CN112037054B - Method and computer readable medium for hiding user's asset line in a decentralized identity system - Google Patents

Method and computer readable medium for hiding user's asset line in a decentralized identity system Download PDF

Info

Publication number
CN112037054B
CN112037054B CN202010709256.5A CN202010709256A CN112037054B CN 112037054 B CN112037054 B CN 112037054B CN 202010709256 A CN202010709256 A CN 202010709256A CN 112037054 B CN112037054 B CN 112037054B
Authority
CN
China
Prior art keywords
identity
holder
verifiable certificate
verifiable
verification
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010709256.5A
Other languages
Chinese (zh)
Other versions
CN112037054A (en
Inventor
杜晓楠
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Priority to CN202010709256.5A priority Critical patent/CN112037054B/en
Publication of CN112037054A publication Critical patent/CN112037054A/en
Priority to PCT/CN2021/073096 priority patent/WO2022016842A1/en
Application granted granted Critical
Publication of CN112037054B publication Critical patent/CN112037054B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • G06Q40/04Trading; Exchange, e.g. stocks, commodities, derivatives or currency exchange
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2107File encryption

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Business, Economics & Management (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Health & Medical Sciences (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Finance (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Accounting & Taxation (AREA)
  • Marketing (AREA)
  • Development Economics (AREA)
  • Medical Informatics (AREA)
  • Databases & Information Systems (AREA)
  • Economics (AREA)
  • General Business, Economics & Management (AREA)
  • Strategic Management (AREA)
  • Technology Law (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Storage Device Security (AREA)

Abstract

The invention relates to a method for hiding a user's asset line in a decentralized identity system. The verifiable certificate authority registers with the identity registration authority based on its own key. The identity holder registers with the verifiable certificate authority based on its own key and registration information. The identity holder obtains a verifiable certificate from the verifiable certificate authority based on the requirements of the verification certificate authority, the verifiable certificate including an encrypted asset line. The identity holder signs the verifiable certificate with the holder private key and submits to the verification certificate authority. The validation certificate authority validates the verifiable certificate. The invention also relates to a computer-readable storage medium. The invention can screen the user with the asset value meeting a certain condition without revealing the specific asset value of the user, thus hiding the asset value of the user in the process of verifying the asset value of the user, and ensuring the privacy of the user.

Description

Method and computer readable medium for hiding user's asset line in a decentralized identity system
Technical Field
The present invention relates to the field of blockchains, and more particularly, to a method and computer readable medium for hiding a user's asset line in an off-center avatar system.
Background
Traditional digital authentication is centralized, such as domain name and IP address assignment managed by the internet name and digital address assignment authority (The Internet Corporation for Assigned Names and Numbers, ICANN), and digital certificates managed by certificate authority (Certificate Authority, CA) in public key infrastructure (Public Key Infrastructure, PKI) systems. The nature of the centralized identity system is that the centralized authority holds the identity data, as authentication, authorization, etc. around the data is also determined by the centralized authority. The identity is not controlled by the user himself.
To address this problem, many websites have joined themselves to push out federated identities (this concept was first proposed by microsoft 1999). Under the alliance identity system, the online identity of the user has certain portability. The registration of a plurality of websites can support third party login, such as WeChat, QQ, new wave microblog and the like.
The decentralization of identity systems is still a major trend, and the well-known international organizations w3c and dif also put forward the decentralization identity system standards. In a de-centralized system, a user typically needs to verify his or her asset line when performing certain business operations. However, the user's asset line is very private data, and its transfer may lead to a compromise in user privacy, providing a valuable opportunity for hackers.
Disclosure of Invention
The present invention is directed to solving the above-mentioned drawbacks of the prior art, and provides a method and a computer-readable medium for hiding a user's asset line in a decentralized identity system, which can hide the user's asset line during the verification of the user's asset line, thereby ensuring user privacy and improving transaction security.
The technical scheme adopted by the invention for solving the technical problems is that a method for hiding the asset limit of a user in a decentralised identity system is constructed, comprising the following steps:
s1, a verifiable certificate issuing mechanism registers with an identity registration mechanism based on a self secret key;
s2, the identity holder registers with the verifiable certificate authority based on the self secret key and registration information;
s3, the identity holder acquires a verifiable certificate from the verifiable certificate issuing mechanism based on the requirement of the verification certificate mechanism, wherein the verifiable certificate comprises an encrypted asset line;
s4, the identity holder signs the verifiable certificate by adopting the holder private key and submits the signed verifiable certificate to the verification certificate mechanism;
s5, the verification certificate authority verifies the verifiable certificate.
In the method for hiding the asset line of the user in the decentralized identity system according to the present invention, the step S1 further includes:
s11, the verifiable certificate issuing institution generates an institution private key and generates an institution public key based on the institution private key;
s12, the verifiable certificate issuing mechanism generates a registration request, signs the registration request by adopting the private key of the mechanism, and sends the signed registration request to the identity registration mechanism;
s13, the identity registration mechanism verifies the signature registration request, and generates an off-center identity identifier and an off-center identity identifier document of the verifiable certificate authority after verification is passed.
In the method for hiding the asset line of the user in the decentralized identity system according to the present invention, the step S2 further includes:
s21, the identity holder generates a holder private key and generates a holder public key based on the holder private key;
s22, submitting a registration request to the verifiable certificate issuing organization by the identity holder, signing the registration request by adopting the private key of the holder, and sending the signed registration request to the verifiable certificate issuing organization;
s23, the verifiable certificate issuing institution verifies and signs the signature registration request, verifies the registration information of the identity holder after the verification is passed, and continues to send a verification request to the identity registration institution after the verification is passed, wherein the verification request comprises the holder public key;
s24, the identity registration mechanism generates an decentralised identity identifier and a decentralised identity identifier Fu Wendang of the identity holder according to the holder public key, and returns the decentralised identity identifier and the decentralised identity identifier Fu Wendang to the verifiable certificate issuing mechanism;
s25, the verifiable certificate authority returns the decentralised identity identifier and the decentralised identity identifier document of the identity holder to the identity holder.
In the method for hiding the user' S asset line in the decentralized identity system according to the present invention, in the step S21, the identity holder selects a random scalar on the elliptic curve as the holder key, and multiplies the holder key by the base point on the elliptic curve to obtain the holder public key.
In the method for hiding the asset line of the user in the decentralized identity system according to the present invention, the step S3 further includes:
s31, the identity holder sends a service start request to the verification certificate authority, wherein the service start request comprises the decentralised identity identifier, the decentralised identity identifier document and a signature of the identity holder on the service start request;
s32, the verification certificate authority returns verifiable certificate information based on the request, wherein the verifiable certificate information comprises a requirement for providing an asset line;
s33, the identity holder sends a property inquiry request to the verifiable certificate authority, wherein the property inquiry request comprises the decentralised identity identifier of the identity holder, an asset amount inquiry and a signature of the identity holder on a certificate issuance request;
s34, the verifiable certificate issuing mechanism requests the public key of the holder based on the decentralised identity identifier, verifies the signature of the certificate issuing request of the identity holder, and returns an asset limit to the identity holder based on a verification result;
s35, the identity holder encrypts the asset line by using the holder private key, submits the encrypted asset line to the verifiable certificate issuing mechanism and requests the verifiable certificate issuing mechanism to issue a verifiable certificate for the encrypted asset line;
s36, the verifiable certificate issuing mechanism compares the encrypted asset line with the asset line of the identity holder and issues the verifiable certificate to the identity holder based on a comparison result.
In the method of hiding a user' S asset line in a de-centralized identity system of the present invention, in the step S35, the identity holder generates a peterson commitment to the asset line using the holder private key and submits the peterson commitment to the verifiable certificate authority and asks the verifiable certificate authority to issue a verifiable certificate for the peterson commitment.
In the method for hiding the asset line of the user in the decentralized identity system according to the present invention, in the step S3, the verifiable certificate includes: an off-center avatar identifier of the identity holder, an off-center avatar identifier of the verifiable certificate authority that issued the verifiable certificate, a signature of the verifiable certificate by the identity holder, a signature of the verifiable certificate by the verifiable certificate authority, an encrypted asset line, a range proof of the encrypted asset line.
In the method for hiding the asset line of the user in the decentralized identity system according to the present invention, the step S5 further includes:
s51, the verification certificate authority requests the public key of the authority from the identity registration authority according to the decentralised identity identifier of the verifiable certificate authority, and verifies the signature of the verifiable certificate by the verifiable certificate authority by using the public key of the authority so as to obtain a first verification result;
s52, the verification certificate authority requests the identity registration authority for the holder public key according to the decentralised identity identifier of the identity holder, and verifies the signature of the identity holder on the verifiable certificate by using the holder public key to obtain a second verification result;
and S53, judging whether the verification is passed or not based on the first verification result, the second verification result and the verification result of the content to be verified.
Another technical solution adopted by the present invention to solve the technical problem is to construct a computer readable storage medium, on which a computer program is stored, which when executed by a processor implements the method for hiding the user's asset line in the decentralized identity system.
The method and the computer readable storage medium for hiding the asset line of the user in the decentralization identity system can screen the identity holder (namely the user) with the asset line meeting a certain condition without revealing the specific asset amount of the user, so that the asset line of the user is hidden in the process of verifying the asset line of the user, thereby ensuring the privacy of the user and improving the safety of transactions. Further, the iris or fingerprint of the user can be entered to generate as a random seed to generate the identity holder private key, thereby enabling the identity holder to use the identity information and use the asset on the blockchain without contact while using the identity information. Furthermore, the invention also definitely defines the registration process and the verification process of the identity holder and the verifiable certificate authority, thereby providing a safe and effective method for constructing the decentralized blockchain identity.
Drawings
The invention will be further described with reference to the accompanying drawings and examples, in which:
FIG. 1 is a flow chart of a first preferred embodiment of a method of hiding a user's asset line in an off-center identity system of the present invention;
FIG. 2 is a schematic diagram of a registration flow of a verifiable certificate authority of a second preferred embodiment of a method of hiding a user's asset line in a de-centralized identity system of the present invention;
FIG. 3 is a schematic diagram of a registration process of an identity holder of a second preferred embodiment of a method of hiding a user's asset line in a decentralized identity system according to the present invention;
FIG. 4 is a schematic diagram of a flow of verification of verifiable certificates in accordance with a second preferred embodiment of a method of hiding a user's asset line in a de-centralized identity system of the present invention.
Detailed Description
The present invention will be described in further detail with reference to the drawings and examples, in order to make the objects, technical solutions and advantages of the present invention more apparent. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the invention.
The invention relates to a method for hiding the asset limit of a user in an off-center avatar system. The verifiable certificate authority registers with the identity registration authority based on its own key. The identity holder registers with the verifiable certificate authority based on its own key and registration information. The identity holder obtains a verifiable certificate from the verifiable certificate authority based on the requirements of the verification certificate authority, the verifiable certificate including an encrypted asset line. The identity holder signs the verifiable certificate with the holder private key and submits to the verification certificate authority. The validation certificate authority validates the verifiable certificate. Therefore, identity owners (i.e. users) with the asset value meeting a certain condition can be screened out without revealing the specific asset value of the users, and the asset value of the users is hidden in the asset value verification process of the users, so that the privacy of the users is ensured, and the transaction safety is improved.
FIG. 1 is a flow chart of a first preferred embodiment of a method of hiding a user's asset line in an off-center identity system of the present invention. As shown in fig. 1, in step S1, a verifiable certificate authority registers with an identity registration authority based on its own key, so that it can qualify for issuing a verifiable certificate. For example, the verifiable certificate authority generates an authority private key and generates an authority public key based on the authority private key. For example, an elliptic curve key hierarchy may be used to obtain the private and public agency keys. Of course, any key generation algorithm known in the art may be employed. The verifiable certificate authority generates a registration request, signs the registration request with the authority private key, and sends the signed registration request to the identity registration authority. The identity registration authority verifies the signed registration request and generates an off-center identity identifier and an off-center identity identifier document of the verifiable certificate authority after verification passes.
In step S2, the identity holder registers with the verifiable certificate authority based on its own key and registration information. In a preferred embodiment of the invention, the identity holder generates a holder private key and generates a holder public key based on the holder private key. For example, scanning the iris of the identity holder to generate an iris code; hashing the iris code, and generating the holder private key by using the obtained hash value as a random seed; the holder public key is then generated based on the holder private key. It is known to those skilled in the art that the iris code may be generated using any iris collector known in the art. For the obtained iris code, a hash function may be used to calculate it, thereby obtaining a string with a unique fixed length, and generating the holder private key as a random seed. Any known method may be used herein to generate the holder private key. The holder public key may be generated using any known method. In a preferred embodiment of the invention, the identity holder selects a random scalar over an elliptic curve as the holder key and multiplies the holder key by a base point on the elliptic curve to obtain the holder public key. The holder public key may be obtained, for example, using an elliptic curve key system, e.g. r=r×g. Where G represents the private key public key conversion factor in the elliptic curve algorithm. The holder public key R can thus be derived from the holder private key R, but cannot be derived from the holder public key R and is therefore irreversible. For another example, at least one fingerprint of the identity holder may be scanned to generate a fingerprint code; hashing the fingerprint code, and generating the holder private key by using the obtained hash value as a random seed; the holder public key is then generated based on the holder private key. For another example, a plurality of fingerprints of the identity holder may be scanned to generate a plurality of fingerprint codes; hashing each fingerprint code, and generating a plurality of holder private keys by using each obtained hash value subsection as a random seed; a plurality of said holder public keys are then generated based on each of said holder private keys.
Subsequently, the identity holder submits a registration request to the verifiable certificate authority, signs the registration request with the holder private key, and sends a signed registration request to the verifiable certificate authority. The verifiable certificate issuing mechanism verifies and signs the signature registration request, verifies the registration information of the identity holder after the verification is passed, and continues to send a verification request to the identity registration mechanism after the verification is passed, wherein the verification request comprises the holder public key. The registration information may be some attribute of the identity holder, for example: age, asset amount, physical health, etc.
The identity registration authority generates an off-centered identity identifier and an off-centered identity identifier Fu Wendang of the identity holder from the holder public key and returns them to the verifiable certificate authority for the verifiable certificate authority's request. The verifiable certificate authority then returns the identity holder's decentralised identity identifier and a decentralised identity identifier document to the identity holder.
In the step S3, the identity holder obtains a verifiable certificate from the verifiable certificate authority based on the requirements of the verification certificate authority, the verifiable certificate including the encrypted asset line. In a preferred embodiment of the invention, the identity holder sends a service initiation request to the authentication certificate authority, the service initiation request comprising the de-centralized identity identifier, the de-centralized identity identifier document, and a signature of the service initiation request by the identity holder. The validation certificate authority returns verifiable certificate information based on the request, the verifiable certificate information including a requirement to provide an asset line. The identity holder then sends a property inquiry request to the verifiable certificate authority, the property inquiry request including the decentralised identity identifier of the identity holder, a query for a value unit of an asset, and a signature of the identity holder's request for issuance of a certificate. The verifiable certificate authority requests the holder public key based on the decentralised identity identifier, verifies the signature of the certificate authority request by the identity holder, and returns an asset line to the identity holder based on the verification result. The identity holder encrypts the asset line using the holder private key and submits the encrypted asset line to the verifiable certificate authority and asks the verifiable certificate authority to issue a verifiable certificate for the encrypted asset line. The verifiable certificate issuing authority compares the encrypted asset line with the asset line of the identity holder, and if the result is equal, issues the verifiable certificate to the identity holder. If not, the verifiable certificate is not issued to the identity holder. Preferably, the verifiable certificate includes: an off-center avatar identifier of the identity holder, an off-center avatar identifier of the verifiable certificate authority that issued the verifiable certificate, a signature of the verifiable certificate by the identity holder, a signature of the verifiable certificate by the verifiable certificate authority, an encrypted asset line, a range proof of the encrypted asset line. In a preferred embodiment of the invention, the identity holder generates a peterson commitment to the asset line using the holder private key and submits the peterson commitment to the verifiable certificate authority and asks the verifiable certificate authority to issue a verifiable certificate for the peterson commitment.
In step S4, the identity holder signs the verifiable certificate with the holder private key and submits to the verification certificate authority.
In step S5, the authentication certificate authority authenticates the authenticatable certificate. Preferably, the verification certificate authority requests the public key of the authority from the identity registration authority according to the decentralised identity identifier of the verifiable certificate authority, verifies the signature of the verifiable certificate by the verifiable certificate authority by using the public key of the authority, and if the verification is passed, performs the next verification. The authentication certificate authority requests the identity registration authority for the holder public key according to the decentralised identity identifier of the identity holder, and uses the holder public key to authenticate the signature of the identity holder on the authenticatable certificate, and if authentication is passed, the authentication is completely passed. Of course, in a further embodiment of the present invention, further content verification may be performed on other content included in the VC, where the content verification may be verification of information related to, for example, age, gender, etc., and if the content verification is satisfactory, the verification is passed, and if the content verification is not passed.
By implementing the method for hiding the asset line of the user in the decentralization identity system, the identity holder (namely the user) with the asset line meeting a certain condition can be screened out without revealing the specific asset amount of the user, so that the asset line of the user is hidden in the process of verifying the asset line of the user, the privacy of the user is ensured, and the safety of the transaction is improved. Further, the iris or fingerprint of the user can be entered to generate as a random seed to generate the identity holder private key, thereby enabling the identity holder to use the identity information and use the asset on the blockchain without contact while using the identity information. Furthermore, the invention also definitely defines the registration process and the verification process of the identity holder and the verifiable certificate authority, thereby providing a safe and effective method for constructing the decentralized blockchain identity. Still further, the invention can also be used for comparing the asset line of a plurality of users to conduct the service related to the asset ranking.
FIG. 2 is a schematic diagram of a registration flow of a verifiable certificate authority of a second preferred embodiment of a method of hiding a user's asset line in a de-centralized identity system of the present invention. FIG. 3 is a schematic diagram of a registration process of an identity holder of a second preferred embodiment of a method of hiding a user's asset line in a decentralized identity system according to the present invention. FIG. 4 is a schematic diagram of a flow of verification of verifiable certificates in accordance with a second preferred embodiment of a method of hiding a user's asset line in a de-centralized identity system of the present invention.
The second preferred embodiment of the present invention is described below in connection with fig. 2-4. The terms used in the present invention are explained first as follows:
decentralised identity identifier (Decentralized Identifier, DID for short)
A string of character strings which act like URLs can be standard compliant with standards established by standards organizations such as w3c or dif, and can also be standard compliant with standards established by multiple alliance organizations. The DID records an identity identifier unique within multiple federation authorities, as well as the protocol required to find the DID. The plurality of federation authorities may locate an entity storing detailed information of the DID according to the DID and request the detailed information of the DID, including a public key, etc., from the entity.
Decentralised avatar identifier document (Decentralized Identifier Document, DID document for short)
The DID document stores detailed information of the DID, including: the public key of the DID, the DID signature type, the DID authentication type, the service type supported by the DID, and the URL supporting the DID service, etc.
Private Key (Secret Key, SK for short)
The key used for signing the information interacted between the entities of the invention before sending the information, the authenticity of the identity of the entity is proved, and the privacy of the key is invisible
Public Key (Public Key, PK for short)
Keys for verifying messages interacted between entities, the keys being public
Elliptic Curve (eliptic Curve)
The asymmetric encryption algorithm based on discrete logarithm problem satisfies the multiplication switching law, the multiplication combining law, the addition switching law and the addition combining law. Selecting a general base point G on an elliptic curve, selecting a random scalar (scaler) on the elliptic curve as an encrypted private key, and generating a corresponding public key by elliptic curve multiplication with the base point G
Hash function
Hash functions for irreversibly hashing scalar or base points on elliptic curves
Peterson commitment (peterson Commit)
The peterson promise is an algorithm for homomorphic encryption of numbers, wherein the encrypted numbers can retain the original characteristics of the numbers, for example, the two encrypted numbers can be compared with each other in size and can be compared with the unencrypted numbers in size
Range demonstration (Range Proof)
The asset amount after encryption is proved to be within a certain range, for example: higher than 5w elements. Typical scope proving algorithms are Borromean Signature and bulletprofs.
Identity holder (Identifier Holder, IH for short)
The person with unique identity needs to generate his own SK and PK by entering iris or fingerprint
Verifiable certificate (Verifiable Credentials VC for short)
The certificate can be verified, and the certificate comprises a mechanism for issuing the certificate, information required to be verified, a signature of the issuing mechanism on the certificate and the like
Certificate issuing authority (ISSUER, IS for short) capable of verifying certificate
Trusted authority entitled to issue VC, the authority having the right to query the user's asset line
Verification certificate authority (Inspector Verifier, IV for short)
Mechanisms that require authentication of IHs, such as: human units, credit agencies, etc. IV can verify not only the identity of the IH, but also some property of the IH, for example: age, number of assets, physical condition, etc
Identity registration mechanism (Identifier Registry, IR for short)
The mechanism for registering identity maintains a database of DIDs of all entities in the present invention, such as a blockchain, a distributed ledger.
In the embodiment shown in fig. 2, IS first registers with IR to qualify for VC issuance, with the specific registration steps as follows:
(1) IS first generates an SK, and then regenerates the PK via SK
(2) IS signs the registration request through SK and submits the registration request to IR
(3) The IR verifies the registration request of the IS, and generates the DID of the IS after the verification IS passed, and the DID document.
In the embodiment shown in FIG. 3, IH registers with IS as follows:
(1) IH selects a random scalar on the elliptic curve as SK, and then multiplies the random scalar with a base point on the elliptic curve to obtain PK;
(2) the IH submits a registration request to the IS, the IS performs signature verification on the IH request, and verifies the registration information of the IH, wherein the verification comprises the identity card number, the age, the gender and the like of the IH;
(3) if the verification is passed, continuing to submit a verification request to the IR, wherein the verification request contains the public key of the IH;
(4) the IR generates a DID and a DID document aiming at the public key of the IH according to the request of the IS, and returns the DID and the DID document to the IS;
(5) the IS returns DID and DID documents to the IH.
In the embodiment shown in fig. 4 the IH uses VC to authenticate to the IV. The IH needs to perform a certain service, and the precondition for performing the service is that the IV needs to confirm that the IH qualifies for performing the service, in this embodiment, the asset amount, and other registration information (such as age or others) can be included. The method comprises the following specific steps of
(1) The IH sends a service start request to the IV, wherein the service start request comprises a DID (direct digital identifier) of the IH, a DID document and a signature of the IH on the service request; the IV returns verifiable certificate information, which is information requiring IH to submit VC, wherein the content of the VC comprises: the DID of IH, the DID of IS issued VC, the IH signature of VC, the IS signature of VC, the encrypted asset line and the scope proof of the encrypted asset line.
(2) IH queries IS about the asset's quota and submits a request to IS to query the asset quota.
(3) For IH requests to query the asset amount, IS requests the public key of IH from IR according to IH DID and verifies IH request signature. And verifies the request signature of the IH. If the verification is not passed, returning the asset line to the IH is refused, and if the verification is passed, returning the asset line to the IH.
(4) IH uses private key to generate Pederson Commit for its own asset line, submits to IS, and asks IS to issue certificate for the Pederson Commit.
(5) The IS compares the Pederson Commit of the IH with the IH's actual asset line, and if the two are equal, VC IS issued to the IH, otherwise VC will not be issued.
(6) IH submits VC to IV, IV authenticates VC, and the specific authentication process is as follows:
requesting an IS public key from the IR according to the DID of the IS in the VC; verifying the signature of the IS among the VCs using the public key of the IS; requesting a public key of the IH from the IR according to the DID of the IH in the VC; verifying a signature of the IH among the VCs using a public key of the IH; if the signatures of IS and IH pass verification, judging that the verification passes, otherwise, judging that the verification does not pass.
Further, other information (such as age, sex, etc. if included) in the VC may be further verified, and if the IS and IH signatures are both verified, and the other information IS verified, verification IS determined to be passed, otherwise, verification IS determined not to be passed.
Another technical solution adopted by the present invention to solve the technical problem is to construct a computer readable storage medium, on which a computer program is stored, which when executed by a processor implements the method for hiding the user's asset line in the decentralized identity system.
Thus, the present invention may be realized in hardware, software, or a combination of hardware and software. The invention may be implemented in a centralized fashion in at least one computer system or in a distributed fashion where different elements are spread across several interconnected computer systems. Any kind of computer system or other apparatus adapted for carrying out the methods of the invention is suited. The combination of hardware and software may be a general-purpose computer system with a computer program installed thereon, which, when executed, controls the computer system such that it carries out the methods of the present invention.
The present invention can also be realized by a computer program product, which comprises all the features enabling the implementation of the methods described herein, and which when installed in a computer system is able to carry out these methods. The computer program in this document refers to: any expression, in any programming language, code or notation, of a set of instructions intended to cause a system having an information processing capability to perform a particular function either directly or after either or both of the following: a) Conversion to other languages, codes or symbols; b) Reproduced in a different format.
While the invention has been described with reference to specific embodiments, it will be understood by those skilled in the art that various changes may be made and equivalents may be substituted without departing from the scope of the invention. In addition, many modifications may be made to adapt a particular situation or material to the teachings of the invention without departing from its scope. Therefore, it is intended that the invention not be limited to the particular embodiment disclosed, but that the invention will include all embodiments falling within the scope of the appended claims.
The foregoing description of the preferred embodiments of the invention is not intended to be limiting, but rather is intended to cover all modifications, equivalents, and alternatives falling within the spirit and principles of the invention.

Claims (6)

1. A method for hiding a user's asset line in a decentralized identity system, comprising the steps of:
s1, a verifiable certificate issuing mechanism registers with an identity registration mechanism based on a self secret key;
s2, the identity holder registers with the verifiable certificate authority based on the self secret key and registration information;
s3, the identity holder acquires a verifiable certificate from the verifiable certificate issuing mechanism based on the requirement of the verification certificate mechanism, wherein the verifiable certificate comprises an encrypted asset line;
s4, the identity holder signs the verifiable certificate by adopting a holder private key and submits the signed verifiable certificate to the verification certificate mechanism;
s5, the verification certificate authority verifies the verifiable certificate;
the step S3 further includes the steps of:
s31, the identity holder sends a service start request to the verification certificate authority, wherein the service start request comprises an off-center identity identifier, an off-center identity identifier document and a signature of the identity holder on the service start request;
s32, the verification certificate authority returns verifiable certificate information based on the request, wherein the verifiable certificate information comprises a requirement for providing an asset line;
s33, the identity holder sends a property inquiry request to the verifiable certificate authority, wherein the property inquiry request comprises the decentralised identity identifier of the identity holder, an asset amount inquiry and a signature of the identity holder on a certificate issuance request;
s34, the verifiable certificate issuing mechanism requests a holder public key based on the decentralised identity identifier, verifies the signature of the certificate issuing request of the identity holder, and returns an asset line to the identity holder based on a verification result;
s35, the identity holder encrypts the asset line by using the holder private key, submits the encrypted asset line to the verifiable certificate issuing mechanism and requests the verifiable certificate issuing mechanism to issue a verifiable certificate for the encrypted asset line;
s36, the verifiable certificate issuing mechanism compares the encrypted asset line with the asset line of the identity holder and issues the verifiable certificate to the identity holder based on a comparison result;
in the step S3, the verifiable certificate includes: an off-center avatar identifier of the identity holder, an off-center avatar identifier of the verifiable certificate authority that issued the verifiable certificate, a signature of the verifiable certificate by the identity holder, a signature of the verifiable certificate by the verifiable certificate authority, an encrypted asset amount, a range proof of the encrypted asset amount;
the step S5 further includes the steps of:
s51, the verification certificate authority requests the public key of the authority from the identity registration authority according to the decentralised identity identifier of the verifiable certificate authority, and verifies the signature of the verifiable certificate by the verifiable certificate authority by using the public key of the authority so as to obtain a first verification result;
s52, the verification certificate authority requests the identity registration authority for the holder public key according to the decentralised identity identifier of the identity holder, and verifies the signature of the identity holder on the verifiable certificate by using the holder public key to obtain a second verification result;
and S53, judging whether the verification is passed or not based on the first verification result, the second verification result and the verification result of the content to be verified.
2. The method for hiding a user' S asset line in an decentralized identity system according to claim 1, wherein said step S1 further comprises the steps of:
s11, the verifiable certificate issuing institution generates an institution private key and generates an institution public key based on the institution private key;
s12, the verifiable certificate issuing mechanism generates a registration request, signs the registration request by adopting the private key of the mechanism, and sends the signed registration request to the identity registration mechanism;
s13, the identity registration mechanism verifies the signature registration request, and generates an off-center identity identifier and an off-center identity identifier document of the verifiable certificate authority after verification is passed.
3. The method for hiding a user' S asset line in an decentralized identity system according to claim 1, wherein said step S2 further comprises the steps of:
s21, the identity holder generates the holder private key and generates the holder public key based on the holder private key;
s22, submitting a registration request to the verifiable certificate issuing organization by the identity holder, signing the registration request by adopting the private key of the holder, and sending the signed registration request to the verifiable certificate issuing organization;
s23, the verifiable certificate issuing institution verifies and signs the signature registration request, verifies the registration information of the identity holder after the verification is passed, and continues to send a verification request to the identity registration institution after the verification is passed, wherein the verification request comprises the holder public key;
s24, the identity registration mechanism generates an decentralised identity identifier and a decentralised identity identifier Fu Wendang of the identity holder according to the holder public key, and returns the decentralised identity identifier and the decentralised identity identifier Fu Wendang to the verifiable certificate issuing mechanism;
s25, the verifiable certificate authority returns the decentralised identity identifier and the decentralised identity identifier document of the identity holder to the identity holder.
4. A method of hiding a user' S asset line in a decentralized identity system according to claim 3, wherein in said step S21, said identity holder selects a random scalar over an elliptic curve as a holder key and multiplies said holder key by a base point on the elliptic curve to obtain said holder public key.
5. The method of claim 1, wherein in step S35, the identity holder generates a peterson commitment to the asset line using the holder private key and submits the peterson commitment to the verifiable certificate authority and asks the verifiable certificate authority to issue a verifiable certificate for the peterson commitment.
6. A computer readable storage medium, on which a computer program is stored, characterized in that the program, when being executed by a processor, implements a method of hiding a user's asset line in a de-centralized identity system as claimed in any one of claims 1-5.
CN202010709256.5A 2020-07-21 2020-07-21 Method and computer readable medium for hiding user's asset line in a decentralized identity system Active CN112037054B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN202010709256.5A CN112037054B (en) 2020-07-21 2020-07-21 Method and computer readable medium for hiding user's asset line in a decentralized identity system
PCT/CN2021/073096 WO2022016842A1 (en) 2020-07-21 2021-01-21 Method for concealing user information in decentralized identity system, and computer-readable medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010709256.5A CN112037054B (en) 2020-07-21 2020-07-21 Method and computer readable medium for hiding user's asset line in a decentralized identity system

Publications (2)

Publication Number Publication Date
CN112037054A CN112037054A (en) 2020-12-04
CN112037054B true CN112037054B (en) 2023-10-03

Family

ID=73581993

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010709256.5A Active CN112037054B (en) 2020-07-21 2020-07-21 Method and computer readable medium for hiding user's asset line in a decentralized identity system

Country Status (1)

Country Link
CN (1) CN112037054B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2022016842A1 (en) * 2020-07-21 2022-01-27 杜晓楠 Method for concealing user information in decentralized identity system, and computer-readable medium
CN114465734B (en) * 2022-04-11 2022-08-02 成方金融科技有限公司 Investor authentication method and storage medium

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105516119A (en) * 2015-12-03 2016-04-20 西北师范大学 Cross-domain identity authentication method based on proxy re-signature
CN107070667A (en) * 2017-06-07 2017-08-18 国民认证科技(北京)有限公司 Identity identifying method, user equipment and server
CN107370600A (en) * 2017-08-14 2017-11-21 华南理工大学 A kind of method for generating core identity digital certificate and identity side digital certificate
CN107493273A (en) * 2017-08-02 2017-12-19 深圳市易成自动驾驶技术有限公司 Identity identifying method, system and computer-readable recording medium
CN109992953A (en) * 2019-02-18 2019-07-09 深圳壹账通智能科技有限公司 Digital certificate on block chain signs and issues, verification method, equipment, system and medium
CN110598422A (en) * 2019-08-01 2019-12-20 浙江葫芦娃网络集团有限公司 Trusted identity authentication system and method based on mobile digital certificate
CN110930153A (en) * 2019-12-09 2020-03-27 趣派(海南)信息科技有限公司 Block chain privacy data management method and system based on hidden third-party account
CN111211910A (en) * 2019-12-30 2020-05-29 南京如般量子科技有限公司 Anti-quantum computation CA (certificate Authority) and certificate issuing system based on secret shared public key pool and issuing and verifying method thereof
CN111222879A (en) * 2019-12-31 2020-06-02 航天信息股份有限公司 Certificateless authentication method and certificateless authentication system suitable for alliance chain

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10819526B2 (en) * 2018-02-19 2020-10-27 Microsoft Technology Licensing, Llc Identity-based certificate authority system architecture

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105516119A (en) * 2015-12-03 2016-04-20 西北师范大学 Cross-domain identity authentication method based on proxy re-signature
CN107070667A (en) * 2017-06-07 2017-08-18 国民认证科技(北京)有限公司 Identity identifying method, user equipment and server
CN107493273A (en) * 2017-08-02 2017-12-19 深圳市易成自动驾驶技术有限公司 Identity identifying method, system and computer-readable recording medium
CN107370600A (en) * 2017-08-14 2017-11-21 华南理工大学 A kind of method for generating core identity digital certificate and identity side digital certificate
CN109992953A (en) * 2019-02-18 2019-07-09 深圳壹账通智能科技有限公司 Digital certificate on block chain signs and issues, verification method, equipment, system and medium
CN110598422A (en) * 2019-08-01 2019-12-20 浙江葫芦娃网络集团有限公司 Trusted identity authentication system and method based on mobile digital certificate
CN110930153A (en) * 2019-12-09 2020-03-27 趣派(海南)信息科技有限公司 Block chain privacy data management method and system based on hidden third-party account
CN111211910A (en) * 2019-12-30 2020-05-29 南京如般量子科技有限公司 Anti-quantum computation CA (certificate Authority) and certificate issuing system based on secret shared public key pool and issuing and verifying method thereof
CN111222879A (en) * 2019-12-31 2020-06-02 航天信息股份有限公司 Certificateless authentication method and certificateless authentication system suitable for alliance chain

Also Published As

Publication number Publication date
CN112037054A (en) 2020-12-04

Similar Documents

Publication Publication Date Title
CN112035883B (en) Method and computer readable medium for user credit scoring in a decentralized identity system
US11223614B2 (en) Single sign on with multiple authentication factors
US20200153824A1 (en) Multifactor privacy-enhanced remote identification using a rich credential
US6792531B2 (en) Method and system for revocation of certificates used to certify public key users
CN112035806B (en) Method and computer readable medium for generating distributed identities based on fingerprint recognition in blockchain
CN112035870B (en) Method and computer readable medium for hiding specific age of user in decentralised identity system
JP7083892B2 (en) Mobile authentication interoperability of digital certificates
CN109617692B (en) Anonymous login method and system based on block chain
WO2022016842A1 (en) Method for concealing user information in decentralized identity system, and computer-readable medium
CN111901106B (en) Method and computer readable medium for hiding true public key of user in decentralized identity system
KR102460299B1 (en) Anonymous credential authentication system and method thereof
CN112037054B (en) Method and computer readable medium for hiding user's asset line in a decentralized identity system
CN114666168B (en) Decentralized identity certificate verification method and device, and electronic equipment
KR20160085143A (en) Method for providing anonymous service and method for managing user information and system therefor
CN112035814B (en) Method and computer readable medium for generating distributed identities based on iris recognition in blockchain
CN112035813B (en) Method and computer readable medium for generating distributed identities based on fingerprint identification layering in blockchain
WO2021107755A1 (en) A system and method for digital identity data change between proof of possession to proof of identity
CN112332980B (en) Digital certificate signing and verifying method, equipment and storage medium
CN116506118A (en) Identity privacy protection method in PKI certificate transparentization service
CN110636498A (en) Identity authentication method and device of mobile terminal based on network electronic identity
JPH10285157A (en) Registration key duplex preventing device in authentication system
Mandal et al. Design of electronic payment system based on authenticated key exchange
WO2022111838A1 (en) Methods, devices and system related to a distributed ledger and user identity attribute
CN113992380B (en) Trusted employee certificate authentication method and system based on network mapping certificate
EP4220454A1 (en) Attribute information conversion device, attribute information conversion program, and attribute information conversion method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant