended to limit the scope of the present disclosure. Although the embodiments are described separately above, this does not mean that the measures in the embodiments cannot be used in advantageous combination. The scope of the disclosure is defined by the appended claims and equivalents thereof. Various alternatives and modifications can be devised by those skilled in the art without departing from the scope of the present disclosure, and such alternatives and modifications are intended to be within the scope of the present disclosure.

Claims (11)

1. An identity verification method applied to a supervisory node outside a blockchain network, the method comprising:
receiving an identity endorsement request from a client, wherein the identity endorsement request comprises a digital certificate requesting endorsement and signature information of a user on the digital certificate, and the digital certificate can represent the identity of the user;
responding to the identity endorsement request, and verifying the signature information; and
under the condition that the signature verification is successful, sending a registration request to a node in a blockchain network so that the node in the blockchain network responds to the registration request, and under the condition that the registration is successful, carrying out identity authentication on a user initiating a transaction request based on the content of the registration request by the node in the blockchain network, wherein the user initiating the transaction request is the user represented by the digital certificate;
wherein the registration request content includes a hash value of the digital certificate and a public key in the signature information, and the authentication of the user initiating the transaction request by the node in the blockchain network based on the registration request content includes:
and the node carries out identity verification on the user initiating the transaction request based on the public key in the signature information.
2. The method of claim 1, wherein responding to the registration request by a node in the blockchain network comprises:
invoking a digital identity management system contract of the blockchain network;
verifying the registration request based on the digital identity management system contract; and
if the registration request meets the registration condition specified by the digital identity management system contract, the node in the blockchain network registers the content of the registration request.
3. The method of claim 1, wherein the sending a registration request to a node in a blockchain network if the signature verification is successful comprises:
and in case of successful signature verification, sending the content of the registration request to the client so that the client sends the registration request to a node in the blockchain network.
4. The method of claim 1, wherein,
the identity endorsement request also comprises the authority which is requested to be distributed by the user; and
the content requested to be registered further comprises a permission list, wherein the permission list comprises the permission requested to be distributed by the user.
5. The method of claim 1, further comprising:
receiving an identity viewing request from a transaction-related party, wherein the identity viewing request is used for requesting to view digital certificate information of a user who initiates a transaction request;
determining whether the transaction-related party has viewing rights in response to the identity viewing request; and
and under the condition that the transaction-related party has the viewing right, sending the digital certificate information of the user initiating the transaction request to the transaction-related party.
6. An identity verification apparatus for use at a policing node outside a blockchain network, the apparatus comprising:
the system comprises a first receiving module, a first sending module and a second receiving module, wherein the first receiving module is used for receiving an identity endorsement request from a client, the identity endorsement request comprises a digital certificate requesting endorsement and signature information of a user on the digital certificate, and the digital certificate can represent the identity of the user;
the signature verification module is used for responding to the identity endorsement request and verifying the signature of the signature information; and
a first sending module, configured to send a registration request to a node in a blockchain network in a case that the signature verification is successful, so that the node in the blockchain network responds to the registration request, and in a case that the registration is successful, the node in the blockchain network performs identity verification on a user initiating a transaction request based on content of the registration request, where the user initiating the transaction request is a user characterized by the digital certificate;
wherein the registration request content includes a hash value of the digital certificate and a public key in the signature information, and the authentication of the user initiating the transaction request by the node in the blockchain network based on the registration request content includes:
and the node carries out identity verification on the user initiating the transaction request based on the public key in the signature information.
7. The apparatus of claim 6, further comprising:
the second receiving module is used for receiving an identity viewing request from a transaction related party, wherein the identity viewing request is used for requesting to view digital certificate information of a user initiating a transaction request;
a determination module for determining whether the transaction-related party has a viewing right in response to the identity viewing request; and
and the second sending module is used for sending the digital certificate information of the user initiating the transaction request to the transaction related party under the condition that the transaction related party has the viewing right.
8. An identity verification system comprising:
a supervisory node for performing:
receiving an identity endorsement request from a client, wherein the identity endorsement request comprises a digital certificate requesting endorsement and signature information of a user on the digital certificate, and the digital certificate can represent the identity of the user;
responding to the identity endorsement request, and verifying the signature information; and
under the condition that the signature verification is successful, sending a registration request to a node in the block chain network;
a blockchain network comprising a plurality of blockchain nodes, each blockchain node for performing:
responding to the registration request, and carrying out identity verification on a user initiating a transaction request based on the content of the registration request under the condition that the registration is successful, wherein the user initiating the transaction request is the user represented by the digital certificate;
wherein the registration request content includes a hash value of the digital certificate and a public key in the signature information, and the authentication of the user initiating the transaction request by the node in the blockchain network based on the registration request content includes:
and the node carries out identity verification on the user initiating the transaction request based on the public key in the signature information.
9. The system of claim 8, wherein each blockchain node is further configured to perform:
invoking a digital identity management system contract of the blockchain network;
verifying the registration request based on the digital identity management system contract; and
and if the registration request meets the registration condition specified by the digital identity management system contract, transmitting the content of the registration request to each node in the block chain network.
10. The system of claim 8, wherein,
the supervision node is further used for sending the content of the request registration to the client side under the condition that the signature verification is successful;
the system further comprises: and the client is used for sending the registration request to the nodes in the block chain network after receiving the content of requesting registration sent by the supervision node.
11. A computer readable storage medium having stored thereon executable instructions which, when executed by a processor, cause the processor to carry out the method of any one of claims 1 to 5.
CN201911255058.XA 2019-12-09 2019-12-09 Identity verification method, device, system and computer readable storage medium Active CN111027099B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911255058.XA CN111027099B (en) 2019-12-09 2019-12-09 Identity verification method, device, system and computer readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911255058.XA CN111027099B (en) 2019-12-09 2019-12-09 Identity verification method, device, system and computer readable storage medium

Publications (2)

Publication Number Publication Date
CN111027099A CN111027099A (en) 2020-04-17
CN111027099B true CN111027099B (en) 2022-04-26

Family

ID=70205110

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911255058.XA Active CN111027099B (en) 2019-12-09 2019-12-09 Identity verification method, device, system and computer readable storage medium

Country Status (1)

Country Link
CN (1) CN111027099B (en)

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111563089B (en) * 2020-04-20 2023-10-27 杭州云象网络技术有限公司 Method and device for automatically updating channel configuration by changing blockchain certificates
CN111832046B (en) * 2020-07-02 2024-02-23 中通服创发科技有限责任公司 Trusted data certification method based on blockchain technology
CN111985929A (en) * 2020-09-03 2020-11-24 深圳壹账通智能科技有限公司 Transaction verification method and device in block chain, node equipment and storage medium
CN112153069A (en) * 2020-09-29 2020-12-29 青岛网信信息科技有限公司 Length-configurable block chain method and device, storage medium and electronic equipment
CN112332980B (en) * 2020-11-13 2023-04-14 浙江数秦科技有限公司 Digital certificate signing and verifying method, equipment and storage medium
CN112395356A (en) * 2020-11-13 2021-02-23 浙江数秦科技有限公司 Distributed identity authentication and verification method, equipment and storage medium
CN112787823B (en) * 2021-01-27 2023-01-13 上海发电设备成套设计研究院有限责任公司 Intelligent detection equipment identity authentication method, system and device based on block chain
CN113157698B (en) * 2021-04-23 2022-10-28 上海和数软件有限公司 Data query verification method and system based on block chain technology

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109522698A (en) * 2018-10-11 2019-03-26 平安科技(深圳)有限公司 User authen method and terminal device based on block chain
CN109639714A (en) * 2019-01-02 2019-04-16 浙江师范大学 A kind of Internet of Things identity registration and verification method based on block chain
CN109729093A (en) * 2019-01-17 2019-05-07 重庆邮电大学 A kind of digital publishing rights register technique based on block chain
CN110503433A (en) * 2019-08-28 2019-11-26 北京百度网讯科技有限公司 Implementation method, device, equipment and the medium endorsed in a kind of block chain
CN111885128A (en) * 2020-07-08 2020-11-03 佛山市海协科技有限公司 Identity management method based on block chain

Family Cites Families (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10102526B1 (en) * 2017-03-31 2018-10-16 Vijay K. Madisetti Method and system for blockchain-based combined identity, ownership, integrity and custody management
CN108711105A (en) * 2018-05-16 2018-10-26 四川吉鼎科技有限公司 A kind of Secure Transaction verification method and system based on block chain
CN110417558B (en) * 2018-06-28 2022-12-09 腾讯科技(深圳)有限公司 Signature verification method and device, storage medium and electronic device
CN109961287A (en) * 2019-02-12 2019-07-02 众安信息技术服务有限公司 A kind of monitoring and managing method and supervisory systems of block chain
US10425230B1 (en) * 2019-03-01 2019-09-24 Capital One Services, Llc Identity and electronic signature verification in blockchain
CN110009494B (en) * 2019-03-18 2022-03-04 创新先进技术有限公司 Method and device for monitoring transaction content in block chain
CN110162992B (en) * 2019-05-31 2022-06-28 联想(北京)有限公司 Data processing method, data processing device and computer system
CN110189127A (en) * 2019-06-05 2019-08-30 北京清大智信科技有限公司 System and method based on block chain point-to-point information endorsement and trust authentication

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109522698A (en) * 2018-10-11 2019-03-26 平安科技(深圳)有限公司 User authen method and terminal device based on block chain
CN109639714A (en) * 2019-01-02 2019-04-16 浙江师范大学 A kind of Internet of Things identity registration and verification method based on block chain
CN109729093A (en) * 2019-01-17 2019-05-07 重庆邮电大学 A kind of digital publishing rights register technique based on block chain
CN110503433A (en) * 2019-08-28 2019-11-26 北京百度网讯科技有限公司 Implementation method, device, equipment and the medium endorsed in a kind of block chain
CN111885128A (en) * 2020-07-08 2020-11-03 佛山市海协科技有限公司 Identity management method based on block chain

Also Published As

Publication number Publication date
CN111027099A (en) 2020-04-17

Similar Documents

Publication Publication Date Title
CN111027099B (en) Identity verification method, device, system and computer readable storage medium
US11088855B2 (en) System and method for verifying an identity of a user using a cryptographic challenge based on a cryptographic operation
CN108898389B (en) Content verification method and device based on block chain and electronic equipment
US20210097528A1 (en) Blockchain hot wallet based on secure enclave and multi-signature authorization
US20230291571A1 (en) Dynamic management and implementation of consent and permissioning protocols using container-based applications
CN105659559B (en) The safety of authenticating remote server
CN104104672B (en) The method that dynamic authorization code is established in identity-based certification
CN110462658A (en) For providing system and method for the digital identity record to verify the identity of user
CN110768791B (en) Data interaction method, node and equipment with zero knowledge proof
US11921884B2 (en) Techniques for preventing collusion using simultaneous key release
CN111460525B (en) Block chain-based data processing method, device and storage medium
CN110246039B (en) Transaction monitoring method and device based on alliance chain and electronic equipment
CN111160908B (en) Supply chain transaction privacy protection system, method and related equipment based on blockchain
CN110674531B (en) Residential information management method, device, server and medium based on block chain
CN111105235B (en) Supply chain transaction privacy protection system, method and related equipment based on blockchain
CN111949335A (en) Method and apparatus for sharing financial data
CN111160909A (en) Block chain supply chain transaction hiding static supervision system and method
Borges et al. An efficient privacy-preserving pay-by-phone system for regulated parking areas
CN111814193B (en) Information sharing method, device and equipment
KR101120059B1 (en) Billing verifying apparatus, billing apparatus and method for cloud computing environment
CN110399706B (en) Authorization authentication method, device and computer system
CN112217636A (en) Data processing method and device based on block chain, computer equipment and medium
CN115022039B (en) Information processing method, apparatus, device and storage medium
CN113761503B (en) Interface call processing method and device
CN114329610A (en) Block chain privacy identity protection method, device, storage medium and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
CB02 Change of applicant information
CB02 Change of applicant information

Address after: 601, 6 / F, building 2, No. 18, Kechuang 11th Street, Daxing District, Beijing, 100176

Applicant after: Jingdong Technology Information Technology Co.,Ltd.

Applicant after: Jingdong Technology Holding Co., Ltd

Address before: 601, 6 / F, building 2, No. 18, Kechuang 11th Street, Daxing District, Beijing, 100176

Applicant before: BEIJING HAIYI TONGZHAN INFORMATION TECHNOLOGY Co.,Ltd.

Applicant before: Jingdong Digital Technology Holding Co., Ltd

GR01 Patent grant
GR01 Patent grant