CN111147432A - KYC data sharing system with confidentiality and method thereof - Google Patents

KYC data sharing system with confidentiality and method thereof Download PDF

Info

Publication number
CN111147432A
CN111147432A CN201811315195.3A CN201811315195A CN111147432A CN 111147432 A CN111147432 A CN 111147432A CN 201811315195 A CN201811315195 A CN 201811315195A CN 111147432 A CN111147432 A CN 111147432A
Authority
CN
China
Prior art keywords
data
kyc
contract
client
registration
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201811315195.3A
Other languages
Chinese (zh)
Other versions
CN111147432B (en
Inventor
林祐德
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Modernity Financial Holdings Ltd
Fubon Financial Holding Co Ltd
Original Assignee
Modernity Financial Holdings Ltd
Fubon Financial Holding Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Modernity Financial Holdings Ltd, Fubon Financial Holding Co Ltd filed Critical Modernity Financial Holdings Ltd
Priority to CN201811315195.3A priority Critical patent/CN111147432B/en
Publication of CN111147432A publication Critical patent/CN111147432A/en
Application granted granted Critical
Publication of CN111147432B publication Critical patent/CN111147432B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • G06Q40/04Trading; Exchange, e.g. stocks, commodities, derivatives or currency exchange
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0822Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1095Replication or mirroring of data, e.g. scheduling or transport for data synchronisation between network nodes

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Theoretical Computer Science (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Business, Economics & Management (AREA)
  • Finance (AREA)
  • Accounting & Taxation (AREA)
  • Computing Systems (AREA)
  • Power Engineering (AREA)
  • Databases & Information Systems (AREA)
  • Medical Informatics (AREA)
  • Development Economics (AREA)
  • Economics (AREA)
  • Marketing (AREA)
  • Strategic Management (AREA)
  • Technology Law (AREA)
  • General Business, Economics & Management (AREA)
  • Storage Device Security (AREA)

Abstract

A KYC data sharing system with confidentiality and a method thereof are disclosed, KYC data are provided to a right duty end through a client to be encrypted, signed and issued to a block chain network, and an intelligent contract is executed on the block chain network, so that the client, the right duty end and a financial end can execute functions of the intelligent contract and detect events of the intelligent contract, so that when the financial end requests to inquire the KYC data, the client can set authorization authorities for different data items, then the financial end directly receives the authorized data items through the client, and then whether the data items are authenticated by the right duty end to determine whether to review or not is verified, and the technical effects of improving the confidentiality, the usability and the content uniformity of the KYC data are improved.

Description

KYC data sharing system with confidentiality and method thereof
Technical Field
The invention relates to a data sharing system and a method thereof, in particular to a secret KYC data sharing system and a secret KYC data sharing method.
Background
In recent years, with the popularization and vigorous development of financial technologies, various applications based on financial technologies appear like bamboo shoots in spring after rain, however, in order to provide suitable financial products to customers and even avoid money laundering, financial institutions require customers to fill in a piece of data for "Knowing Your Customer (KYC)".
Generally speaking, the financial institution can know the bearing capacity of the client to the investment risk according to the KYC data, so as to provide suitable financial commodities and realize the verification of the client identity authentication, background and credit record. However, since each financial institution requires to fill out KYC data, when there are a large number of financial institutions to and from, repeatedly filling out KYC data with the same content will cause trouble and inconvenience to customers, and since only one piece of KYC data cannot be filled out for all financial institutions, usability of KYC data is not good. In addition, the content of the KYC data filled at different time points may be different, which causes a problem of poor content uniformity.
In view of the above, manufacturers have proposed a technical means for storing KYC data in the client, so as to provide the client with the capability of opening an account in a financial institution. However, this approach requires the financial institution to be willing to coordinate and also fails to address the problem of KYC data at different points in time, which may not be identical in content. In addition, it is also proposed that the KYC data is stored in the cloud for the financial institutions to share, however, the KYC data stored in the cloud is easily tampered, so that how to make each financial institution trust the KYC data stored in the cloud is a big problem, and the KYC data stored in the cloud is also easily subject to privacy leakage.
In summary, it is known that the problems of poor confidentiality, usability and content uniformity of KYC data exist in the prior art for a long time, and therefore, it is necessary to provide improved technical means to solve the problems.
Disclosure of Invention
The invention discloses a KYC data sharing system with confidentiality and a method thereof.
First, the present invention discloses a secret KYC data sharing system, which is applied to a block chain network for executing an intelligent contract, and the system comprises: the system comprises a right charge end, a client and a financial end. Wherein the authority end comprises: the device comprises an initial module, a verification module and a registration module. The initial module is used for issuing a KYC data registration contract through a block chain transaction to provide registration and update KYC data contracts and issuing a KYC data request registration contract through the block chain transaction to provide registration and record KYC data request contracts in the initial process, wherein the KYC data registration contract comprises a data registration event and a data update event, and the KYC data request registration contract comprises a request registration event and an authorization response event; the verification module is used for receiving KYC data for verification, the KYC data comprises a plurality of data items, each data item in the verified KYC data is encrypted according to a client public key to generate corresponding first encrypted content, and then the hash value of each data item is signed according to a authority end private key to generate a corresponding hash signature value; the registration module is used for issuing a KYC data contract containing an account address, first encrypted content of each data item and a Hash seal value of each data item through block chain transaction, obtaining a corresponding KYC data contract address, and registering the KYC data contract address in a KYC data registration contract to trigger a data registration event to generate a registration completion notice.
Then, the client includes: the device comprises a generating module, a detecting module and an encrypting and decrypting module. The generation module is used for generating KYC data and transmitting the KYC data to the authority end; the detection module is used for continuously detecting the data request notification, when the data request notification is detected and the account address contained in the data request notification is consistent with one of the clients, the consistent client reads a KYC data contract corresponding to the client from the block chain network to obtain the account address, the first encrypted content of each data item and the hash signature value of each data item, and the authorization authority of each data item is allowed to be set; the encryption and decryption module is used for decrypting the obtained first encrypted content of each data item according to the authorization authority and the client private key, generating a group of keys to encrypt each decrypted data item to generate corresponding second encrypted content, encrypting the group of keys by using the financial end public key to generate a group of encryption keys, and transmitting the second encrypted content of each data item, the hash signature value of each data item and the group of encryption keys to trigger an authorization response event to generate an authorization response notice.
As for the financial terminal, it includes: a request module, a receiving module, and a review module. The client-side data request contract management system comprises a request module, a block chain transaction module and a data request registration module, wherein the request module is used for issuing a KYC data request contract corresponding to the client-side through a block chain transaction when KYC data of the client-side are requested, and registering the KYC data request contract in a KYC data request registration contract to trigger a request registration event to generate a data request notification; the receiving module is used for continuously detecting an authorization response event of the KYC data request registration contract, receiving the second encrypted content of each data item, the hash signature value of each data item and the group of encryption keys after the authorization response event is triggered to generate an authorization response notice, decrypting the group of encryption keys by using the financial end private key to obtain a group of keys, and decrypting the second encrypted content of each data item by using the group of keys; the review module is used for verifying the hash value and the signature of each decrypted data item according to the public key of the authority end and the hash signature value of each data item, and reviewing each decrypted data item when the verification is passed and the hash signature value is confirmed to be generated by the authority end.
In addition, the invention discloses a secret KYC data sharing method, which is applied to a block chain network for executing an intelligent contract and comprises the following steps: the method comprises the following steps that a liability end issues a KYC data registration contract through a block chain transaction to provide registration and update KYC data contracts and issues a KYC data request registration contract through the block chain transaction to provide registration and record KYC data request contracts at the initial time, wherein the KYC data registration contract comprises a data registration event and a data update event, and the KYC data request registration contract comprises a request registration event and an authorization response event; the client generates corresponding KYC data and transmits the KYC data to the accountability end, wherein the KYC data comprises a plurality of data items; the authority terminal verifies the received KYC data, encrypts each data item in the verified KYC data respectively according to a client public key to generate corresponding first encrypted content, and then signs the hash value of each data item according to the authority terminal private key to generate a corresponding hash signature value; the authority terminal issues a KYC data contract containing an account address, first encrypted content of each data item and a Hash seal value of each data item through block chain transaction, obtains a corresponding KYC data contract address, and registers the KYC data contract address in a KYC data registration contract to trigger a data registration event to generate a registration completion notice; when the financial terminal requests KYC data of the client, a KYC data request contract corresponding to the client is issued through block chain transaction, and the KYC data request contract is registered in the KYC data request registration contract and used for triggering a request registration event to generate a data request notification; after a client detects a data request notification and an account address contained in the data request notification is consistent with one of the clients, the consistent client reads a KYC data contract corresponding to the client from a block chain network to obtain the account address, first encrypted content of each data item and a hash signature value of each data item, and allows setting of an authorization authority of each data item; the client decrypts the obtained first encrypted content of each data item according to the authorization authority and the client private key, generates a group of keys to encrypt each decrypted data item to generate corresponding second encrypted content, encrypts the group of keys by the financial public key to generate a group of encrypted keys, and transmits the second encrypted content of each data item, the hash signature value of each data item and the group of encrypted keys to trigger an authorization response event to generate an authorization response notice; the financial terminal continuously detects an authorization response event of KYC data request registration contract, receives the second encrypted content of each data item, the hash signature value of each data item and the group of encryption keys after the authorization response event is triggered to generate an authorization response notice, decrypts the group of encryption keys by using the financial terminal private key to obtain a group of keys, and then decrypts the second encrypted content of each data item by using the group of keys; the financial terminal verifies the hash value and the signature of each decrypted data item according to the public key of the authority terminal and the hash signature value of each data item, and reviews each decrypted data item when the verification is passed and the hash signature value is confirmed to be generated by the authority terminal.
The system and method disclosed by the present invention are different from the prior art in that the client provides KYC data to the authority terminal for encryption, signature and distribution to the blockchain network, and executes the intelligent contract on the blockchain network, so that the client, the authority terminal and the financial terminal can execute the function of the intelligent contract and detect the event of the intelligent contract, so that when the financial terminal requests to query the KYC data, the client can set the authorization authority for different data items, and then the financial terminal directly receives the authorized data items through the client, and then verifies whether the data items are authenticated by the authority terminal to determine whether to review.
Through the technical means, the invention can achieve the technical effects of improving the confidentiality, the usability and the content uniformity of KYC data.
Drawings
Fig. 1 is a system block diagram of the KYC data sharing system with confidentiality according to the present invention.
Fig. 2A to fig. 2C are flowcharts of a method for sharing KYC data with confidentiality according to the present invention.
Fig. 3 is a schematic diagram of uploading KYC data by applying the present invention.
FIG. 4 is a diagram illustrating encryption and signature of data items at the accountability end according to the present invention.
Fig. 5 is a schematic diagram of encryption and decryption performed at a client by applying the present invention.
[ List of reference numerals ]
10 blockchain network
100 authority terminal
101 initial module
102 authentication module
103 register module
104 update module
110 client
111 generating module
112 detection module
113 encryption and decryption module
120 finance end
121 request module
122 receiving module
123 review module
300 edit window
310 data input block
311 editing component
312 storage component
313 transfer assembly
400 KYC data
410 first encrypted content
420 hash value
430 hash signature value
500 decrypted content
510 second encrypted content
Step 210, the authority terminal issues a KYC (significant customer) data registration contract for providing registration and updating of at least one KYC data contract through the blockchain transaction at the beginning, and issues a KYC data request registration contract for providing registration and recording of at least one KYC data request contract through the blockchain transaction, wherein the KYC data registration contract includes a data registration event and a data updating event, and the KYC data request registration contract includes a registration request event and an authorization response event
Step 220, the client generates corresponding KYC data and transmits the KYC data to the accountability end, wherein the KYC data comprises a plurality of data items
230, the accountability end verifies the received KYC data, encrypts each data item in the verified KYC data according to a client public key to generate a corresponding first encrypted content, and signs the hash value of each data item according to a accountability end private key to generate a corresponding hash signature value
240, the authority terminal issues the KYC data contract containing an account address, the first encrypted content of each data item and the hash signature value of each data item through a blockchain transaction, obtains a corresponding KYC data contract address, and registers the KYC data contract address in the KYC data contract registration contract to trigger the data registration event to generate a registration completion notification
Step 241, after updating the KYC data, obtaining the KYC data contract corresponding to the KYC data according to the KYC data registration contract, and triggering the data updating event to generate an updating completion notification
Step 250, when the financial terminal requests the KYC data of the client, the financial terminal issues the KYC data request contract corresponding to the client through a blockchain transaction and registers the KYC data request contract in the KYC data request registration contract to trigger the registration request event to generate a data request notification
Step 260, after the client detects the data request notification and the account address included in the data request notification matches one of the clients, the matching client reads the KYC data contract corresponding to the client from the blockchain network to obtain the account address, the first encrypted content of each data item and the hash signature value of each data item, and allows setting an authorization authority of each data item
Step 270, the client decrypts the first encrypted content of each obtained data item according to the authorization authority and a client private key, generates a group of keys to encrypt each decrypted data item to generate a corresponding second encrypted content, encrypts the group of keys with a financial public key to generate a group of encrypted keys, and transmits the second encrypted content of each data item, the hash signature value of each data item, and the group of encrypted keys to trigger the authorization response event to generate an authorization response notification
Step 280, the financial terminal continuously detects the authorization response event of the KYC data request registration contract, receives the second encrypted content of each data item, the hash signature value of each data item and the group encryption key after the authorization response event is triggered to generate the authorization response notification, decrypts the group encryption key with a financial terminal private key to obtain the group key, and decrypts the second encrypted content of each data item with the group key
In step 290, the financial terminal performs hash value and signature verification on each decrypted data item according to a public key of a accountability terminal and the hash signature value of each data item, and reviews each decrypted data item when the verification is passed and the hash signature value is confirmed to be generated by the accountability terminal
The accountability end issues a KYC execution registration contract for recording the execution result of at least one KYC data execution contract at the beginning of the step 291, wherein the KYC data execution contract records each data item reviewed by the financial end and its signature
292, the accountability end issues an account number link contract through a block link transaction at the beginning to store at least one account number address corresponding to each client, so that the account number addresses correspond to the same KYC data, and the account number addresses are allowed to be added or deleted, and after the financial end verifies the account number addresses, the financial end is allowed to receive the same KYC data by using different account number addresses
Detailed Description
The following detailed description of the embodiments of the present invention will be provided in conjunction with the accompanying drawings and examples, so that how to implement the technical means for solving the technical problems and achieving the technical effects of the present invention can be fully understood and implemented.
Before describing the disclosed KYC data sharing system with confidentiality and the method thereof, the present invention is applied to a Blockchain network executing an intelligent contract, and all the computer devices in the Blockchain network can be regarded as Blockchain nodes which are connected in a point-to-point (Peer) manner and are used for processing Blockchain Transactions (Blockchain Transactions). In practical implementations, the computer device can be a server, a host computer, a notebook computer, a tablet computer, etc. for executing computer program instructions, such as: the blockchain program "Ethereum". In addition, the intelligent contract is a computer program that drives instructions according to predetermined conditions and transmitted information, and in actual implementation, the intelligent contract is implemented by a programming language, such as: the intelligent contracts are compiled to obtain Binary codes and Application Binary Interfaces (ABIs) so as to broadcast the intelligent contracts to the blockchain network, and a Miner (Miner) waits for putting the intelligent contracts on the blockchain and obtaining corresponding addresses, so that the intelligent contracts are completed. Then, the node of the block chain network can execute the corresponding intelligent contract according to the address, and the state of the intelligent contract on the block chain can be changed by different instructions. It should be particularly noted that the contracts such as "KYC data registration contract", "KYC data request registration contract", "KYC data request contract", "KYC evaluation registration contract", "KYC execution registration contract", "KYC data execution contract", and "account number connection contract" are all intelligent contracts, and the "registration" mentioned in the text refers to establishing address correspondence between different intelligent contracts by executing functions in the intelligent contracts, and the following briefly describes each intelligent contract:
the utility model provides a, KYC data contract for record customer's KYC data, in actual implementation, each data item of KYC data can pass through client public key respectively and encrypt, and still can calculate corresponding hash value through hash algorithm, then, store after signing the calculated hash value with the authority's end private key, that is to say, KYC data contract does not store the plain code of KYC data, but stores encrypted data item, and the value after hash and signature, actually, KYC data contract still contains customer's account number address, like: a public key. In practical implementation, the KYC data contract contains functions such as: "setData ()", and parameters to bring in "the code of the data item of KYC data", "the first encrypted content of each data item", "the hash value of each data item", and "the hash signature value of each data item", etc.
And a KYC data contract which is used for registering the KYC data contract and providing related events (namely data registration events and data updating events). In practical implementation, the KYC evaluation contract can be generated by a function while registering the KYC data contract, and is registered in the KYC evaluation registration contract, so that an authorized financial terminal can evaluate and mark risks of corresponding clients. The KYC data registry contract contains functions such as: "register kycdata ()", "update kycdata ()", both of which are brought into the address and account address of the KYC data contract, and the execution of which triggers corresponding events, such as: "KYCDataDidRegister" and "KYCDataDidUpdate" are triggered when KYC data contract registration is performed, and triggered when KYC data contract update is performed.
Third, a KYC data request contract is used for the financial terminal to initiate a request to the client so as to obtain the authorization right for reviewing KYC data from the client, that is, the client also replies the authorization right through the KYC data request contract. In practical implementation, the KYC data request contract contains functions such as: "addRequest ()", "addSignature ()", "isprovived ()", "objectrequest ()", "revokeRequest ()", and the like, which are respectively used for executing the cases of "financial terminal adding data items to be reviewed", "financial terminal setting signature for client to verify financial terminal source", "checking whether the financial terminal has authorization authority to review specified data items", "client authorizes request to review specified data items", "client refuses request to review specified data items", and "client cancels authorization authority authorized to review specified data items".
And fourthly, registering the KYC data request contract for registering and recording the request of the financial terminal for reviewing the KYC data of the client, providing corresponding events to inform the client of the reviewing request and inform the financial terminal of the response or update of the authorization state. In practical implementation, KYC data requests a registration contract to contain functions such as: the "requestKYCData ()" and the "responseKYCDataRequest ()" are respectively used for providing the financial terminal registration KYC data request contract and informing that the contract has been responded after the client replies or updates the authorization state of the KYC data request contract. In addition, executing these two functions triggers corresponding events, such as: the client side comprises a KYCDataDidRequest and a KYCDataRequestDidResponse, wherein the KYCDataDidRequest is triggered when a new KYC data request contract is registered to inform the client side of the contract, and the KYCDataRequest is triggered when the authorization state of the KYC data request contract is changed to inform the financial side of the change of the authorization state.
And fifthly, carrying out a KYC data execution contract for recording the KYC processing executed by the financial terminal, wherein the KYC data execution contract comprises functions such as: "executeKyc ()" for signing after the finance end reviews the designated data item of the KYC data, each data item needs to be signed independently.
Sixthly, recording execution results of the KYC data execution contract by using a KYC execution registration contract, wherein the KYC execution registration contract comprises functions such as: "register KYCExecution ()".
Seventh, KYC evaluation contracts, which are used for the financial end to record client evaluation and risk marks, and include functions such as: "addnucleotides ()", "addFlag ()" and "addRat ()" are used to "note of the newly added financial end to the client", "risk mark of the newly added financial end to the client" and "evaluation of the newly added financial end to the client", respectively.
Eight, KYC evaluation and other registration contracts used for providing registration KYC evaluation and other contracts, which comprise functions such as: "register ()" that completes registration of KYC-rated contracts by bringing in the address of the KYC-rated contracts.
Ninth, account linking contracts are used for binding multiple account addresses for clients to achieve privacy, and the stored account addresses are encrypted by using signatures, which may include functions such as: "addAssociation ()", "removeAssociation ()" and "getAssociation ()" are used to perform the processing of "signature for newly adding binding", "signature for removing binding", and "inquiring the account address bound by a signature", respectively.
Referring to fig. 1, fig. 1 is a block diagram of a KYC data sharing system with confidentiality according to the present invention, which is applied to a block chain network 10 for executing an intelligent contract, and the system includes: the accountability end 100, the client 110 and the finance end 120. In which, the authority terminal 100 may be a government authority or a government legal authority, and the purpose of the authority terminal 100 is to provide KYC data service for verifying natural people or organizations (e.g. verifying whether the materials are correctly attached), in fact, the authority terminal 100 is connected to the blockchain network 10 as a blockchain link, and the authority terminal 100 includes: an initialization module 101, an authentication module 102, and a registration module 103. The initialization module 101 is configured to issue a KYC data registration contract through a blockchain transaction to provide registration and update KYC data contracts at initialization, and issue a KYC data request registration contract through a blockchain transaction to provide registration and record a KYC data request contract, where the KYC data registration contract includes a data registration event and a data update event, and the KYC data request registration contract includes a request registration event and an authorization response event. When a registration function of a KYC data contract is executed to register the KYC data contract, the registration function triggers a data registration event, namely, when a new KYC data contract is registered, the data registration event is triggered; when an update function of the KYC data registry contract is executed to update the KYC data contract, the update function triggers a data update event, that is, when the existing KYC data contract is updated, the data update event is triggered.
In practical implementation, the data stored in the KYC data contract includes "account address of the customer", "encrypted content (i.e. first encrypted content) of each data item", and "hash signature value subjected to hash and signature processing", where the account address of the customer may be presented in the form of a public key; the encrypted content is generated by encrypting a client public key; the signature is realized by the authority end private key. In addition, the initial module 101 may also issue KYC execution registration contracts through blockchain transactions to record execution results of KYC data execution contracts that record each data item and its signature reviewed by the financial terminal 120. Therefore, which finance end 120 has reviewed the KYC data can be known later by verifying the signature. In addition, the liability terminal 100 may issue an account linking contract through a block chain transaction at the beginning to store all account addresses corresponding to each client terminal 110, so that all account addresses correspond to the same KYC data, and the account addresses are allowed to be added or deleted, so that after the financial terminal 120 verifies the account addresses and confirms that the account addresses are generated by the client terminals 110, the financial terminal may be allowed to receive the same KYC data at different account addresses. In other words, the client 110 can use different account addresses to let the finance client 120 perform KYC processing, even to avoid knowing the identity of the client 110 through the account addresses.
The validation module 102 is configured to receive KYC data for validation, the KYC data including a plurality of data items, for example: name, identification card word number, gender and the like, and according to the client public key, respectively encrypting each data item in the verified KYC data to generate corresponding first encrypted content, and then according to the authority end private key, signing the hash value of each data item to generate a corresponding hash signature value. In practical implementation, each data item has a corresponding code, such as: the ID card word is coded as "ID", and the property certificate is coded as "WEALTH _ PROOF", etc. In addition, the public key (e.g., client public key) and the private key (e.g., authority private key) mentioned herein can be provided by a certificate issued by a third party public trust certificate authority (e.g., taiwan network authentication center).
The registration module 103 is configured to issue a KYC data contract including an account address, first encrypted content of each data item, and a hash signature value of each data item through a blockchain transaction, obtain a corresponding KYC data contract address, and register the KYC data contract address in a KYC data registration contract to trigger a data registration event to generate a registration completion notification. In practical implementation, when a new KYC data contract is registered, a KYC evaluation contract corresponding to the client 110 may be issued through a blockchain transaction, and a KYC evaluation contract address of the KYC evaluation contract is registered in a KYC evaluation registration contract issued in advance by the initial module 101, so as to allow the financial terminal 120 obtaining the authorization authority to evaluate and mark risks of the KYC data of the corresponding client 110. For example, their rating may be a credit rating; the risk flag may then note whether or not the account is an alert account.
In practical implementation, the authority terminal 100 may further include an update module 104 for obtaining a KYC data contract corresponding to the KYC data according to the KYC data registration contract after the KYC data is updated, and triggering the data update event to generate the update completion notification. That is, when existing KYC data in a blockchain is updated, a data update event of a KYC data registration contract may be triggered to notify a blockchain link point in the blockchain network 10.
On the part of the client 110, the client 110 may provide the blockchain node service itself or through a third party (e.g., the authoritative end 100, the financial end 120, or any service provider with authority to connect to the blockchain node), in other words, the client 110 may directly or indirectly connect to the blockchain network 10 using the blockchain node to detect the smart contract event, where "directly" means that the client 110 itself is a blockchain node within the blockchain network 10 that connects to the blockchain network 10 using a blockchain client program; by "indirect" is meant using a third party integration service, such as a financial institution providing wallet services based on blockchain nodes. Supposing that the client 110 is a block chain node, directly monitoring a 'registration request event' of a 'KYC data request registration contract', when the registration request event is triggered, checking whether a KYC data request contract is initiated for the client 110, and if so, notifying the client to process; assuming that the client 110 is a block link point service provided by a third party, a monitoring address needs to be provided in order to monitor the request registration event of the KYC data request registration contract, and when the registered KYC data request contract is for the client of the service, the client is notified to process the KYC data request contract, which may be accomplished by a mobile application, e-mail, telephone, etc.
As mentioned above, each client 110 includes: a generating module 111, a detecting module 112 and an encrypting/decrypting module 113. The generating module 111 is configured to generate KYC data, for example, provide a Graphical User Interface (GUI) for a client to input and serve as the KYC data, and transmit the KYC data to the accountability terminal 100, so that the accountability terminal 100 encrypts and signs and issues a corresponding KYC data contract to the blockchain network 10.
The detecting module 112 is configured to continuously detect a data request notification, and when the data request notification is detected and the account address included in the data request notification matches one of the clients, the matching client 110 reads the KYC data contract of the corresponding client 110 from the blockchain network 10 to obtain the account address, the first encrypted content of each data item, and the hash signature value of each data item, and allows setting the authorization authority of each data item. In practical implementation, the setting of the authorization right refers to setting a corresponding authorization right for each data item, such as: allow, deny, cancel, etc.
The encryption and decryption module 113 is configured to decrypt the obtained first encrypted content of each data item according to the authorization authority and the client private key, generate a set of keys to encrypt each decrypted data item to generate corresponding second encrypted content, encrypt the set of keys with the financial public key to generate a set of encryption keys, and transmit the second encrypted content of each data item, the hash signature value of each data item, and the set of encryption keys to trigger an authorization response event to generate an authorization response notification. In practical implementation, the way of generating a set of keys can be generated by using a Symmetric Encryption (Symmetric Encryption) algorithm and used for Encryption and decryption at the same time, which can improve the Encryption and decryption processing efficiency of each data item compared to using an Asymmetric Encryption (Asymmetric Encryption) algorithm to generate keys. In fact, the first encrypted content differs from the second encrypted content only in that the former is encrypted by the client public key, while the latter is encrypted by the key. It should be noted that the purpose of additionally generating a set of keys to encrypt the data item instead of directly using the client private key is to provide the data item to the designated financial end 120, so as to avoid that other blockchain nodes that also possess the client public key can decrypt the data item.
Then, at the part of the finance end 120, the finance end 120 must be connected with the authority end 100 and also connected with the blockchain network 10 as the blockchain link, and each finance end 120 includes: a request module 121, a receiving module 122, and a review module 123. The request module 121 is configured to issue a KYC data request contract corresponding to the client 110 through a blockchain transaction when KYC data of the client 110 is requested, and register the KYC data request contract in a KYC data request registration contract to trigger a request registration event to generate a data request notification. Therefore, the client 110 can know whether the finance end 120 requests KYC data by detecting whether the registration request event is triggered. In actual implementation, the data request notification may include: the account address of the client 110, the code of the data item, and the signature of the financial terminal 120.
The receiving module 122 is configured to continuously detect an authorization response event of the KYC data request registration contract, receive the second encrypted content of each data item, the hash signature value of each data item, and the set of encryption keys when the authorization response event is triggered to generate an authorization response notification, decrypt the set of encryption keys with the financial end private key to obtain a set of keys, and decrypt the second encrypted content of each data item with the set of keys. Since the encryption key can only be decrypted by the financial end private key, only the blockchain node (i.e., the designated financial end 120) having the financial end private key can obtain the set of keys through decryption, and then decrypt the second encrypted content by using the set of keys to obtain the unencrypted data item, so that the confidentiality of the data item can be ensured.
The review module 123 is configured to perform verification of the hash value and the signature on each decrypted data item according to the public key of the responsible party and the hash signature value of each data item, and review each decrypted data item when the verification is passed and the hash signature value is confirmed to be generated by the responsible party 100. In practical implementation, since the "hash signature value" is generated by signing the "hash value" with the "authority end private key", the financial end 120 may calculate the "authority end public key" by using the "hash value" calculated according to the data item in conjunction with the "hash signature value" when verifying the "hash signature value", and then compare the calculated "authority end public key" with the known "authority end public key", if the comparison result is the same, it means that the data is not tampered, and it is determined that the "hash signature value" is generated by the authority end 100, so the hash value and the signature thereof pass verification, whereas if the "authority end public key" is different, it means that the data is tampered or the hash signature value is not generated by the authority end 100, so the hash value and the signature thereof do not pass verification.
Referring to fig. 2A to fig. 2C, fig. 2A to fig. 2C are flow charts of a method of KYC data sharing with confidentiality according to the present invention, which is applied to a blockchain network 10 for executing an intelligent contract, and the steps of the method include: the accountability terminal 100 issues a KYC data registration contract through the blockchain transaction to provide registration and update of the KYC data contract, and issues a KYC data request registration contract through the blockchain transaction to provide registration and record of the KYC data request contract, wherein the KYC data registration contract includes a data registration event and a data update event, and the KYC data request registration contract includes a request registration event and an authorization response event (step 210); the client 110 generates corresponding KYC data and transmits the KYC data to the accountability terminal 100, wherein the KYC data contains a plurality of data items (step 220); the accountability end 100 verifies the received KYC data, encrypts each data item in the verified KYC data according to the client public key to generate corresponding first encrypted content, and then signs the hash value of each data item according to the accountability end private key to generate a corresponding hash signature value (step 230); the authority terminal 100 issues a KYC data contract containing an account address, first encrypted content of each data item and a hash signature value of each data item through a blockchain transaction, obtains a corresponding KYC data contract address, and registers the KYC data contract address in a KYC data registration contract to trigger a data registration event to generate a registration completion notification (step 240); the financial terminal 120 issues a KYC data request contract corresponding to the client terminal 110 through a blockchain transaction when requesting KYC data of the client terminal 110, and registers the KYC data request contract in the KYC data request registration contract for triggering a request registration event generation data request notification (step 250); after the client 110 detects the data request notification and the account address included in the data request notification matches one of the clients 110, the matching client 110 reads the KYC data contract corresponding to the client 110 from the blockchain network 10 to obtain the account address, the first encrypted content of each data item and the hash signature value of each data item, and allows setting the authorization authority of each data item (step 260); the client 110 decrypts the obtained first encrypted content of each data item according to the authorization authority and the client private key, generates a group of keys to encrypt each decrypted data item to generate a corresponding second encrypted content, encrypts the group of keys with the financial public key to generate a group of encryption keys, and transmits the second encrypted content of each data item, the hash signature value of each data item and the group of encryption keys to trigger an authorization response event to generate an authorization response notification (step 270); the finance end 120 continuously detects an authorization response event of the KYC data request registration contract, receives the second encrypted content of each data item, the hash signature value of each data item and the set of encryption keys after the authorization response event is triggered to generate an authorization response notification, decrypts the set of encryption keys by the finance end private key to obtain a set of keys, and decrypts the second encrypted content of each data item by the set of keys (step 280); the finance side 120 performs verification of the hash value and the signature for each decrypted data item according to the authority side public key and the hash signature value of each data item, and reviews each decrypted data item when the verification is passed and the hash signature value is confirmed to be generated by the authority side 100 (step 290). Through the above steps, KYC data can be provided to the accountability end 100 through the client 110 for encryption, signature and distribution to the blockchain network 10, and an intelligent contract is executed on the blockchain network 10, so that the client 110, the accountability end 100 and the financial end 120 can execute functions of the intelligent contract and detect events of the intelligent contract, so that when the financial end requests to query KYC data, the client 110 can set authorization authority for different data items, and then the financial end 120 directly receives the authorized data items through the client 110, and then verifies whether the data items are authenticated by the accountability end 100 to determine whether to perform review.
It should be noted that after step 240, after the KYC data update is completed, a KYC data contract corresponding to the KYC data is obtained according to the KYC data registration contract, and a data update event is triggered to generate an update completion notification (step 241), so that all nodes of the blockchain network 10 can know that the KYC data has been updated by detecting the update completion notification. Then, after step 290, if the authority terminal 100 is at the beginning, KYC execution registration contract is issued through the blockchain transaction to record the execution result of KYC data execution contract, which records each data item and its signature reviewed by the financial terminal 120 (step 291). In addition, the liability terminal 100 may also issue an account linking contract through a block chain transaction at the beginning, so as to store all account addresses corresponding to each client terminal 110, make all account addresses correspond to the same KYC data, allow the account addresses to be added or deleted, and allow the same KYC data to be received with different account addresses after the financial terminal 120 verifies the account addresses (step 292). Therefore, the client can bind a plurality of account addresses, the probability of identifying the client through the account addresses is reduced, and the privacy is improved.
Referring to fig. 3, fig. 3 is a schematic diagram illustrating how KYC data is uploaded according to the present invention. Assuming that client 110 is to upload KYC data, a client at client 110 may open edit window 300 and type in the data input block 310 the client's own KYC data, for example: name, identification card number, etc., and the storage component 312 is clicked to store the KYC data, if the stored KYC data is to be modified, the editing component 311 may be clicked to edit the data. Next, the stored KYC data may be transmitted to the accountability terminal 100 through the click transmission component 313, so that the accountability terminal 100 issues a corresponding KYC data contract through a blockchain transaction according to the KYC data.
FIG. 4 is a schematic diagram of an encryption and signature data item applied to the authority end according to the present invention. When the authoritative terminal 100 receives the KYC data 400 transmitted by the client 110, the authoritative terminal 100 encrypts each data item by using the client public key to generate the corresponding first encrypted content 410, and further uses a hash algorithm, such as: MD5, SHA-1, SHA-256, etc., perform a hash calculation on each data item to obtain a corresponding hash value 420, and sign the hash values 420 with the authority-side private key to generate a hash-signed value 430. The authority 100 may then issue a KYC data contract containing the account address (e.g., the client public key), the first encrypted content 410, and the hash signature value 430 via a blockchain transaction. In this way, after the transaction verification is completed for a period of time, all blockchain nodes in the blockchain network 10 have the KYC data contract for their own blockchain, and obtain the KYC data contract address corresponding to the contract. And then, registering the KYC data contract address in the KYC data registration contract, namely triggering a data registration event to generate a registration completion notice. And finishing the issuing and registering of the KYC data contract.
As shown in fig. 5, fig. 5 is a schematic diagram illustrating the encryption and decryption performed by the client according to the present invention. When the client 110 detects that the financial terminal 120 triggers a registration request event, it is assumed that the client 110 compares the account address and finds that the account address is the same as the account address of the client, which means that the financial terminal 120 wants to request KYC data from the client, so the client 110 reads a corresponding KYC data contract to obtain the account address, the first encrypted content 410 of each data item, and the hash signature value 430 of each data item. Then, the client is allowed to set the authorization authority of each data item, such as: for example, if the customer wants to authorize the allowed financial terminal 120 to review the name in its KYC data, the customer may be set to "allowed" through the gui, otherwise, if the customer is denied, the customer may be set to "denied", or if the customer wants to cancel the original authorization, the customer may be set to "cancel".
Next, the client 110 may decrypt the first encrypted content 410 according to the authorization authority and the client private key to obtain the decrypted content 500, and then generate a set of keys by using a symmetric encryption algorithm, so as to encrypt the decrypted content 500 by using the set of keys to generate the second encrypted content 510, and the hash signature value 430 remains unchanged. The set of keys is then encrypted using the public key of the requesting financial end 120 to generate a corresponding encrypted key, so as to ensure that only the requesting financial end 120 can decrypt using its private key to obtain the set of keys, i.e., to ensure that only the requesting financial end 120 can decrypt using the set of keys. Finally, the client 110 transmits the second encrypted content 510, the hash signature value 430, and the encryption key to trigger an authorization response event to generate an authorization response notification. After detecting the authorization response notification, the financial terminal 120 knows that the request has been responded by the client terminal 110, and then after receiving the second encrypted content 510, the hash signature value 430 and the encryption key, decrypts the encryption key by using the financial terminal private key to obtain a set of keys, and decrypts the second encrypted content 510 by using the set of keys to obtain KYC data of the client.
Then, in order to ensure the correctness of the KYC data and ensure that the KYC data is not tampered with, the financial terminal 120 calculates a hash value of each data item of the KYC data obtained by decrypting the second encrypted content 510, and calculates an authority public key in a backward pushing manner by using the hash value and the hash value signature 430, and if the calculated authority public key is a known authority public key, the representative: first, the hash signature 430 is generated by the responsible end 100. Secondly, the hash signature value 430 is generated by signature of the hash value of the KYC data, i.e. it represents that the KYC data is not tampered. That is, assuming that the computed hash value and the hash signature value can be computed by using a push-back method to compute the authority public key, i.e. the KYC data is authenticated by the authority 100, the finance end 120 will review each decrypted data item.
In summary, it can be seen that the difference between the present invention and the prior art is that KYC data is provided to the liability terminal 100 through the client terminal 110 for encryption, signature and distribution to the blockchain network 10, and an intelligent contract is executed on the blockchain network 10, so that the client terminal 110, the liability terminal 100 and the financial terminal 120 can execute functions of the intelligent contract and detect events of the intelligent contract, so that when the financial terminal requests to query KYC data, the client terminal 110 can set authorization rights for different data items, and then the financial terminal 120 directly receives the authorized data items through the client terminal 110, and then verifies whether the data items are authenticated by the liability terminal 100 to determine whether to review.
Although the present invention has been described with reference to the foregoing embodiments, it should be understood that various changes, substitutions and alterations can be made herein without departing from the spirit and scope of the invention as defined by the appended claims.

Claims (10)

1. A KYC data sharing system with confidentiality, which is applied to a block chain network for executing intelligent contracts, and is characterized by comprising:
the authority end, the authority end includes:
the system comprises an initial module, a first module and a second module, wherein the initial module is used for issuing a KYC (Key group customer) data registration contract through a block chain transaction to provide registration and update at least one KYC data contract and issuing a KYC data request registration contract through the block chain transaction to provide registration and record at least one KYC data request contract, the KYC data registration contract comprises a data registration event and a data update event, and the KYC data request registration contract comprises a request registration event and an authorization response event;
the verification module is used for receiving KYC data for verification, the KYC data comprises a plurality of data items, each data item in the verified KYC data is encrypted according to a client public key to generate corresponding first encrypted content, and then the hash value of each data item is signed according to a authority end private key to generate a corresponding hash signature value; and
the registration module is used for issuing the KYC data contract containing an account number address, the first encrypted content of each data item and the Hash seal value of each data item through block chain transaction, obtaining a corresponding KYC data contract address, and registering the KYC data contract address in the KYC data registration contract to trigger the data registration event to generate a registration completion notice;
at least one client, each client comprising:
the generation module is used for generating the KYC data and transmitting the KYC data to the authority terminal;
the detection module is used for continuously detecting a data request notification, when the data request notification is detected and the account address contained in the data request notification is consistent with one of the clients, the consistent client reads the KYC data contract corresponding to the client from the block chain network to obtain the account address, the first encrypted content of each data item and the hash signature value of each data item, and the authorization authority of each data item is allowed to be set; and
the encryption and decryption module is used for decrypting the first encrypted content of each acquired data item according to the authorization authority and a client private key, generating a group key for encrypting each decrypted data item to generate corresponding second encrypted content, encrypting the group key by using a financial end public key to generate a group encryption key, and transmitting the second encrypted content of each data item, the hash signature value of each data item and the group encryption key to trigger the authorization response event to generate an authorization response notice; and
at least one finance end, each finance end includes:
the request module is used for issuing the KYC data request contract corresponding to the client through a blockchain transaction when the KYC data of the client is requested, and registering the KYC data request contract in the KYC data request registration contract to trigger the request registration event to generate the data request notification;
a receiving module, configured to continuously detect the authorization response event of the KYC data request registration contract, receive the second encrypted content of each data item, the hash signature value of each data item, and the group encryption key after the authorization response event is triggered to generate the authorization response notification, decrypt the group encryption key with a financial end private key to obtain the group key, and decrypt the second encrypted content of each data item with the group key; and
and the review module is used for verifying the hash value and the signature of each decrypted data item according to the public key of the authority end and the hash signature value of each data item, and reviewing each decrypted data item when the verification is passed and the hash signature value is confirmed to be generated by the authority end.
2. The KYC data sharing system with confidentiality of claim 1, wherein said accountability end further comprises an updating module for obtaining said KYC data contract corresponding to said KYC data according to said KYC data registration contract after completion of updating said KYC data, and triggering said data updating event to generate an update completion notification.
3. The KYC data sharing system with confidentiality according to claim 1, wherein said authority terminal issues a KYC evaluation contract at the same time as registering said KYC data contract, and registers a KYC evaluation contract address of said KYC evaluation contract with a KYC evaluation registration contract issued in advance, for allowing said financial terminal obtaining said authorization authority to evaluate and risk-mark said KYC data of said client terminal.
4. The KYC data sharing system with confidentiality of claim 1, wherein said initial module of said accountability end further issues KYC execution registration contract through blockchain transaction for recording execution result of at least one KYC data execution contract, said KYC data execution contract recording each data item and its signature reviewed by said financial end.
5. The KYC data sharing system with confidentiality of claim 1, wherein the initial module of the accountability end further issues an account linking contract through a block chain transaction, so as to store at least one account address corresponding to each client, enable the account addresses to correspond to the same KYC data, allow addition or deletion of the account addresses, and allow receiving of the same KYC data with different account addresses after the account addresses are verified by the financial end.
6. A KYC data sharing method with confidentiality is applied to a block chain network executing an intelligent contract, and is characterized by comprising the following steps:
the method comprises the following steps that a liability terminal issues a KYC (Key raw customer) data registration contract through a blockchain transaction to provide registration and update at least a KYC data contract and issues a KYC data request registration contract through the blockchain transaction to provide registration and record at least one KYC data request contract at the beginning, wherein the KYC data registration contract comprises a data registration event and a data update event, and the KYC data request registration contract comprises a request registration event and an authorization response event;
at least one client generates corresponding KYC data and transmits the KYC data to the accountability end, wherein the KYC data comprises a plurality of data items;
the authority end verifies the received KYC data, encrypts each data item in the verified KYC data respectively according to a client public key to generate corresponding first encrypted content, and then signs the hash value of each data item according to a authority end private key to generate a corresponding hash signature value;
the authority terminal issues the KYC data contract containing an account number address, the first encrypted content of each data item and the Hash seal value of each data item through blockchain transaction, obtains a corresponding KYC data contract address, and registers the KYC data contract address in the KYC data registration contract to trigger the data registration event to generate a registration completion notice;
when the client requests the KYC data, the financial terminal issues the KYC data request contract corresponding to the client through a blockchain transaction and registers the KYC data request contract in the KYC data request registration contract to trigger the registration request event to generate a data request notification;
after the client detects the data request notification and the account address contained in the data request notification is consistent with one of the clients, the consistent client reads the KYC data contract corresponding to the client from the blockchain network to obtain the account address, the first encrypted content of each data item and the hash signature value of each data item, and allows setting of authorization authority of each data item;
the client decrypts the obtained first encrypted content of each data item according to the authorization authority and a client private key, generates a group of keys to encrypt each decrypted data item to generate corresponding second encrypted content, encrypts the group of keys by a financial end public key to generate a group of encryption keys, and transmits the second encrypted content of each data item, the hash signature value of each data item and the group of encryption keys to trigger the authorization response event to generate an authorization response notice;
the financial terminal continuously detects the authorization response event of the KYC data request registration contract, receives the second encrypted content of each data item, the hash signature value of each data item and the group encryption key after the authorization response event is triggered to generate the authorization response notification, decrypts the group encryption key by using a financial terminal private key to obtain the group key, and then decrypts the second encrypted content of each data item by using the group key; and
the financial terminal performs verification of a hash value and a signature on each decrypted data item according to a public key of the authority terminal and the hash signature value of each data item, and reviews each decrypted data item when the verification is passed and the hash signature value is confirmed to be generated by the authority terminal.
7. The KYC data sharing method with confidentiality of claim 6, further comprising the step of obtaining said KYC data contract corresponding to said KYC data according to said KYC data registry contract after completion of updating of said KYC data, and triggering said data update event generation update completion notification.
8. The KYC data sharing method with confidentiality according to claim 6, wherein said authority terminal issues KYC evaluation contracts while registering said KYC data contracts, and registers KYC evaluation contract addresses of said KYC evaluation contracts to a pre-issued KYC evaluation registration contract for allowing said financial terminal obtaining said authorization authority to evaluate and risk-mark said KYC data of said client.
9. The KYC data sharing method with confidentiality of claim 6, further comprising the step of said accountability end issuing KYC execution registration contract through blockchain transaction at initial time for recording the execution result of at least one KYC data execution contract, said KYC data execution contract recording each data item and its signature reviewed by said financial end.
10. The KYC data sharing method with the confidentiality of claim 6, further comprising the steps of issuing an account linking contract through a block chain transaction at an initial time by the liability terminal to store at least one account address corresponding to each client, enabling the account addresses to correspond to the same KYC data, allowing the account addresses to be added or deleted, and allowing the same KYC data to be received by different account addresses after the account addresses are verified by the financial terminal.
CN201811315195.3A 2018-11-06 2018-11-06 KYC data sharing system with confidentiality and method thereof Active CN111147432B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811315195.3A CN111147432B (en) 2018-11-06 2018-11-06 KYC data sharing system with confidentiality and method thereof

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811315195.3A CN111147432B (en) 2018-11-06 2018-11-06 KYC data sharing system with confidentiality and method thereof

Publications (2)

Publication Number Publication Date
CN111147432A true CN111147432A (en) 2020-05-12
CN111147432B CN111147432B (en) 2021-10-26

Family

ID=70516447

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811315195.3A Active CN111147432B (en) 2018-11-06 2018-11-06 KYC data sharing system with confidentiality and method thereof

Country Status (1)

Country Link
CN (1) CN111147432B (en)

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111626735A (en) * 2020-05-28 2020-09-04 上海逐鲨智能科技有限公司 Data interaction system, method and module
CN111770201A (en) * 2020-08-31 2020-10-13 支付宝(杭州)信息技术有限公司 Data verification method, device and equipment
CN111770112A (en) * 2020-08-31 2020-10-13 支付宝(杭州)信息技术有限公司 Information sharing method, device and equipment
CN112700852A (en) * 2021-01-07 2021-04-23 福州数据技术研究院有限公司 Method for issuing and managing medical data assets based on block chain intelligent contracts and storage device
CN112784307A (en) * 2021-02-04 2021-05-11 南京区盟链信息科技有限公司 KYC compliance supervision method based on block chain
CN112861085A (en) * 2021-02-18 2021-05-28 北京通付盾人工智能技术有限公司 KYC security service system and method
CN113743914A (en) * 2020-05-27 2021-12-03 北京金山云网络技术有限公司 Client identity authentication method, device, equipment and storage medium
EP3961457A1 (en) * 2020-08-31 2022-03-02 Alipay (Hangzhou) Information Technology Co., Ltd. Data check methods, apparatuses, and devices

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20170286717A1 (en) * 2016-04-05 2017-10-05 Vchain Technology Limited Method and system for managing personal information within independent computer systems and digital networks
CN108200028A (en) * 2017-12-27 2018-06-22 飞天诚信科技股份有限公司 A kind of block chain obtains safely the method and system of server trust data
TWI629658B (en) * 2017-05-08 2018-07-11 富邦金融控股股份有限公司 Know your customer (kyc) data sharing system based on smart contract on blockchain and method thereof
US20180248880A1 (en) * 2017-02-24 2018-08-30 Verizon Patent And Licensing Inc. Permissions using blockchain
TWI636415B (en) * 2017-08-22 2018-09-21 台新金融控股股份有限公司 Decentralization know your customer (kyc) system based on blockchain smart contract and method thereof
CN108632284A (en) * 2018-05-10 2018-10-09 网易(杭州)网络有限公司 User data authorization method, medium, device and computing device based on block chain

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20170286717A1 (en) * 2016-04-05 2017-10-05 Vchain Technology Limited Method and system for managing personal information within independent computer systems and digital networks
US20180248880A1 (en) * 2017-02-24 2018-08-30 Verizon Patent And Licensing Inc. Permissions using blockchain
TWI629658B (en) * 2017-05-08 2018-07-11 富邦金融控股股份有限公司 Know your customer (kyc) data sharing system based on smart contract on blockchain and method thereof
TWI636415B (en) * 2017-08-22 2018-09-21 台新金融控股股份有限公司 Decentralization know your customer (kyc) system based on blockchain smart contract and method thereof
CN108200028A (en) * 2017-12-27 2018-06-22 飞天诚信科技股份有限公司 A kind of block chain obtains safely the method and system of server trust data
CN108632284A (en) * 2018-05-10 2018-10-09 网易(杭州)网络有限公司 User data authorization method, medium, device and computing device based on block chain

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113743914A (en) * 2020-05-27 2021-12-03 北京金山云网络技术有限公司 Client identity authentication method, device, equipment and storage medium
CN111626735A (en) * 2020-05-28 2020-09-04 上海逐鲨智能科技有限公司 Data interaction system, method and module
CN111770201A (en) * 2020-08-31 2020-10-13 支付宝(杭州)信息技术有限公司 Data verification method, device and equipment
CN111770112A (en) * 2020-08-31 2020-10-13 支付宝(杭州)信息技术有限公司 Information sharing method, device and equipment
US11233655B2 (en) 2020-08-31 2022-01-25 Alipay (Hangzhou) Information Technology Co., Ltd. Data verification methods, apparatuses, and devices
EP3961457A1 (en) * 2020-08-31 2022-03-02 Alipay (Hangzhou) Information Technology Co., Ltd. Data check methods, apparatuses, and devices
US11270029B2 (en) 2020-08-31 2022-03-08 Alipay (Hangzhou) Information Technology Co., Ltd. Data check methods, apparatuses, and devices
US11310244B2 (en) 2020-08-31 2022-04-19 Alipay (Hangzhou) Information Technology Co., Ltd. Information sharing methods, apparatuses, and devices
CN112700852A (en) * 2021-01-07 2021-04-23 福州数据技术研究院有限公司 Method for issuing and managing medical data assets based on block chain intelligent contracts and storage device
CN112784307A (en) * 2021-02-04 2021-05-11 南京区盟链信息科技有限公司 KYC compliance supervision method based on block chain
CN112861085A (en) * 2021-02-18 2021-05-28 北京通付盾人工智能技术有限公司 KYC security service system and method

Also Published As

Publication number Publication date
CN111147432B (en) 2021-10-26

Similar Documents

Publication Publication Date Title
CN111147432B (en) KYC data sharing system with confidentiality and method thereof
CN109862041B (en) Digital identity authentication method, equipment, device, system and storage medium
CN109951489B (en) Digital identity authentication method, equipment, device, system and storage medium
EP3665857B1 (en) Blockchain architecture with record security
US20210004454A1 (en) Proof of affinity to a secure event for frictionless credential management
CN110535833B (en) Data sharing control method based on block chain
EP3701668B1 (en) Methods for recording and sharing a digital identity of a user using distributed ledgers
CN117579281A (en) Method and system for ownership verification using blockchain
US8495383B2 (en) Method for the secure storing of program state data in an electronic device
CN108768933B (en) Autonomous supervision digital identity authentication system on block chain platform
US11831753B2 (en) Secure distributed key management system
CN108965228B (en) Dispute relief system with KYC data mark of multiple keys and method thereof
TWI644556B (en) Know your customer (kyc) data sharing system with privacy and method thereof
CN110599270B (en) Electronic bill generation method and device and computer equipment
TW201843635A (en) Know your customer (kyc) data sharing system based on smart contract on blockchain and method thereof
CN104484628B (en) It is a kind of that there is the multi-application smart card of encrypting and decrypting
CN113015991A (en) Secure digital wallet processing system
US20100031045A1 (en) Methods and system and computer medium for loading a set of keys
CN109951294B (en) Information updating management method in electronic label system and related equipment
CN111079190A (en) Block chain supply chain transaction hiding dynamic supervision system and method
TW201907346A (en) System for issuing and verifying certificates based on blockchain and method thereof
CN113706261A (en) Block chain-based power transaction method, device and system
CN110610416A (en) KYC data sharing system and method based on block chain intelligent contract
TWM585941U (en) Account data processing system
CN116992470B (en) Collaborative authorization protocol signing method, device, computer equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
REG Reference to a national code

Ref country code: HK

Ref legal event code: DE

Ref document number: 40018348

Country of ref document: HK

GR01 Patent grant
GR01 Patent grant