CN112543166B - Real name login method and device - Google Patents

Real name login method and device Download PDF

Info

Publication number
CN112543166B
CN112543166B CN201910894390.4A CN201910894390A CN112543166B CN 112543166 B CN112543166 B CN 112543166B CN 201910894390 A CN201910894390 A CN 201910894390A CN 112543166 B CN112543166 B CN 112543166B
Authority
CN
China
Prior art keywords
identity
account
public key
information
real
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910894390.4A
Other languages
Chinese (zh)
Other versions
CN112543166A (en
Inventor
陈善华
刘毅
宫庆松
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Langxin Data Technology Co ltd
Original Assignee
Langxin Data Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Langxin Data Technology Co ltd filed Critical Langxin Data Technology Co ltd
Priority to CN201910894390.4A priority Critical patent/CN112543166B/en
Publication of CN112543166A publication Critical patent/CN112543166A/en
Application granted granted Critical
Publication of CN112543166B publication Critical patent/CN112543166B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0815Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

The application provides a method and a device for real-name login, wherein the method comprises the following steps: receiving a first signal for requesting to log in a third party application system through an application program, wherein the first signal carries a first digital identity public key of the first account; acquiring a first identity credential corresponding to the first digital identity public key; and acquiring first real-name information of the first account from the first identity certificate, and sending a second signal to the application program. By adopting the scheme, before logging in different application systems, a user firstly acquires the identity certificate corresponding to the digital identity public key, decrypts the identity certificate to acquire the real-name information and the real-name information is subsequently used for logging in a third-party application system, so that the efficiency of real-name authentication is accelerated, the intercommunication, mutual trust and mutual recognition of the digital identities between each platform and each system are realized, and the problem that time and labor are wasted when logging in different systems in a real-name authentication mode in the related technology is solved.

Description

Real name login method and device
Technical Field
The present application relates to the field of blockchain, and more particularly, to a method and apparatus for real name registration.
Background
In the related art, the existing digital identity is generally realized based on the Oauth technology, each area, department and system respectively construct identity systems, the identity systems are mutually independent and are not communicated, the identity systems want to mutually recognize each other, a complex identity account mapping relation needs to be established, and once more account systems need to be opened, the time and the labor are wasted, and the difficulty is high.
Aiming at the problems that the time and the labor are wasted when different systems are logged in through a real-name authentication mode in the related technology, no effective solution exists at present.
Disclosure of Invention
The embodiment of the application provides a method, a device and a method and a device for logging in a real name, which at least solve the problem that logging in different systems by a real name authentication mode in the related art is time-consuming and labor-consuming.
According to another embodiment of the present application, there is also provided a method for real-name login, including: receiving a first signal for requesting to log in a third party application system through an application program, wherein the first signal carries a first digital identity public key of the first account; acquiring a first identity credential corresponding to the first digital identity public key; acquiring first real name information of the first account from the first identity certificate, and sending a second signal to the application program, wherein the second signal comprises: a first digital identity public key of the first account, first real name information of the first account, and a first signature of a first digital identity private key of the first account; and the second signal is sent to the third party application system by the application program for verification.
According to another embodiment of the present application, there is also provided a mobile terminal including: the application program is used for receiving request information of a first account request logging in a third party application system, wherein the request information carries account information of the first account or a first digital identity public key; the trusted identity component is used for receiving a first signal of a first account request logging in a third party application system through the application program, wherein the first signal carries a first digital identity public key of the first account; and is configured to obtain a first identity credential corresponding to the first digital identity public key; the first real name information of the first account is also acquired from the first identity certificate; and transmitting a second signal to the application program, wherein the second signal comprises: a first digital identity public key of the first account, first real name information of the first account, and a first signature of a first digital identity private key of the first account; the application is further configured to receive the second signal, and send the second signal to the third party application system, where a first digital identity public key in the second signal is used to verify the first signature by the third party application system.
According to another embodiment of the present application, there is also provided a method for logging in a third party application system with a real name, including: the third party application system receives a second signal transmitted by the application program, wherein the second signal comprises: a first digital identity public key of a first account, first real name information of the first account, and a first signature of a first digital identity private key of the first account, wherein the first account is an account logged in the application program; and verifying the first signature by adopting the first digital identity public key, and after the first signature passes the verification, logging in the third party application system by using the real-name information of the first account.
According to another embodiment of the present application, there is also provided an apparatus for real-name login, including: the first receiving module is used for receiving a first signal for requesting to log in a third party application system through an application program, wherein the first signal carries a first digital identity public key of the first account; the first acquisition module is used for acquiring a first identity certificate corresponding to the first digital identity public key; the first sending module is configured to obtain first real name information of the first account from the first identity credential, and send a second signal to the application program, where the second signal includes: a first digital identity public key of the first account, first real name information of the first account, and a first signature of a first digital identity private key of the first account; and the second signal is sent to the third party application system by the application program for verification.
According to another embodiment of the present application, there is also provided an apparatus for logging in a third party application system with a real name, which is applied to the third party application system, including: the second receiving module is configured to receive a second signal transmitted by the application program, where the second signal includes: a first digital identity public key of a first account, first real name information of the first account, and a first signature of a first digital identity private key of the first account, wherein the first account is an account of the application program; and the verification module is used for verifying the first signature by adopting the first digital identity public key, and after the first signature passes the verification, the third party application system is logged in by using the real-name information of the first account.
According to a further embodiment of the present application, there is also provided a storage medium having stored therein a computer program, wherein the computer program is arranged to perform the steps of any of the method embodiments described above when run.
According to a further embodiment of the present application, there is also provided an electronic device comprising a memory having stored therein a computer program and a processor arranged to run the computer program to perform the steps of any of the method embodiments described above.
According to the method and the device, a first signal for requesting to log in a third party application system through an application program is received from a first account, wherein the first signal carries a first digital identity public key of the first account; acquiring a first identity credential corresponding to the first digital identity public key; acquiring first real name information of the first account from the first identity certificate, and sending a second signal to the application program, wherein the second signal comprises: a first digital identity public key of the first account, first real name information of the first account, and a first signature of a first digital identity private key of the first account; and the second signal is sent to the third party application system by the application program for verification. By adopting the scheme, before logging in different application systems, a user firstly acquires the identity certificate corresponding to the digital identity public key, decrypts the identity certificate to acquire the real-name information and the real-name information is subsequently used for logging in a third-party application system, so that the efficiency of real-name authentication is accelerated, the intercommunication, mutual trust and mutual recognition of the digital identities between each platform and each system are realized, and the problem that time and labor are wasted when logging in different systems in a real-name authentication mode in the related technology is solved.
Drawings
The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this application, illustrate embodiments of the application and together with the description serve to explain the application and do not constitute an undue limitation to the application. In the drawings:
fig. 1 is a hardware block diagram of a mobile terminal according to a real name login method in an embodiment of the present application;
FIG. 2 is a flow chart of a method of real name login according to an embodiment of the present application;
FIG. 3 is a schematic diagram of the overall structure of a real-name authentication system according to an embodiment of the present application;
FIG. 4 is a schematic diagram of cross-platform sharing of sub-name information according to another embodiment of the present application;
FIG. 5 is a flow chart for digital identity initialization and real-time identity information sharing for a trusted identity authentication platform according to another example of the present application.
Detailed Description
The present application will be described in detail hereinafter with reference to the accompanying drawings in conjunction with embodiments. It should be noted that, in the case of no conflict, the embodiments and features in the embodiments may be combined with each other.
It should be noted that the terms "first," "second," and the like in the description and claims of the present application and the above figures are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order.
Example 1
The method embodiment provided in the first embodiment of the present application may be executed in a mobile terminal, a computer terminal or a similar computing device. Taking the example of running on a mobile terminal, fig. 1 is a block diagram of a hardware structure of a mobile terminal according to an embodiment of the present application, where, as shown in fig. 1, the mobile terminal may include one or more (only one is shown in fig. 1) processors 102 (the processors 102 may include, but are not limited to, a microprocessor MCU or a programmable logic device FPGA, etc.) and a memory 104 for storing data, and optionally, the mobile terminal may further include a transmission device 106 for a communication function and an input/output device 108. It will be appreciated by those skilled in the art that the structure shown in fig. 1 is merely illustrative and not limiting of the structure of the mobile terminal described above. For example, the mobile terminal may also include more or fewer components than shown in fig. 1, or have a different configuration than shown in fig. 1.
The memory 104 may be used to store software programs and modules of application software, such as program instructions/modules corresponding to the method of real-name registration in the embodiments of the present application, and the processor 102 executes the software programs and modules stored in the memory 104, thereby performing various functional applications and data processing, that is, implementing the method described above. Memory 104 may include high-speed random access memory, and may also include non-volatile memory, such as one or more magnetic storage devices, flash memory, or other non-volatile solid-state memory. In some examples, the memory 104 may further include memory remotely located relative to the processor 102, which may be connected to the mobile terminal via a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The transmission means 106 is arranged to receive or transmit data via a network. Specific examples of the network described above may include a wireless network provided by a communication provider of the mobile terminal. In one example, the transmission device 106 includes a network adapter (Network Interface Controller, NIC) that can connect to other network devices through a base station to communicate with the internet. In one example, the transmission device 106 may be a Radio Frequency (RF) module for communicating with the internet wirelessly.
In this embodiment, a method for real-name login running on the mobile terminal is provided, and fig. 2 is a flowchart of a method for real-name login according to an embodiment of the present application, as shown in fig. 2, where the flowchart includes the following steps:
step S202, a first signal for requesting to log in a third party application system through an application program is received by a first account, wherein the first signal carries a first digital identity public key of the first account;
step S204, a first identity certificate corresponding to the first digital identity public key is obtained;
step S206, obtaining the first real name information of the first account from the first identity credential, and sending a second signal to the application program, where the second signal includes: a first digital identity public key of the first account, first real name information of the first account, and a first signature of a first digital identity private key of the first account; and the second signal is transmitted by the application program to the third party application system for verification.
By adopting the scheme, before logging in different application systems, a user acquires the identity certificate corresponding to the digital identity public key, decrypts the identity certificate to acquire the real-name information, and subsequently logs in a third-party application system by using the real-name information, so that the efficiency of real-name authentication is accelerated, the intercommunication, mutual trust and mutual recognition of digital identities between each platform and each system are realized, and the problem that time and labor are wasted when logging in different systems in a real-name authentication mode in the related technology is solved.
Optionally, receiving a first signal for requesting login to the third party application system through the application program from the first account includes: the first signal is used for requesting to log in to the application program, and the application program triggers the request for logging in to the third party application system.
Optionally, before acquiring the first identity credential corresponding to the first digital identity public key, initiating login authorization verification on the first account, receiving first identity information input by the first account, and verifying whether the first identity information is matched with local identity information, where the local identity information is prestored identity information corresponding to the first digital identity public key.
Optionally, initiating login authorization verification on the first account, receiving first identity information input by the first account, and verifying whether the first identity information is matched with local identity information, including: acquiring a local identity card model corresponding to the first digital identity public key from a locally stored digital identity identification list, wherein the local identity information is stored in the local identity card model; initiating login authorization verification of the first account by using the local identity card model; receiving the first identity information input by the first account, and verifying whether the first identity information is matched with the local identity information, wherein the first identity information at least comprises one of the following information: face recognition information, iris information, fingerprint information and PIN information.
Optionally, after detecting that the first identity information is matched with the local identity information, the local identity identifier generates a first identity identifier login token of the first account, and submits the first digital identity public key and the first identity identifier login token to the digital identity identifier.
Optionally, obtaining a first identity credential corresponding to the first digital identity public key, including one of: when detecting that a local identity credential corresponding to the first digital identity public key is stored locally, taking the local identity credential as the first identity credential; and when detecting that the local identity credential corresponding to the first digital identity public key is not stored locally, acquiring the first identity credential corresponding to the first digital identity public key from a blockchain network, wherein the identity credentials of different accounts are stored in nodes in the blockchain network.
Optionally, when detecting that the local identity credential corresponding to the first digital identity public key is not stored locally, acquiring the first identity credential corresponding to the first digital identity public key from a blockchain network includes: transmitting the following request information to the blockchain network: a second signature of the first digital identity public key, the timestamp, and the first digital identity private key of the first account; and receiving a first identity credential corresponding to the first digital identity public key returned by the blockchain network. The signature algorithm of the second signature of the first digital identity private key of the first account may be any hash algorithm, preferably SM3, and the second signature is obtained by performing hash encryption on the timestamp with the first digital identity private key. The real-name information on which the identity credential is based can originate from a real-name authentication center, such as a bank, public security database, etc. in the related art.
Optionally, acquiring the first real-name information of the first account from the first identity credential includes: transmitting the first identity certificate to a digital identity identifier by the identity certificate identifier for decryption, and obtaining a plaintext of the first real-name information, wherein the first identity certificate is obtained by encrypting the plaintext of the first real-name information in advance; the digital identity identifier signs the first real-name information plaintext by using a first digital identity private key of the first account to obtain a first signature of the first digital identity private key of the first account, and encrypts the first real-name information plaintext by using a public key of the third party application system to form first real-name information; the identity certificate discriminator receives the signature and the first real-name information sent by the digital identity certificate discriminator.
Optionally, after sending the second signal to the application program, the application program sends the second signal to the third party application system, where the third party application system verifies the first digital identity public key in the second signal, and after verifying the first signature, decrypts the first real-name information by using the private key of the third party application system to obtain the plaintext of the first real-name information.
Optionally, the first identity credential stores the following information: hash value of first real-name information plaintext, memory address of first real-name information plaintext; or, the first identity certificate stores a ciphertext obtained by encrypting the plaintext of the first real-name information by adopting the first digital identity public key.
According to another embodiment of the present application, there is also provided a method for logging in a third party application system with a real name, including:
step one, a third party application system receives a second signal transmitted by an application program, wherein the second signal comprises: a first digital identity public key of a first account, first real name information of the first account, and a first signature of a first digital identity private key of the first account, wherein the first account is an account logged in the application program;
and secondly, verifying the first signature by adopting the first digital identity public key, and after the first signature passes the verification, logging in the third party application system by using real-name information of the first account.
By adopting the scheme, the third party application system receives the second signal transmitted by the application program, then verifies the information carried in the second signal, and after the information passes the verification, the third party application system is logged in by the real-name information, so that the problem of lower safety of the application program logging in the third party application system is solved, and the system safety is greatly improved through the verification of the first digital identity public key and the signature.
Optionally, and after passing the above verification, establishing a session with the application program using the first real name information, including: and decrypting the first real-name information by using the private key of the third-party application system to obtain a first real-name information plaintext, and establishing a session with the application program according to the first real-name information plaintext.
Optionally, before the third party application system receives the second signal transmitted by the application program, the third party application system registers to the blockchain network; the third party application system initiates a registration request signal to the application program for establishing connection with the application program, wherein the registration request signal comprises: and the login address of the third party application system and the public key of the third party application system. By adopting the scheme, the third party application system is registered in the blockchain network, the registration information can comprise organization information and the like of the application system, the third party application system is also registered in the application program, and the follow-up login to the third party application system through the application program is ensured.
Optionally, the third party application system registers with the blockchain network through a second block, including: the third party application system registers with a blockchain network, including: the third party application system transmits authentication data to the blockchain network, wherein the blockchain network generates a uplink certificate and uplink public after the authentication data passes authentication, and the uplink certificate comprises: the generation time of the certificate, the version number of the certificate, the encryption and decryption algorithm identification and the organization identity information. The uplink credential is an identity credential of the third party application system.
The following description is made in connection with another embodiment of the present application.
Fig. 3 is a schematic diagram of the overall structure of a real-name authentication system according to an embodiment of the present application, and as shown in fig. 3, a trusted identity authentication platform based on a blockchain adopts a blockchain and an asymmetric encryption technology to implement intercommunication, mutual trust and mutual recognition of digital identities between the platforms and systems. As shown in fig. 3, the blockchain-based trusted identity authentication platform includes: the system comprises a trusted identity component provided for an application program APP end, a trusted identity application component provided for a third party application system, a real-name authentication center, a blockchain trusted identity authentication card service and a blockchain network.
APP integrated trusted identity component (e.g. trusted identity SDK), functions include: digital identity generation management, digital identity transmission protocol, local identity authorization management, material authorization management, real-name authentication and digital identity storage backup. The digital identity generation management adopts an asymmetric encryption algorithm to generate a key pair during real-name authentication, for example, supports common asymmetric encryption algorithms such as SM2 and ECC, generates a digital identity file according to a specific file format, and safely stores the digital identity file in a client; the local identity authentication management comprises the steps of integrating local identity authentication means such as human face recognition, iris recognition, fingerprint recognition, local PIN code and the like, completing the binding of the digital identity of a user and the local identity authentication mode of the user, completing the authentication by adopting human body characteristics, and realizing the password login without an account number; material authorization management includes the updating, usage management and maintenance of the identity credentials of the user. The digital identity transmission protocol comprises interaction with a blockchain trusted identity authentication service, and real-name information authentication and updating maintenance are carried out; the identity authorization management comprises providing a digital identity local identity authentication card login interface, calling when the APP account module logs in, and carrying out digital identity login.
The third party application system comprises an application account management system, a real-name authentication and trusted identity application component. Wherein the trusted identity application component functions include: digital identity generation management, digital identity transmission protocol, application identity credential management, user identity credential generation. The trusted identity application component is an application package that provides a third party application system with access to a blockchain-based trusted identity authentication platform. Digital identity management, third-party application system identity credential management, digital identity and identity credential validity verification, real-name authentication function interface and user identity credential generation and release are provided for a third-party application system. The trusted identity application component encapsulates a standard blockchain network API interface, shields the blockchain technology from the third party application system, reduces the complexity of access of the third party application system, and enables the third party application system to be integrated quickly. The trusted identity application component interacts with the real-name authentication center to complete user real-name authentication, generates user identity credentials by the trusted identity application component and issues a uplink through the blockchain network API interface. Specifically, the trusted identity application component interacts with the blockchain trusted identity authentication service through a blockchain network API interface, performs uplink public on generated user identity credential information, and performs user identity information authentication through a blockchain network.
The real-name authentication center integrates an authentication source recognized in the industry and is used for providing real-name authentication service, and the real-name authentication channel aggregation comprises public security identity card authentication, public security face recognition authentication, bank card authentication, legal person authentication of industry and commerce and the like and provides user real-name authentication service for a third party application system. Industry-accepted, authoritative identity authentication sources are the basis for identity information sharing, mutual authentication and mutual trust.
The blockchain trusted identity authentication service is used for providing identity information authentication service for the APP and the third-party application system. The block chain trusted identity authentication card comprises trusted identity authentication card management and trusted identity block chain reading and writing, wherein a trusted identity component integrated by an application program and a trusted identity application component integrated by a third party application system both encapsulate standard block chain network API interfaces, and the trusted identity component integrated by the application program and the trusted identity application component integrated by the third party application system can access a block chain network through a block chain trusted identity authentication card service, wherein the third party application system uploads a user identity credential to the block chain network through the block chain trusted identity authentication card service or acquires the user identity credential from the block chain network; the application program obtains the user identity credential or the third party application identity credential from the blockchain network through the blockchain trusted identity authentication service.
The blockchain network creates a voucher ledger for storing and disclosing identity vouchers. The blockchain network only receives the read-write chain request of the blockchain trusted identity card service, and controls the blockchain data security sharing application through the blockchain trusted identity card service.
The scheme of the embodiment relates to a blockchain technology and an asymmetric encryption technology (supporting common encryption algorithms such as SM2 and ECC), wherein the asymmetric encryption technology generates a public key pair, the public key and the private key generate a digital identity file according to a special format, and the public key is used as a unified identifier of a user account; and the public key is bound with the user real-name information during real-name authentication, and the real-name identity information is displayed and shared in a uplink manner.
The trusted identity authentication system based on the blockchain platform adopts a digital identity and real-name identity credential mode, digital identity information (a special file formed by a public-private key pair) is safely stored in a client, and can be safely backed up and restored at a remote end (such as a server, a cloud disk and the like) according to user wish; the real-name identity certificate is published in the blockchain network and is used for real-name information sharing and identity verification. Wherein, real name identity voucher includes: the real-name information is encrypted by a digital identity public key of a user, the user digital identity public key information, authentication mode information, a user identity authentication system public key, a user identity authentication system signature and the like; alternatively, the real name identity credential includes: the method comprises the steps of real name information hash, real name information storage address, user digital identity public key information, authentication mode information, user identity authentication system public key, user identity authentication system signature and the like. The authentication mode information comprises, but is not limited to, a public security identity authentication mode, a public security face recognition authentication mode, a bank card authentication mode, an industrial and commercial legal authentication mode and the like; the public key of the user identity authentication system is a public key of a third party application system which authenticates the user real name information and issues user identity credentials; the signature of the user identity authentication system is signature information obtained by carrying out hash encryption on other information except the user digital identity public key information and the user identity authentication system public key in the real-name identity certificate by using a private key of a third party application system which authenticates the user real-name information and issues the user identity certificate.
Optionally, the storage scheme of the user identity credential JSON mode is as follows: the user real-name information is stored in the real-name identity certificate in an encrypted mode through the user digital identity public key for sharing.
Or, the identity certificate of the user stores a scheme II in a JSON mode: the identity credentials store the HASH value of the user real-name information and the address of the user real-name information storage, the client application program obtains the real-name information through a safety means, and the third party application system verifies the user real-name information through the real-name identity credentials.
In the embodiment, the aim of mutually identifying the identity information among the platforms is achieved, and the mutually identifying is firstly a real-name authentication source to be approved by a person, and public security identity card authentication, public security face recognition authentication, bank card authentication, legal person authentication of an industrial and commercial person and the like provided by a real-name authentication center are all authoritative and credible authentication sources, so that the authoritativeness and credibility of the identity data are ensured. Secondly, identity information is shared and stored through effective public key encryption and a blockchain distribution technology, and the security of sharing of the identity information is ensured by utilizing the tamper-proof characteristic of the blockchain.
FIG. 4 is a schematic diagram of cross-platform sharing of sub-name information according to another embodiment of the present application, as shown in FIG. 4, the trusted identity authentication platform binds each application account with the user real-name information through the user digital identity (special format file formed by public and private keys) by the cryptography technology and the real-name authentication technology, the real-name identity information is encrypted by the digital identity public key, and the real-name identity information is shared through the blockchain distributed database feature; the digital identity file is stored by the user independently, and the user can share the real-name information of the user by importing the digital identity into different terminals such as APP application programs and the like.
FIG. 5 is a flow chart of digital identity initialization and real-time identity information sharing of a trusted identity authentication platform according to another example of the present application, as shown in FIG. 5, comprising the steps of:
step 1, a user opens an APP, triggers a login function of an APP account module, realizes login of a first account to an APP, wherein the login process can be an APP account login process in the related art, and the following process is realized by a trusted identity component integrated with the APP;
step 2, triggering a local digital identity login API provided by a trusted identity component by an APP (application program) to support a first account digital identity (digital identity public key) login mode;
step 3, after receiving the application program login request, the local identity identifier obtains the last login digital identity information from the bound identity list or obtains the digital identity information logged in according to the APP request, and obtains a local identity identifier model supported by the digital identity information from the local digital identity identifier list;
step 4, initializing an identity card model according to the local identity card model, and displaying the identity card model to a first account for authorized login;
step 5, the first account completes login authorization through the living face, the iris, the fingerprint, the PIN code and the like;
And 6, after the authorization of the first account is completed, the local identity identifier generates a first identity identifier login token, and the local identity identifier submits a first digital identity public key and the first identity identifier login token to the digital identity identifier to initialize the digital identity. The digital identity identifier is used for verifying the first digital identity public key, initializing the digital identity and providing the digital identity functions of encryption, decryption, signature verification and the like for other components.
And 7, submitting the first digital identity public key to the identity credential discriminator by the local identity authenticator, so that the identity credential discriminator can acquire the first identity credential corresponding to the first digital identity public key according to the first digital identity public key.
And step 8, the identity credential discriminator loads the first identity credential according to the first digital identity public key. When detecting that a local identity credential corresponding to a first digital identity public key is stored locally (the local identity credential is stored locally as long as the user logs in), taking the local identity credential as the first identity credential; when detecting that the local identity credential corresponding to the first digital identity public key is not stored locally, acquiring the first identity credential by step 9.
And 9, when detecting that the local identity credential corresponding to the first digital identity public key is not stored locally, the identity credential discriminator acquires the first identity credential corresponding to the first digital identity public key from a blockchain network, wherein the nodes in the blockchain network store the identity credentials of different accounts. Specifically, the identity credential discriminator obtains a first identity credential on the deblocking chain network through the trusted identity authentication service, and the request information includes: the signature algorithm of the second signature of the first digital identity private key can be any hash algorithm, preferably SM3, and the second signature is obtained by carrying out hash encryption on the timestamp by using the first digital identity private key. The trusted identity authentication service verifies the second signature according to the first digital identity public key, and after verification, the identity certificate of the trusted identity authentication service is obtained from the blockchain network by the first digital identity public key. The trusted identity authentication service returns the first identity credential to the identity credential authenticator.
Preferably, upon detecting that the local identity credential corresponding to the first digital identity public key is stored locally, the identity credential discriminator may retrieve the first identity credential over the trusted identity authentication service deblocking chain network to verify the validity of the local identity credential. The identity credential discriminator verifies the validity of the local identity credential by comparing the private key signature value verification of the application identity authentication in the local identity credential with the identity credential obtained on the blockchain.
Step 10, obtaining real-name information, namely, the identity credential discriminator sends a first identity credential to the digital identity credential discriminator to decrypt the real-name information, obtaining a first real-name information plaintext, signing the first real-name information plaintext by adopting a first digital identity private key to obtain a first signature of the first digital identity private key, encrypting the first real-name information plaintext by adopting a public key of a third party application system to obtain first real-name information, and finally returning the first real-name information and the first signature to the identity credential discriminator;
the identity credential identifier sends the first digital identity public key of the first account, the first real name information of the first account and the first signature of the first digital identity private key of the first account to the local identity identifier.
Step 11, digital identity logging, the APP application obtains digital identity logging request parameters from the integrated trusted identity component thereof, and submits a digital identity logging request to the third party application system, where the request parameters (i.e. the second signal) include: a first digital identity public key, first real name information, and a first signature;
step 12, the third party application system receives the login request parameter and sends the login request parameter to the integrated trusted identity application component, digital identity verification and signature verification of the login user and decryption of the first real-name information are carried out to obtain real-name information plaintext, the signature verification is returned to the login state and the session information of the first account of the application program, at the moment, the first account is logged in the third party application system through the real-name information, the application system can generate session information, and service initialization is carried out.
Specifically, the third party application system receives a login request of the APP, firstly acquires an identity credential corresponding to a first digital identity public key from the blockchain network through a trusted identity authentication service, and thus verifies the validity of the first identity credential; if the first identity credential is legal, namely the user identity is legal, verifying the first signature; after the first signature is verified to be legal, decrypting the first real-name information through a private key of the third party application system; the decrypted first real-name information plaintext is encrypted by adopting a first digital identity public key and then is compared and checked with real-name information contained in the first identity certificate; and after the verification is finished, the third party application system starts service initialization, and generates own session information to process the service request of the first account.
From the above digital identity login flow, the user needs to complete the following work by logging in the third party application program with real name information through the application program, which comprises the following flows:
step 1, an APP end calls an integrated trusted identity component to finish the initialization of a digital identity of a first account of a user and the initialization of an identity certificate, and real-name information login parameter generation is provided.
And 2, integrating a trusted identity application component by the third party application system to finish digital identity verification of the first account, signature verification, information encryption and decryption, service the third party application system and the like.
The application program APP in the related art is generally an application integration framework, and the APP provides basic capabilities, and integrates individual application services based on the basic capabilities. The trusted identity authentication platform not only authenticates the identity of the user using the application program, but also authenticates the participating organization and the third party application system, issues digital identities, generates identity authentication credentials and the like. All participants in the trusted identity authentication platform use legal digital identities and identity credentials as the basis for interactive authentication.
There is also provided in accordance with another example of the present application a registration login procedure for a third party application system based on a trusted identity authentication platform, including the steps of:
Step 1, a third party application system registers with a blockchain network. Specifically, the third party application system firstly performs registration authentication on the trusted identity authentication service of the trusted identity authentication platform, and the registration information comprises: organization/organization information (organization/organization social unified social credit code, organization information name) where the third party application system is located, information of the third party application system (application system name, application system public key, application system description, application system real name class requirement, application system real name information requirement, application system description), and the like. After checking and authenticating by an administrator of a real-name application system of a trusted identity authentication platform, generating an identity credential uplink disclosure of a third party application system; the identity credential information of the third party application system includes: the identity certificate generates a time stamp, an identity certificate version number, an encryption and decryption algorithm identifier, identity information of an organization where the third party application system is located and the like;
step 2, the third party application system initiates a registration request signal to an application program for establishing connection with the application program, wherein the registration request signal comprises: and the login address of the third party application system and the public key of the third party application system. Specifically, a specific entry of a third party application system is displayed on the APP for a user to apply for the service of the third party application system, and the third party application system provides an entry address (login address) of the third party application system and a public key of the third party application system for the APP; the entry address is used as a third party application system login callback, and the third party application system public key is used as a third party application system identifier and is used when verifying the validity of the third party application system and the encryption of request parameters;
Step 3, clicking an entry of the third party application system by the user, and authorizing to log in the third party application system;
step 4, initializing parameters of a third party application system;
specifically, the trusted identity component of the APP submits the public key of the third party application program to the blockchain trusted identity authentication card service to authenticate the validity of the third party application system. The legitimacy of the third-party application system is that the third-party application system identity certificate corresponding to the public key of the third-party application system is searched from the blockchain network through the blockchain trusted identity authentication card service, and if the third-party application system identity certificate exists and the authentication state is available, the third-party application system identity certificate is legal, and the third-party application system is completed in the parameter initialization of the application program. After that, the user can log in the third party application system with real name information by using the method through the application program, and the details are not repeated here.
By adopting the scheme, the whole process can see that the digital identity and the real-name information are universal in all the platforms, only an application program and an application system are required to integrate a trusted identity (application) component, the digital identities of the user and the application system are generated, the digital identity and the identity certificate authentication are completed in the trusted identity authentication platform, the integrity and the safety of the authentication information are ensured through a blockchain, and the authentication information is shared through distributed data.
From the description of the above embodiments, it will be clear to a person skilled in the art that the method according to the above embodiments may be implemented by means of software plus the necessary general hardware platform, but of course also by means of hardware, but in many cases the former is a preferred embodiment. Based on such understanding, the technical solution of the present application may be embodied essentially or in a part contributing to the prior art in the form of a software product stored in a storage medium (such as ROM/RAM, magnetic disk, optical disk), comprising several instructions for causing a terminal device (which may be a mobile phone, a computer, a server, or a network device, etc.) to perform the method described in the embodiments of the present application.
Example two
In this embodiment, a device for real-name login is further provided, and the device is used to implement the foregoing embodiments and preferred embodiments, and is not described in detail. As used below, the term "module" may be a combination of software and/or hardware that implements a predetermined function. While the means described in the following embodiments are preferably implemented in software, implementation in hardware, or a combination of software and hardware, is also possible and contemplated.
According to another embodiment of the present application, there is also provided an apparatus for real-name login, including:
the first receiving module is used for receiving a first signal for requesting to log in a third party application system through an application program, wherein the first signal carries a first digital identity public key of the first account;
the first acquisition module is used for acquiring a first identity certificate corresponding to the first digital identity public key;
the first sending module is configured to obtain first real name information of the first account from the first identity credential, and send a second signal to the application program, where the second signal includes: a first digital identity public key of the first account, first real name information of the first account, and a first signature of a first digital identity private key of the first account; and the second signal is sent to the third party application system by the application program for verification.
Optionally, the first signal is used for requesting to log in to the application program, and the application program triggers a request for logging in to the third party application system.
Optionally, the first obtaining module further includes a local identity identifier, configured to initiate login authorization verification on the first account before obtaining a first identity credential corresponding to the first digital identity public key, receive first identity information input by the first account, and verify whether the first identity information matches with local identity information, where the local identity information is prestored identity information corresponding to the first digital identity public key.
Optionally, the local identity identifier is further configured to obtain a local identity identifier model corresponding to the first digital identity public key from a locally stored digital identity identifier list, where the local identity information is stored in the local identity identifier model; initiating login authorization verification of the first account by using the local identity card model; and the first identity information used for receiving the first account input is used for verifying whether the first identity information is matched with the local identity information, wherein the first identity information at least comprises one of the following information: face recognition information, iris information, fingerprint information and PIN information.
Optionally, the first obtaining module further includes a digital identity identifier, after detecting that the first identity information is matched with the local identity information, the local identity identifier generates a first identity identifier login token of the first account, and submits the first digital identity public key and the first identity identifier login token to the digital identity identifier.
Optionally, the first obtaining module further includes an identity credential discriminator, where the identity credential discriminator is configured to take the local identity credential as the first identity credential when detecting that a local identity credential corresponding to the first digital identity public key is stored locally; or the method is used for acquiring the first identity certificate corresponding to the first digital identity public key from a blockchain network when detecting that the local identity certificate corresponding to the first digital identity public key is not stored locally, wherein the nodes in the blockchain network store the identity certificates of different accounts.
Optionally, the identity credential discriminator is further configured to transmit the following request information to the blockchain network: a second signature of the first digital identity public key, the timestamp, and the first digital identity private key of the first account; and receiving a first identity credential corresponding to the first digital identity public key returned by the blockchain network.
Optionally, the first obtaining module is configured to obtain, from the first identity credential, first real-name information of the first account, including: transmitting the first identity certificate to a digital identity identifier by the identity certificate identifier for decryption, and obtaining a plaintext of the first real-name information, wherein the first identity certificate is obtained by encrypting the plaintext of the first real-name information in advance; the digital identity identifier signs the first real-name information plaintext by using a first digital identity private key of the first account to obtain a first signature of the first digital identity private key of the first account, and encrypts the first real-name information plaintext by using a public key of the third party application system to form first real-name information; the identity certificate discriminator receives the signature and the first real-name information sent by the digital identity certificate discriminator.
Optionally, after the first sending module sends the second signal to the application program, the application program sends the second signal to the third party application system, where the third party application system verifies the first digital identity public key in the second signal, and after verifying the signature, decrypts the ciphertext by using the private key of the third party application system to obtain the plaintext of the first real-name information.
Optionally, the first identity credential stores the following information: hash value of first real-name information plaintext, memory address of first real-name information plaintext; or, the first identity certificate stores a ciphertext obtained by encrypting the plaintext of the first real-name information by adopting the first digital identity public key.
According to another embodiment of the present application, there is also provided an apparatus for logging in a third party application system in real name, which is applied to the third party application system, including:
the second receiving module is configured to receive a second signal transmitted by the application program, where the second signal includes: a first digital identity public key of a first account, first real name information of the first account, and a first signature of a first digital identity private key of the first account, wherein the first account is an account of the application program;
And the verification module is used for verifying the first signature by adopting the first digital identity public key, and after the first signature passes the verification, the third party application system is logged in by using the real-name information of the first account.
Optionally, the verification module is further configured to decrypt the first real-name information by using a private key of the third party application system to obtain a first real-name information plaintext, and establish a session with the application program according to the first real-name information plaintext.
Optionally, the second receiving module is further configured to register with a blockchain network; the third party application system initiates a registration request signal to the application program for establishing connection with the application program, wherein the registration request signal comprises: and the login address of the third party application system and the public key of the third party application system.
Optionally, the second receiving module is further configured to transmit authentication data to the blockchain network, where the blockchain network generates a uplink credential and uplink disclosure after the authentication data passes authentication, and the uplink credential includes: the generation time of the certificate, the version number of the certificate, the encryption and decryption algorithm identification and the organization identity information.
It should be noted that each of the above modules may be implemented by software or hardware, and for the latter, it may be implemented by, but not limited to: the modules are all located in the same processor; alternatively, the above modules may be located in different processors in any combination.
Example III
According to another embodiment of the present application, there is also provided a mobile terminal including:
the application program is used for receiving request information of a first account request logging in a third party application system, wherein the request information carries account information of the first account or a first digital identity public key;
the trusted identity component is used for receiving a first signal of a first account request logging in a third party application system through the application program, wherein the first signal carries a first digital identity public key of the first account; and is configured to obtain a first identity credential corresponding to the first digital identity public key; the first real name information of the first account is also acquired from the first identity certificate; and transmitting a second signal to the application program, wherein the second signal comprises: a first digital identity public key of the first account, first real name information of the first account, and a first signature of a first digital identity private key of the first account;
The application is further configured to receive the second signal, and send the second signal to the third party application system, where a first digital identity public key in the second signal is used to verify the first signature by the third party application system.
Example IV
Embodiments of the present application also provide a storage medium. Alternatively, in the present embodiment, the above-described storage medium may be configured to store program code for performing the steps of:
s1, receiving a first signal for requesting to log in a third party application system through an application program by a first account, wherein the first signal carries a first digital identity public key of the first account;
s2, acquiring a first identity certificate corresponding to the first digital identity public key;
s3, acquiring first real-name information of the first account from the first identity certificate, and sending a second signal to the application program, wherein the second signal comprises: a first digital identity public key of the first account, first real name information of the first account, and a first signature of a first digital identity private key of the first account; and the second signal is sent to the third party application system by the application program for verification.
Alternatively, in the present embodiment, the storage medium may include, but is not limited to: a U-disk, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), a removable hard disk, a magnetic disk, or an optical disk, or other various media capable of storing program codes.
Embodiments of the present application also provide an electronic device comprising a memory having a computer program stored therein and a processor arranged to run the computer program to perform the steps of any of the method embodiments described above.
Optionally, the electronic device may further include a transmission device and an input/output device, where the transmission device is connected to the processor, and the input/output device is connected to the processor.
Alternatively, in the present embodiment, the above-described processor may be configured to execute the following steps by a computer program:
s1, receiving a first signal for requesting to log in a third party application system through an application program by a first account, wherein the first signal carries a first digital identity public key of the first account;
s2, acquiring a first identity certificate corresponding to the first digital identity public key;
S3, acquiring first real-name information of the first account from the first identity certificate, and sending a second signal to the application program, wherein the second signal comprises: a first digital identity public key of the first account, first real name information of the first account, and a first signature of a first digital identity private key of the first account; and the second signal is sent to the third party application system by the application program for verification.
Alternatively, specific examples in this embodiment may refer to examples described in the foregoing embodiments and optional implementations, and this embodiment is not described herein.
Alternatively, specific examples in this embodiment may refer to examples described in the foregoing embodiments and optional implementations, and this embodiment is not described herein.
It will be appreciated by those skilled in the art that the modules or steps of the application described above may be implemented in a general purpose computing device, they may be centralized on a single computing device, or distributed across a network of computing devices, or they may alternatively be implemented in program code executable by computing devices, such that they may be stored in a memory device for execution by the computing devices and, in some cases, the steps shown or described may be performed in a different order than what is shown or described, or they may be implemented as individual integrated circuit modules, or as individual integrated circuit modules. Thus, the present application is not limited to any specific combination of hardware and software.
The foregoing description is only of the preferred embodiments of the present application and is not intended to limit the same, but rather, various modifications and variations may be made by those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principles of the present application should be included in the protection scope of the present application.

Claims (16)

1. A method for real name login, comprising:
receiving a first signal for requesting to log in a third party application system through an application program, wherein the first signal carries a first digital identity public key of the first account;
acquiring a first identity credential corresponding to the first digital identity public key;
acquiring first real name information of the first account from the first identity certificate, and sending a second signal to the application program, wherein the second signal comprises: a first digital identity public key of the first account, first real name information of the first account, and a first signature of a first digital identity private key of the first account; the second signal is sent to the third party application system by the application program for verification;
wherein obtaining a first identity credential corresponding to the first digital identity public key comprises one of: when detecting that a local identity credential corresponding to the first digital identity public key is stored locally, taking the local identity credential as the first identity credential; and when detecting that the local identity credential corresponding to the first digital identity public key is not stored locally, acquiring the first identity credential corresponding to the first digital identity public key from a blockchain network, wherein the identity credentials of different accounts are stored in nodes in the blockchain network.
2. The method of claim 1, wherein receiving a first signal for requesting login to a third party application system via an application program from a first account comprises:
the first signal is used for requesting to log in to the application program, and the application program triggers the request for logging in to the third party application system.
3. The method of claim 1, wherein prior to obtaining the first identity credential corresponding to the first digital identity public key, the method further comprises:
initiating login authorization verification of the first account, receiving first identity information input by the first account, and verifying whether the first identity information is matched with local identity information, wherein the local identity information is prestored identity information corresponding to the first digital identity public key.
4. A method according to claim 3, wherein initiating a login authorization verification for the first account, receiving first identity information entered by the first account, verifying whether the first identity information matches local identity information, comprises:
acquiring a local identity card model corresponding to the first digital identity public key from a locally stored digital identity identification list, wherein the local identity information is stored in the local identity card model;
Initiating login authorization verification of the first account by using the local identity card model;
receiving the first identity information input by the first account, and verifying whether the first identity information is matched with the local identity information, wherein the first identity information at least comprises one of the following information: face recognition information, iris information, fingerprint information and PIN information.
5. The method of claim 4, wherein upon detecting that the first identity information matches the local identity information, the method further comprises:
and generating a first identity authentication login token of the first account by the local identity authentication device, and submitting the first digital identity public key and the first identity authentication login token to the digital identity authentication device.
6. The method of claim 1, wherein upon detecting that the local identity credential corresponding to the first digital identity public key is not stored locally, obtaining the first identity credential corresponding to the first digital identity public key from a blockchain network comprises:
transmitting the following request information to the blockchain network: a second signature of the first digital identity public key, the timestamp, and the first digital identity private key of the first account; and receiving a first identity credential corresponding to the first digital identity public key returned by the blockchain network.
7. The method of claim 1, wherein obtaining the first real name information of the first account number from the first identity credential comprises:
transmitting the first identity certificate to a digital identity identifier by the identity certificate identifier for decryption, and obtaining a plaintext of the first real-name information, wherein the first identity certificate is obtained by encrypting the plaintext of the first real-name information in advance;
the digital identity identifier signs the first real-name information plaintext by using a first digital identity private key of the first account to obtain a first signature of the first digital identity private key of the first account, and encrypts the first real-name information plaintext by using a public key of the third party application system to form first real-name information;
the identity certificate discriminator receives the signature and the first real-name information sent by the digital identity certificate discriminator.
8. The method according to any one of claims 1 to 7, wherein,
the first identity credential stores the following information: hash value of first real-name information plaintext, memory address of first real-name information plaintext;
or, the first identity certificate stores a ciphertext obtained by encrypting the plaintext of the first real-name information by adopting the first digital identity public key.
9. A mobile terminal, comprising:
the application program is used for receiving request information of a first account request logging in a third party application system, wherein the request information carries account information of the first account or a first digital identity public key;
the trusted identity component is used for receiving a first signal of a first account request logging in a third party application system through the application program, wherein the first signal carries a first digital identity public key of the first account; and is configured to obtain a first identity credential corresponding to the first digital identity public key; the first real name information of the first account is also acquired from the first identity certificate; and transmitting a second signal to the application program, wherein the second signal comprises: a first digital identity public key of the first account, first real name information of the first account, and a first signature of a first digital identity private key of the first account;
the application program is further configured to receive the second signal and send the second signal to the third party application system, where a first digital identity public key in the second signal is used to verify the first signature by the third party application system;
Wherein the trusted identity component is further configured to one of: when detecting that a local identity credential corresponding to the first digital identity public key is stored locally, taking the local identity credential as the first identity credential; and when detecting that the local identity credential corresponding to the first digital identity public key is not stored locally, acquiring the first identity credential corresponding to the first digital identity public key from a blockchain network, wherein the identity credentials of different accounts are stored in nodes in the blockchain network.
10. A method for logging in to a third party application system using the mobile terminal real name of claim 9, comprising:
the third party application system receives a second signal transmitted by the application program, wherein the second signal comprises: a first digital identity public key of a first account, first real name information of the first account, and a first signature of a first digital identity private key of the first account, wherein the first account is an account logged in the application program;
and verifying the first signature by adopting the first digital identity public key, and after the first signature passes the verification, logging in the third party application system by using the real-name information of the first account.
11. The method of claim 10, wherein before the third party application system receives the second signal transmitted by the application program, the method further comprises:
the third party application system registers with a blockchain network;
the third party application system initiates a registration request signal to the application program for establishing connection with the application program, wherein the registration request signal comprises: and the login address of the third party application system and the public key of the third party application system.
12. The method of claim 11, wherein the third party application system registers with a blockchain network, comprising:
the third party application system transmits authentication data to the blockchain network, wherein the blockchain network generates a uplink certificate and uplink public after the authentication data passes authentication, and the uplink certificate comprises: the generation time of the certificate, the version number of the certificate, the encryption and decryption algorithm identification and the organization identity information.
13. A device for real name login, comprising:
the first receiving module is used for receiving a first signal for requesting to log in a third party application system through an application program, wherein the first signal carries a first digital identity public key of the first account;
The first acquisition module is used for acquiring a first identity certificate corresponding to the first digital identity public key;
the first sending module is configured to obtain first real name information of the first account from the first identity credential, and send a second signal to the application program, where the second signal includes: a first digital identity public key of the first account, first real name information of the first account, and a first signature of a first digital identity private key of the first account; the second signal is sent to the third party application system by the application program for verification;
wherein, the first acquisition module further includes: the identity credential discriminator is used for taking the local identity credential as the first identity credential when detecting that the local identity credential corresponding to the first digital identity public key is stored locally; or the method is used for acquiring the first identity certificate corresponding to the first digital identity public key from a blockchain network when detecting that the local identity certificate corresponding to the first digital identity public key is not stored locally, wherein the nodes in the blockchain network store the identity certificates of different accounts.
14. An apparatus for logging in to a third party application system using the mobile terminal real name of claim 9, applied to the third party application system, comprising:
the second receiving module is configured to receive a second signal transmitted by the application program, where the second signal includes: a first digital identity public key of a first account, first real name information of the first account, and a first signature of a first digital identity private key of the first account, wherein the first account is an account of the application program;
and the verification module is used for verifying the first signature by adopting the first digital identity public key, and after the first signature passes the verification, the third party application system is logged in by using the real-name information of the first account.
15. A storage medium having a computer program stored therein, wherein the computer program is arranged to perform the method of any of claims 1 to 8 or any of claims 10 to 12 when run.
16. An electronic device comprising a memory and a processor, characterized in that the memory has stored therein a computer program, the processor being arranged to run the computer program to perform the method of any of the claims 1 to 8 or any of the claims 10 to 12.
CN201910894390.4A 2019-09-20 2019-09-20 Real name login method and device Active CN112543166B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910894390.4A CN112543166B (en) 2019-09-20 2019-09-20 Real name login method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910894390.4A CN112543166B (en) 2019-09-20 2019-09-20 Real name login method and device

Publications (2)

Publication Number Publication Date
CN112543166A CN112543166A (en) 2021-03-23
CN112543166B true CN112543166B (en) 2023-07-21

Family

ID=75012532

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910894390.4A Active CN112543166B (en) 2019-09-20 2019-09-20 Real name login method and device

Country Status (1)

Country Link
CN (1) CN112543166B (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113221093B (en) * 2021-05-25 2022-11-25 成都佰纳瑞信息技术有限公司 Single sign-on system, method, equipment and product based on block chain
CN113268779A (en) * 2021-06-07 2021-08-17 中国联合网络通信集团有限公司 Real-name registration method, device, equipment and storage medium
CN113706283B (en) * 2021-10-28 2022-02-11 江苏荣泽信息科技股份有限公司 Double-chain retrieval and tracing method based on real estate transaction
CN114978596B (en) * 2022-04-24 2023-04-18 捷德(中国)科技有限公司 Registration and processing method and device for ownership of digital assets
CN114900321B (en) * 2022-07-14 2022-10-14 云上人和物联科技有限公司 Autonomous real-name electronic identity certificate generation system and method

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106878327A (en) * 2017-03-22 2017-06-20 江苏金易达供应链管理有限公司 Towards the login method of auto service platform
CN107196966A (en) * 2017-07-05 2017-09-22 北京信任度科技有限公司 The identity identifying method and system of multi-party trust based on block chain
CN109829722A (en) * 2019-02-22 2019-05-31 兴唐通信科技有限公司 A kind of user identity real name identification method of electronic fare payment system
CN109862041A (en) * 2019-03-27 2019-06-07 深圳市网心科技有限公司 A kind of digital identification authentication method, unit, system and storage medium

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106878327A (en) * 2017-03-22 2017-06-20 江苏金易达供应链管理有限公司 Towards the login method of auto service platform
CN107196966A (en) * 2017-07-05 2017-09-22 北京信任度科技有限公司 The identity identifying method and system of multi-party trust based on block chain
CN109829722A (en) * 2019-02-22 2019-05-31 兴唐通信科技有限公司 A kind of user identity real name identification method of electronic fare payment system
CN109862041A (en) * 2019-03-27 2019-06-07 深圳市网心科技有限公司 A kind of digital identification authentication method, unit, system and storage medium

Also Published As

Publication number Publication date
CN112543166A (en) 2021-03-23

Similar Documents

Publication Publication Date Title
CN108810029B (en) Authentication system and optimization method between micro-service architecture services
CN112543166B (en) Real name login method and device
EP2255507B1 (en) A system and method for securely issuing subscription credentials to communication devices
CN102595404B (en) For storing and executing the method and device of access control clients
WO2018090183A1 (en) Identity authentication method, terminal device, authentication server and electronic device
KR102134302B1 (en) Wireless network access method and apparatus, and storage medium
US11336641B2 (en) Security enhanced technique of authentication protocol based on trusted execution environment
US10050791B2 (en) Method for verifying the identity of a user of a communicating terminal and associated system
CN111131416B (en) Service providing method and device, storage medium and electronic device
US9608971B2 (en) Method and apparatus for using a bootstrapping protocol to secure communication between a terminal and cooperating servers
US10158636B2 (en) Method for setting up a secure end-to-end communication between a user terminal and a connected object
US11777743B2 (en) Method for securely providing a personalized electronic identity on a terminal
US9398024B2 (en) System and method for reliably authenticating an appliance
CN112766962A (en) Method for receiving and sending certificate, transaction system, storage medium and electronic device
CN112311543B (en) GBA key generation method, terminal and NAF network element
CN113411187B (en) Identity authentication method and system, storage medium and processor
CN114765534B (en) Private key distribution system and method based on national secret identification cryptographic algorithm
KR20110083886A (en) Apparatus and method for other portable terminal authentication in portable terminal
CN106209730B (en) Method and device for managing application identifier
US20210256102A1 (en) Remote biometric identification
CN108259486B (en) End-to-end key exchange method based on certificate
ES2882925T3 (en) Authentication between a telematics control unit and a central server system
CN110166460B (en) Service account registration method and device, storage medium and electronic device
CN114158046B (en) Method and device for realizing one-key login service
CN111404901A (en) Information verification method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right
TA01 Transfer of patent application right

Effective date of registration: 20230523

Address after: No. 118 Jinghui Dongdao Avenue, Xinwu District, Wuxi City, Jiangsu Province, 214135

Applicant after: Langxin Data Technology Co.,Ltd.

Address before: Room a-3912, building 3, 20 Yong'an Road, Shilong Economic Development Zone, Mentougou District, Beijing

Applicant before: Beijing Siyuan Zhengtong Science and Technology Group Co.,Ltd.

CB02 Change of applicant information
CB02 Change of applicant information

Address after: 2L-1, No. 118 Jinghui East Road, Xinwu District, Wuxi City, Jiangsu Province, 214135

Applicant after: Langxin Data Technology Co.,Ltd.

Address before: No. 118 Jinghui Dongdao Avenue, Xinwu District, Wuxi City, Jiangsu Province, 214135

Applicant before: Langxin Data Technology Co.,Ltd.

GR01 Patent grant
GR01 Patent grant