Detailed Description
The present application will be described in detail hereinafter with reference to the accompanying drawings in conjunction with embodiments. It should be noted that, in the case of no conflict, the embodiments and features in the embodiments may be combined with each other.
It should be noted that the terms "first," "second," and the like in the description and claims of the present application and the above figures are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order.
Example 1
The method embodiment provided in the first embodiment of the present application may be executed in a mobile terminal, a computer terminal or a similar computing device. Taking the example of running on a mobile terminal, fig. 1 is a block diagram of a hardware structure of a mobile terminal according to an embodiment of the present application, where, as shown in fig. 1, the mobile terminal may include one or more (only one is shown in fig. 1) processors 102 (the processors 102 may include, but are not limited to, a microprocessor MCU or a programmable logic device FPGA, etc.) and a memory 104 for storing data, and optionally, the mobile terminal may further include a transmission device 106 for a communication function and an input/output device 108. It will be appreciated by those skilled in the art that the structure shown in fig. 1 is merely illustrative and not limiting of the structure of the mobile terminal described above. For example, the mobile terminal may also include more or fewer components than shown in fig. 1, or have a different configuration than shown in fig. 1.
The memory 104 may be used to store software programs and modules of application software, such as program instructions/modules corresponding to the method of real-name registration in the embodiments of the present application, and the processor 102 executes the software programs and modules stored in the memory 104, thereby performing various functional applications and data processing, that is, implementing the method described above. Memory 104 may include high-speed random access memory, and may also include non-volatile memory, such as one or more magnetic storage devices, flash memory, or other non-volatile solid-state memory. In some examples, the memory 104 may further include memory remotely located relative to the processor 102, which may be connected to the mobile terminal via a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The transmission means 106 is arranged to receive or transmit data via a network. Specific examples of the network described above may include a wireless network provided by a communication provider of the mobile terminal. In one example, the transmission device 106 includes a network adapter (Network Interface Controller, NIC) that can connect to other network devices through a base station to communicate with the internet. In one example, the transmission device 106 may be a Radio Frequency (RF) module for communicating with the internet wirelessly.
In this embodiment, a method for real-name login running on the mobile terminal is provided, and fig. 2 is a flowchart of a method for real-name login according to an embodiment of the present application, as shown in fig. 2, where the flowchart includes the following steps:
step S202, a first signal for requesting to log in a third party application system through an application program is received by a first account, wherein the first signal carries a first digital identity public key of the first account;
step S204, a first identity certificate corresponding to the first digital identity public key is obtained;
step S206, obtaining the first real name information of the first account from the first identity credential, and sending a second signal to the application program, where the second signal includes: a first digital identity public key of the first account, first real name information of the first account, and a first signature of a first digital identity private key of the first account; and the second signal is transmitted by the application program to the third party application system for verification.
By adopting the scheme, before logging in different application systems, a user acquires the identity certificate corresponding to the digital identity public key, decrypts the identity certificate to acquire the real-name information, and subsequently logs in a third-party application system by using the real-name information, so that the efficiency of real-name authentication is accelerated, the intercommunication, mutual trust and mutual recognition of digital identities between each platform and each system are realized, and the problem that time and labor are wasted when logging in different systems in a real-name authentication mode in the related technology is solved.
Optionally, receiving a first signal for requesting login to the third party application system through the application program from the first account includes: the first signal is used for requesting to log in to the application program, and the application program triggers the request for logging in to the third party application system.
Optionally, before acquiring the first identity credential corresponding to the first digital identity public key, initiating login authorization verification on the first account, receiving first identity information input by the first account, and verifying whether the first identity information is matched with local identity information, where the local identity information is prestored identity information corresponding to the first digital identity public key.
Optionally, initiating login authorization verification on the first account, receiving first identity information input by the first account, and verifying whether the first identity information is matched with local identity information, including: acquiring a local identity card model corresponding to the first digital identity public key from a locally stored digital identity identification list, wherein the local identity information is stored in the local identity card model; initiating login authorization verification of the first account by using the local identity card model; receiving the first identity information input by the first account, and verifying whether the first identity information is matched with the local identity information, wherein the first identity information at least comprises one of the following information: face recognition information, iris information, fingerprint information and PIN information.
Optionally, after detecting that the first identity information is matched with the local identity information, the local identity identifier generates a first identity identifier login token of the first account, and submits the first digital identity public key and the first identity identifier login token to the digital identity identifier.
Optionally, obtaining a first identity credential corresponding to the first digital identity public key, including one of: when detecting that a local identity credential corresponding to the first digital identity public key is stored locally, taking the local identity credential as the first identity credential; and when detecting that the local identity credential corresponding to the first digital identity public key is not stored locally, acquiring the first identity credential corresponding to the first digital identity public key from a blockchain network, wherein the identity credentials of different accounts are stored in nodes in the blockchain network.
Optionally, when detecting that the local identity credential corresponding to the first digital identity public key is not stored locally, acquiring the first identity credential corresponding to the first digital identity public key from a blockchain network includes: transmitting the following request information to the blockchain network: a second signature of the first digital identity public key, the timestamp, and the first digital identity private key of the first account; and receiving a first identity credential corresponding to the first digital identity public key returned by the blockchain network. The signature algorithm of the second signature of the first digital identity private key of the first account may be any hash algorithm, preferably SM3, and the second signature is obtained by performing hash encryption on the timestamp with the first digital identity private key. The real-name information on which the identity credential is based can originate from a real-name authentication center, such as a bank, public security database, etc. in the related art.
Optionally, acquiring the first real-name information of the first account from the first identity credential includes: transmitting the first identity certificate to a digital identity identifier by the identity certificate identifier for decryption, and obtaining a plaintext of the first real-name information, wherein the first identity certificate is obtained by encrypting the plaintext of the first real-name information in advance; the digital identity identifier signs the first real-name information plaintext by using a first digital identity private key of the first account to obtain a first signature of the first digital identity private key of the first account, and encrypts the first real-name information plaintext by using a public key of the third party application system to form first real-name information; the identity certificate discriminator receives the signature and the first real-name information sent by the digital identity certificate discriminator.
Optionally, after sending the second signal to the application program, the application program sends the second signal to the third party application system, where the third party application system verifies the first digital identity public key in the second signal, and after verifying the first signature, decrypts the first real-name information by using the private key of the third party application system to obtain the plaintext of the first real-name information.
Optionally, the first identity credential stores the following information: hash value of first real-name information plaintext, memory address of first real-name information plaintext; or, the first identity certificate stores a ciphertext obtained by encrypting the plaintext of the first real-name information by adopting the first digital identity public key.
According to another embodiment of the present application, there is also provided a method for logging in a third party application system with a real name, including:
step one, a third party application system receives a second signal transmitted by an application program, wherein the second signal comprises: a first digital identity public key of a first account, first real name information of the first account, and a first signature of a first digital identity private key of the first account, wherein the first account is an account logged in the application program;
and secondly, verifying the first signature by adopting the first digital identity public key, and after the first signature passes the verification, logging in the third party application system by using real-name information of the first account.
By adopting the scheme, the third party application system receives the second signal transmitted by the application program, then verifies the information carried in the second signal, and after the information passes the verification, the third party application system is logged in by the real-name information, so that the problem of lower safety of the application program logging in the third party application system is solved, and the system safety is greatly improved through the verification of the first digital identity public key and the signature.
Optionally, and after passing the above verification, establishing a session with the application program using the first real name information, including: and decrypting the first real-name information by using the private key of the third-party application system to obtain a first real-name information plaintext, and establishing a session with the application program according to the first real-name information plaintext.
Optionally, before the third party application system receives the second signal transmitted by the application program, the third party application system registers to the blockchain network; the third party application system initiates a registration request signal to the application program for establishing connection with the application program, wherein the registration request signal comprises: and the login address of the third party application system and the public key of the third party application system. By adopting the scheme, the third party application system is registered in the blockchain network, the registration information can comprise organization information and the like of the application system, the third party application system is also registered in the application program, and the follow-up login to the third party application system through the application program is ensured.
Optionally, the third party application system registers with the blockchain network through a second block, including: the third party application system registers with a blockchain network, including: the third party application system transmits authentication data to the blockchain network, wherein the blockchain network generates a uplink certificate and uplink public after the authentication data passes authentication, and the uplink certificate comprises: the generation time of the certificate, the version number of the certificate, the encryption and decryption algorithm identification and the organization identity information. The uplink credential is an identity credential of the third party application system.
The following description is made in connection with another embodiment of the present application.
Fig. 3 is a schematic diagram of the overall structure of a real-name authentication system according to an embodiment of the present application, and as shown in fig. 3, a trusted identity authentication platform based on a blockchain adopts a blockchain and an asymmetric encryption technology to implement intercommunication, mutual trust and mutual recognition of digital identities between the platforms and systems. As shown in fig. 3, the blockchain-based trusted identity authentication platform includes: the system comprises a trusted identity component provided for an application program APP end, a trusted identity application component provided for a third party application system, a real-name authentication center, a blockchain trusted identity authentication card service and a blockchain network.
APP integrated trusted identity component (e.g. trusted identity SDK), functions include: digital identity generation management, digital identity transmission protocol, local identity authorization management, material authorization management, real-name authentication and digital identity storage backup. The digital identity generation management adopts an asymmetric encryption algorithm to generate a key pair during real-name authentication, for example, supports common asymmetric encryption algorithms such as SM2 and ECC, generates a digital identity file according to a specific file format, and safely stores the digital identity file in a client; the local identity authentication management comprises the steps of integrating local identity authentication means such as human face recognition, iris recognition, fingerprint recognition, local PIN code and the like, completing the binding of the digital identity of a user and the local identity authentication mode of the user, completing the authentication by adopting human body characteristics, and realizing the password login without an account number; material authorization management includes the updating, usage management and maintenance of the identity credentials of the user. The digital identity transmission protocol comprises interaction with a blockchain trusted identity authentication service, and real-name information authentication and updating maintenance are carried out; the identity authorization management comprises providing a digital identity local identity authentication card login interface, calling when the APP account module logs in, and carrying out digital identity login.
The third party application system comprises an application account management system, a real-name authentication and trusted identity application component. Wherein the trusted identity application component functions include: digital identity generation management, digital identity transmission protocol, application identity credential management, user identity credential generation. The trusted identity application component is an application package that provides a third party application system with access to a blockchain-based trusted identity authentication platform. Digital identity management, third-party application system identity credential management, digital identity and identity credential validity verification, real-name authentication function interface and user identity credential generation and release are provided for a third-party application system. The trusted identity application component encapsulates a standard blockchain network API interface, shields the blockchain technology from the third party application system, reduces the complexity of access of the third party application system, and enables the third party application system to be integrated quickly. The trusted identity application component interacts with the real-name authentication center to complete user real-name authentication, generates user identity credentials by the trusted identity application component and issues a uplink through the blockchain network API interface. Specifically, the trusted identity application component interacts with the blockchain trusted identity authentication service through a blockchain network API interface, performs uplink public on generated user identity credential information, and performs user identity information authentication through a blockchain network.
The real-name authentication center integrates an authentication source recognized in the industry and is used for providing real-name authentication service, and the real-name authentication channel aggregation comprises public security identity card authentication, public security face recognition authentication, bank card authentication, legal person authentication of industry and commerce and the like and provides user real-name authentication service for a third party application system. Industry-accepted, authoritative identity authentication sources are the basis for identity information sharing, mutual authentication and mutual trust.
The blockchain trusted identity authentication service is used for providing identity information authentication service for the APP and the third-party application system. The block chain trusted identity authentication card comprises trusted identity authentication card management and trusted identity block chain reading and writing, wherein a trusted identity component integrated by an application program and a trusted identity application component integrated by a third party application system both encapsulate standard block chain network API interfaces, and the trusted identity component integrated by the application program and the trusted identity application component integrated by the third party application system can access a block chain network through a block chain trusted identity authentication card service, wherein the third party application system uploads a user identity credential to the block chain network through the block chain trusted identity authentication card service or acquires the user identity credential from the block chain network; the application program obtains the user identity credential or the third party application identity credential from the blockchain network through the blockchain trusted identity authentication service.
The blockchain network creates a voucher ledger for storing and disclosing identity vouchers. The blockchain network only receives the read-write chain request of the blockchain trusted identity card service, and controls the blockchain data security sharing application through the blockchain trusted identity card service.
The scheme of the embodiment relates to a blockchain technology and an asymmetric encryption technology (supporting common encryption algorithms such as SM2 and ECC), wherein the asymmetric encryption technology generates a public key pair, the public key and the private key generate a digital identity file according to a special format, and the public key is used as a unified identifier of a user account; and the public key is bound with the user real-name information during real-name authentication, and the real-name identity information is displayed and shared in a uplink manner.
The trusted identity authentication system based on the blockchain platform adopts a digital identity and real-name identity credential mode, digital identity information (a special file formed by a public-private key pair) is safely stored in a client, and can be safely backed up and restored at a remote end (such as a server, a cloud disk and the like) according to user wish; the real-name identity certificate is published in the blockchain network and is used for real-name information sharing and identity verification. Wherein, real name identity voucher includes: the real-name information is encrypted by a digital identity public key of a user, the user digital identity public key information, authentication mode information, a user identity authentication system public key, a user identity authentication system signature and the like; alternatively, the real name identity credential includes: the method comprises the steps of real name information hash, real name information storage address, user digital identity public key information, authentication mode information, user identity authentication system public key, user identity authentication system signature and the like. The authentication mode information comprises, but is not limited to, a public security identity authentication mode, a public security face recognition authentication mode, a bank card authentication mode, an industrial and commercial legal authentication mode and the like; the public key of the user identity authentication system is a public key of a third party application system which authenticates the user real name information and issues user identity credentials; the signature of the user identity authentication system is signature information obtained by carrying out hash encryption on other information except the user digital identity public key information and the user identity authentication system public key in the real-name identity certificate by using a private key of a third party application system which authenticates the user real-name information and issues the user identity certificate.
Optionally, the storage scheme of the user identity credential JSON mode is as follows: the user real-name information is stored in the real-name identity certificate in an encrypted mode through the user digital identity public key for sharing.
Or, the identity certificate of the user stores a scheme II in a JSON mode: the identity credentials store the HASH value of the user real-name information and the address of the user real-name information storage, the client application program obtains the real-name information through a safety means, and the third party application system verifies the user real-name information through the real-name identity credentials.
In the embodiment, the aim of mutually identifying the identity information among the platforms is achieved, and the mutually identifying is firstly a real-name authentication source to be approved by a person, and public security identity card authentication, public security face recognition authentication, bank card authentication, legal person authentication of an industrial and commercial person and the like provided by a real-name authentication center are all authoritative and credible authentication sources, so that the authoritativeness and credibility of the identity data are ensured. Secondly, identity information is shared and stored through effective public key encryption and a blockchain distribution technology, and the security of sharing of the identity information is ensured by utilizing the tamper-proof characteristic of the blockchain.
FIG. 4 is a schematic diagram of cross-platform sharing of sub-name information according to another embodiment of the present application, as shown in FIG. 4, the trusted identity authentication platform binds each application account with the user real-name information through the user digital identity (special format file formed by public and private keys) by the cryptography technology and the real-name authentication technology, the real-name identity information is encrypted by the digital identity public key, and the real-name identity information is shared through the blockchain distributed database feature; the digital identity file is stored by the user independently, and the user can share the real-name information of the user by importing the digital identity into different terminals such as APP application programs and the like.
FIG. 5 is a flow chart of digital identity initialization and real-time identity information sharing of a trusted identity authentication platform according to another example of the present application, as shown in FIG. 5, comprising the steps of:
step 1, a user opens an APP, triggers a login function of an APP account module, realizes login of a first account to an APP, wherein the login process can be an APP account login process in the related art, and the following process is realized by a trusted identity component integrated with the APP;
step 2, triggering a local digital identity login API provided by a trusted identity component by an APP (application program) to support a first account digital identity (digital identity public key) login mode;
step 3, after receiving the application program login request, the local identity identifier obtains the last login digital identity information from the bound identity list or obtains the digital identity information logged in according to the APP request, and obtains a local identity identifier model supported by the digital identity information from the local digital identity identifier list;
step 4, initializing an identity card model according to the local identity card model, and displaying the identity card model to a first account for authorized login;
step 5, the first account completes login authorization through the living face, the iris, the fingerprint, the PIN code and the like;
And 6, after the authorization of the first account is completed, the local identity identifier generates a first identity identifier login token, and the local identity identifier submits a first digital identity public key and the first identity identifier login token to the digital identity identifier to initialize the digital identity. The digital identity identifier is used for verifying the first digital identity public key, initializing the digital identity and providing the digital identity functions of encryption, decryption, signature verification and the like for other components.
And 7, submitting the first digital identity public key to the identity credential discriminator by the local identity authenticator, so that the identity credential discriminator can acquire the first identity credential corresponding to the first digital identity public key according to the first digital identity public key.
And step 8, the identity credential discriminator loads the first identity credential according to the first digital identity public key. When detecting that a local identity credential corresponding to a first digital identity public key is stored locally (the local identity credential is stored locally as long as the user logs in), taking the local identity credential as the first identity credential; when detecting that the local identity credential corresponding to the first digital identity public key is not stored locally, acquiring the first identity credential by step 9.
And 9, when detecting that the local identity credential corresponding to the first digital identity public key is not stored locally, the identity credential discriminator acquires the first identity credential corresponding to the first digital identity public key from a blockchain network, wherein the nodes in the blockchain network store the identity credentials of different accounts. Specifically, the identity credential discriminator obtains a first identity credential on the deblocking chain network through the trusted identity authentication service, and the request information includes: the signature algorithm of the second signature of the first digital identity private key can be any hash algorithm, preferably SM3, and the second signature is obtained by carrying out hash encryption on the timestamp by using the first digital identity private key. The trusted identity authentication service verifies the second signature according to the first digital identity public key, and after verification, the identity certificate of the trusted identity authentication service is obtained from the blockchain network by the first digital identity public key. The trusted identity authentication service returns the first identity credential to the identity credential authenticator.
Preferably, upon detecting that the local identity credential corresponding to the first digital identity public key is stored locally, the identity credential discriminator may retrieve the first identity credential over the trusted identity authentication service deblocking chain network to verify the validity of the local identity credential. The identity credential discriminator verifies the validity of the local identity credential by comparing the private key signature value verification of the application identity authentication in the local identity credential with the identity credential obtained on the blockchain.
Step 10, obtaining real-name information, namely, the identity credential discriminator sends a first identity credential to the digital identity credential discriminator to decrypt the real-name information, obtaining a first real-name information plaintext, signing the first real-name information plaintext by adopting a first digital identity private key to obtain a first signature of the first digital identity private key, encrypting the first real-name information plaintext by adopting a public key of a third party application system to obtain first real-name information, and finally returning the first real-name information and the first signature to the identity credential discriminator;
the identity credential identifier sends the first digital identity public key of the first account, the first real name information of the first account and the first signature of the first digital identity private key of the first account to the local identity identifier.
Step 11, digital identity logging, the APP application obtains digital identity logging request parameters from the integrated trusted identity component thereof, and submits a digital identity logging request to the third party application system, where the request parameters (i.e. the second signal) include: a first digital identity public key, first real name information, and a first signature;
step 12, the third party application system receives the login request parameter and sends the login request parameter to the integrated trusted identity application component, digital identity verification and signature verification of the login user and decryption of the first real-name information are carried out to obtain real-name information plaintext, the signature verification is returned to the login state and the session information of the first account of the application program, at the moment, the first account is logged in the third party application system through the real-name information, the application system can generate session information, and service initialization is carried out.
Specifically, the third party application system receives a login request of the APP, firstly acquires an identity credential corresponding to a first digital identity public key from the blockchain network through a trusted identity authentication service, and thus verifies the validity of the first identity credential; if the first identity credential is legal, namely the user identity is legal, verifying the first signature; after the first signature is verified to be legal, decrypting the first real-name information through a private key of the third party application system; the decrypted first real-name information plaintext is encrypted by adopting a first digital identity public key and then is compared and checked with real-name information contained in the first identity certificate; and after the verification is finished, the third party application system starts service initialization, and generates own session information to process the service request of the first account.
From the above digital identity login flow, the user needs to complete the following work by logging in the third party application program with real name information through the application program, which comprises the following flows:
step 1, an APP end calls an integrated trusted identity component to finish the initialization of a digital identity of a first account of a user and the initialization of an identity certificate, and real-name information login parameter generation is provided.
And 2, integrating a trusted identity application component by the third party application system to finish digital identity verification of the first account, signature verification, information encryption and decryption, service the third party application system and the like.
The application program APP in the related art is generally an application integration framework, and the APP provides basic capabilities, and integrates individual application services based on the basic capabilities. The trusted identity authentication platform not only authenticates the identity of the user using the application program, but also authenticates the participating organization and the third party application system, issues digital identities, generates identity authentication credentials and the like. All participants in the trusted identity authentication platform use legal digital identities and identity credentials as the basis for interactive authentication.
There is also provided in accordance with another example of the present application a registration login procedure for a third party application system based on a trusted identity authentication platform, including the steps of:
Step 1, a third party application system registers with a blockchain network. Specifically, the third party application system firstly performs registration authentication on the trusted identity authentication service of the trusted identity authentication platform, and the registration information comprises: organization/organization information (organization/organization social unified social credit code, organization information name) where the third party application system is located, information of the third party application system (application system name, application system public key, application system description, application system real name class requirement, application system real name information requirement, application system description), and the like. After checking and authenticating by an administrator of a real-name application system of a trusted identity authentication platform, generating an identity credential uplink disclosure of a third party application system; the identity credential information of the third party application system includes: the identity certificate generates a time stamp, an identity certificate version number, an encryption and decryption algorithm identifier, identity information of an organization where the third party application system is located and the like;
step 2, the third party application system initiates a registration request signal to an application program for establishing connection with the application program, wherein the registration request signal comprises: and the login address of the third party application system and the public key of the third party application system. Specifically, a specific entry of a third party application system is displayed on the APP for a user to apply for the service of the third party application system, and the third party application system provides an entry address (login address) of the third party application system and a public key of the third party application system for the APP; the entry address is used as a third party application system login callback, and the third party application system public key is used as a third party application system identifier and is used when verifying the validity of the third party application system and the encryption of request parameters;
Step 3, clicking an entry of the third party application system by the user, and authorizing to log in the third party application system;
step 4, initializing parameters of a third party application system;
specifically, the trusted identity component of the APP submits the public key of the third party application program to the blockchain trusted identity authentication card service to authenticate the validity of the third party application system. The legitimacy of the third-party application system is that the third-party application system identity certificate corresponding to the public key of the third-party application system is searched from the blockchain network through the blockchain trusted identity authentication card service, and if the third-party application system identity certificate exists and the authentication state is available, the third-party application system identity certificate is legal, and the third-party application system is completed in the parameter initialization of the application program. After that, the user can log in the third party application system with real name information by using the method through the application program, and the details are not repeated here.
By adopting the scheme, the whole process can see that the digital identity and the real-name information are universal in all the platforms, only an application program and an application system are required to integrate a trusted identity (application) component, the digital identities of the user and the application system are generated, the digital identity and the identity certificate authentication are completed in the trusted identity authentication platform, the integrity and the safety of the authentication information are ensured through a blockchain, and the authentication information is shared through distributed data.
From the description of the above embodiments, it will be clear to a person skilled in the art that the method according to the above embodiments may be implemented by means of software plus the necessary general hardware platform, but of course also by means of hardware, but in many cases the former is a preferred embodiment. Based on such understanding, the technical solution of the present application may be embodied essentially or in a part contributing to the prior art in the form of a software product stored in a storage medium (such as ROM/RAM, magnetic disk, optical disk), comprising several instructions for causing a terminal device (which may be a mobile phone, a computer, a server, or a network device, etc.) to perform the method described in the embodiments of the present application.
Example two
In this embodiment, a device for real-name login is further provided, and the device is used to implement the foregoing embodiments and preferred embodiments, and is not described in detail. As used below, the term "module" may be a combination of software and/or hardware that implements a predetermined function. While the means described in the following embodiments are preferably implemented in software, implementation in hardware, or a combination of software and hardware, is also possible and contemplated.
According to another embodiment of the present application, there is also provided an apparatus for real-name login, including:
the first receiving module is used for receiving a first signal for requesting to log in a third party application system through an application program, wherein the first signal carries a first digital identity public key of the first account;
the first acquisition module is used for acquiring a first identity certificate corresponding to the first digital identity public key;
the first sending module is configured to obtain first real name information of the first account from the first identity credential, and send a second signal to the application program, where the second signal includes: a first digital identity public key of the first account, first real name information of the first account, and a first signature of a first digital identity private key of the first account; and the second signal is sent to the third party application system by the application program for verification.
Optionally, the first signal is used for requesting to log in to the application program, and the application program triggers a request for logging in to the third party application system.
Optionally, the first obtaining module further includes a local identity identifier, configured to initiate login authorization verification on the first account before obtaining a first identity credential corresponding to the first digital identity public key, receive first identity information input by the first account, and verify whether the first identity information matches with local identity information, where the local identity information is prestored identity information corresponding to the first digital identity public key.
Optionally, the local identity identifier is further configured to obtain a local identity identifier model corresponding to the first digital identity public key from a locally stored digital identity identifier list, where the local identity information is stored in the local identity identifier model; initiating login authorization verification of the first account by using the local identity card model; and the first identity information used for receiving the first account input is used for verifying whether the first identity information is matched with the local identity information, wherein the first identity information at least comprises one of the following information: face recognition information, iris information, fingerprint information and PIN information.
Optionally, the first obtaining module further includes a digital identity identifier, after detecting that the first identity information is matched with the local identity information, the local identity identifier generates a first identity identifier login token of the first account, and submits the first digital identity public key and the first identity identifier login token to the digital identity identifier.
Optionally, the first obtaining module further includes an identity credential discriminator, where the identity credential discriminator is configured to take the local identity credential as the first identity credential when detecting that a local identity credential corresponding to the first digital identity public key is stored locally; or the method is used for acquiring the first identity certificate corresponding to the first digital identity public key from a blockchain network when detecting that the local identity certificate corresponding to the first digital identity public key is not stored locally, wherein the nodes in the blockchain network store the identity certificates of different accounts.
Optionally, the identity credential discriminator is further configured to transmit the following request information to the blockchain network: a second signature of the first digital identity public key, the timestamp, and the first digital identity private key of the first account; and receiving a first identity credential corresponding to the first digital identity public key returned by the blockchain network.
Optionally, the first obtaining module is configured to obtain, from the first identity credential, first real-name information of the first account, including: transmitting the first identity certificate to a digital identity identifier by the identity certificate identifier for decryption, and obtaining a plaintext of the first real-name information, wherein the first identity certificate is obtained by encrypting the plaintext of the first real-name information in advance; the digital identity identifier signs the first real-name information plaintext by using a first digital identity private key of the first account to obtain a first signature of the first digital identity private key of the first account, and encrypts the first real-name information plaintext by using a public key of the third party application system to form first real-name information; the identity certificate discriminator receives the signature and the first real-name information sent by the digital identity certificate discriminator.
Optionally, after the first sending module sends the second signal to the application program, the application program sends the second signal to the third party application system, where the third party application system verifies the first digital identity public key in the second signal, and after verifying the signature, decrypts the ciphertext by using the private key of the third party application system to obtain the plaintext of the first real-name information.
Optionally, the first identity credential stores the following information: hash value of first real-name information plaintext, memory address of first real-name information plaintext; or, the first identity certificate stores a ciphertext obtained by encrypting the plaintext of the first real-name information by adopting the first digital identity public key.
According to another embodiment of the present application, there is also provided an apparatus for logging in a third party application system in real name, which is applied to the third party application system, including:
the second receiving module is configured to receive a second signal transmitted by the application program, where the second signal includes: a first digital identity public key of a first account, first real name information of the first account, and a first signature of a first digital identity private key of the first account, wherein the first account is an account of the application program;
And the verification module is used for verifying the first signature by adopting the first digital identity public key, and after the first signature passes the verification, the third party application system is logged in by using the real-name information of the first account.
Optionally, the verification module is further configured to decrypt the first real-name information by using a private key of the third party application system to obtain a first real-name information plaintext, and establish a session with the application program according to the first real-name information plaintext.
Optionally, the second receiving module is further configured to register with a blockchain network; the third party application system initiates a registration request signal to the application program for establishing connection with the application program, wherein the registration request signal comprises: and the login address of the third party application system and the public key of the third party application system.
Optionally, the second receiving module is further configured to transmit authentication data to the blockchain network, where the blockchain network generates a uplink credential and uplink disclosure after the authentication data passes authentication, and the uplink credential includes: the generation time of the certificate, the version number of the certificate, the encryption and decryption algorithm identification and the organization identity information.
It should be noted that each of the above modules may be implemented by software or hardware, and for the latter, it may be implemented by, but not limited to: the modules are all located in the same processor; alternatively, the above modules may be located in different processors in any combination.
Example III
According to another embodiment of the present application, there is also provided a mobile terminal including:
the application program is used for receiving request information of a first account request logging in a third party application system, wherein the request information carries account information of the first account or a first digital identity public key;
the trusted identity component is used for receiving a first signal of a first account request logging in a third party application system through the application program, wherein the first signal carries a first digital identity public key of the first account; and is configured to obtain a first identity credential corresponding to the first digital identity public key; the first real name information of the first account is also acquired from the first identity certificate; and transmitting a second signal to the application program, wherein the second signal comprises: a first digital identity public key of the first account, first real name information of the first account, and a first signature of a first digital identity private key of the first account;
The application is further configured to receive the second signal, and send the second signal to the third party application system, where a first digital identity public key in the second signal is used to verify the first signature by the third party application system.
Example IV
Embodiments of the present application also provide a storage medium. Alternatively, in the present embodiment, the above-described storage medium may be configured to store program code for performing the steps of:
s1, receiving a first signal for requesting to log in a third party application system through an application program by a first account, wherein the first signal carries a first digital identity public key of the first account;
s2, acquiring a first identity certificate corresponding to the first digital identity public key;
s3, acquiring first real-name information of the first account from the first identity certificate, and sending a second signal to the application program, wherein the second signal comprises: a first digital identity public key of the first account, first real name information of the first account, and a first signature of a first digital identity private key of the first account; and the second signal is sent to the third party application system by the application program for verification.
Alternatively, in the present embodiment, the storage medium may include, but is not limited to: a U-disk, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), a removable hard disk, a magnetic disk, or an optical disk, or other various media capable of storing program codes.
Embodiments of the present application also provide an electronic device comprising a memory having a computer program stored therein and a processor arranged to run the computer program to perform the steps of any of the method embodiments described above.
Optionally, the electronic device may further include a transmission device and an input/output device, where the transmission device is connected to the processor, and the input/output device is connected to the processor.
Alternatively, in the present embodiment, the above-described processor may be configured to execute the following steps by a computer program:
s1, receiving a first signal for requesting to log in a third party application system through an application program by a first account, wherein the first signal carries a first digital identity public key of the first account;
s2, acquiring a first identity certificate corresponding to the first digital identity public key;
S3, acquiring first real-name information of the first account from the first identity certificate, and sending a second signal to the application program, wherein the second signal comprises: a first digital identity public key of the first account, first real name information of the first account, and a first signature of a first digital identity private key of the first account; and the second signal is sent to the third party application system by the application program for verification.
Alternatively, specific examples in this embodiment may refer to examples described in the foregoing embodiments and optional implementations, and this embodiment is not described herein.
Alternatively, specific examples in this embodiment may refer to examples described in the foregoing embodiments and optional implementations, and this embodiment is not described herein.
It will be appreciated by those skilled in the art that the modules or steps of the application described above may be implemented in a general purpose computing device, they may be centralized on a single computing device, or distributed across a network of computing devices, or they may alternatively be implemented in program code executable by computing devices, such that they may be stored in a memory device for execution by the computing devices and, in some cases, the steps shown or described may be performed in a different order than what is shown or described, or they may be implemented as individual integrated circuit modules, or as individual integrated circuit modules. Thus, the present application is not limited to any specific combination of hardware and software.
The foregoing description is only of the preferred embodiments of the present application and is not intended to limit the same, but rather, various modifications and variations may be made by those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principles of the present application should be included in the protection scope of the present application.