CN112991042A - Block chain-based identity authentication method, device, system and medium - Google Patents

Block chain-based identity authentication method, device, system and medium Download PDF

Info

Publication number
CN112991042A
CN112991042A CN202110222878.XA CN202110222878A CN112991042A CN 112991042 A CN112991042 A CN 112991042A CN 202110222878 A CN202110222878 A CN 202110222878A CN 112991042 A CN112991042 A CN 112991042A
Authority
CN
China
Prior art keywords
user
information
identity
verified
authentication
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202110222878.XA
Other languages
Chinese (zh)
Inventor
吴芷菡
杨剑
黄剑
舒骁
刘彦平
林国斌
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Industrial and Commercial Bank of China Ltd ICBC
Original Assignee
Industrial and Commercial Bank of China Ltd ICBC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Industrial and Commercial Bank of China Ltd ICBC filed Critical Industrial and Commercial Bank of China Ltd ICBC
Priority to CN202110222878.XA priority Critical patent/CN112991042A/en
Publication of CN112991042A publication Critical patent/CN112991042A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • G06Q40/02Banking, e.g. interest calculation or account maintenance
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Finance (AREA)
  • General Physics & Mathematics (AREA)
  • Accounting & Taxation (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Development Economics (AREA)
  • Economics (AREA)
  • Marketing (AREA)
  • Strategic Management (AREA)
  • Technology Law (AREA)
  • General Business, Economics & Management (AREA)
  • Collating Specific Patterns (AREA)

Abstract

The present disclosure provides an identity authentication method based on a block chain, including: sending an identity recognition request; receiving identity information of a user, wherein the identity information of the user is generated in response to an identity recognition request; generating information to be verified of the user according to the identity information of the user; and verifying the information to be verified according to the authentication information of the user stored in the block chain. The identity verification method and device based on the block chain can be applied to banking business in the financial field, and more particularly can be applied to user identity identification and verification in bank cross-border business.

Description

Block chain-based identity authentication method, device, system and medium
Technical Field
The present disclosure relates to the field of blockchain technologies, and in particular, to a method and an apparatus for identity authentication based on a blockchain, a computer system, and a storage medium. The identity verification method and device based on the block chain can be applied to banking business in the financial field, and more particularly can be applied to user identity identification and verification in bank cross-border business.
Background
Under the existing bank system, when a bank client transacts partial business, the bank client can transact the business only after the online counter verification of the original identity card is carried out by the user. However, some customers who are temporarily out of the office due to leaving school, business trip, etc. and have media such as bank cards in the office are in urgent need of business handling and cannot go to the counter for handling. At present, if the situation is met, a client is required to designate a representative in the office to carry out agency on the official document, and the handling process of the official document is complex and consumes long time, so that the service quality of the bank and the satisfaction degree of the client are influenced.
Disclosure of Invention
In view of the above, the present disclosure provides an identity verification method, apparatus, computer system and storage medium based on a block chain.
One aspect of the present disclosure provides an identity authentication method based on a blockchain, including: sending an identity recognition request; receiving identity information of a user, the identity information of the user being generated in response to the identity recognition request; generating information to be verified of the user according to the identity information of the user; and verifying the information to be verified according to the authentication information of the user stored in the block chain.
According to an embodiment of the present disclosure, the identity information includes an identity card identifier and a biometric feature, and the generating the to-be-verified information of the user according to the identity information of the user includes: generating an identity characteristic value of the user according to the biological characteristics of the user; and generating the information to be verified of the user according to the identity card identification and the identity characteristic value of the user.
According to an embodiment of the present disclosure, the generating, according to the identity card identifier and the identity feature value of the user, information to be verified of the user includes: and carrying out Hash processing on the identification card identification and the identity characteristic value to obtain the information to be verified.
According to an embodiment of the present disclosure, the method further includes storing authentication information of the user into a blockchain, the storing authentication information of the user into a blockchain includes: receiving an identity authentication request, wherein the identity authentication request comprises identity information of the user; verifying whether registered user retention information comprises identity information of the user; under the condition that the registered user retention information comprises the identity information of the user, generating the authentication information of the user according to the identity information of the user; and storing the authentication information of the user to the block chain.
According to an embodiment of the present disclosure, the identity information includes an identity card identifier and a biometric feature, and the generating the authentication information of the user according to the identity information of the user includes: generating an identity characteristic value of the user according to the biological characteristics of the user; and generating the authentication information of the user according to the identity card identification and the identity characteristic value of the user.
According to an embodiment of the present disclosure, the generating the authentication information of the user according to the identity card identifier and the identity feature value of the user includes: and carrying out Hash processing on the identity card identification and the identity characteristic value to obtain the authentication information.
According to an embodiment of the present disclosure, the verifying the to-be-verified information according to the authentication information of the user stored in the block chain includes: verifying whether the authentication information of the user is the same as the information to be verified; and under the condition that the authentication information of the user is determined to be the same as the information to be verified, the information to be verified passes the verification.
According to an embodiment of the present disclosure, the biometric feature includes at least one of facial information and fingerprint information.
Another aspect of the present disclosure provides an identity authentication apparatus based on a blockchain, including: the sending module is used for sending an identity recognition request; a first receiving module, configured to receive identity information of a user, where the identity information of the user is generated in response to the identity identification request; the first generation module is used for generating the information to be verified of the user according to the identity information of the user; and the first verification module is used for verifying the information to be verified according to the authentication information of the user stored in the block chain.
Another aspect of the present disclosure provides a computer-readable storage medium storing computer-executable instructions for implementing the method as described above when executed.
Another aspect of the disclosure provides a computer program comprising computer executable instructions for implementing the method as described above when executed.
Another aspect of the present disclosure provides a computer system comprising: one or more processors; storage means for storing one or more programs, wherein the one or more programs, when executed by the one or more processors, cause the one or more processors to implement the method as described above.
According to the embodiment of the disclosure, a technical means of sending an identity identification request, receiving identity information of a user, generating information to be verified of the user according to the identity information of the user, and verifying the information to be verified according to authentication information of the user stored in a block chain is adopted. The identity information of the overseas user is matched and verified based on the authentication information of the overseas user stored in the block chain, and the time and space limitation of identity verification is broken, so that the technical problems that in the related technology, when an domestic agent handles business for the overseas user, the handling process is complex and the time consumption is long are at least partially overcome, and the technical effect of effectively improving the bank service quality and the customer satisfaction degree is further achieved.
Drawings
The above and other objects, features and advantages of the present disclosure will become more apparent from the following description of embodiments of the present disclosure with reference to the accompanying drawings, in which:
fig. 1 schematically illustrates an exemplary system architecture to which block chain based authentication methods and apparatus may be applied, according to an embodiment of the present disclosure;
fig. 2 schematically illustrates a flow chart of a block chain based authentication method according to an embodiment of the present disclosure;
FIG. 3 schematically shows a flowchart of a method for generating information to be authenticated of a user according to identity information of the user according to an embodiment of the present disclosure;
FIG. 4 schematically illustrates a flow chart of a method of storing authentication information of a user to a blockchain according to an embodiment of the present disclosure;
FIG. 5 schematically illustrates a flow chart of a method of generating authentication information for a user from identity information of the user according to an embodiment of the disclosure;
fig. 6 schematically shows a flowchart of a method of verifying information to be verified according to authentication information of a user stored in a blockchain according to an embodiment of the present disclosure;
fig. 7 schematically illustrates an apparatus block diagram for blockchain-based authentication, in accordance with an embodiment of the present disclosure; and
FIG. 8 schematically shows a block diagram of a computer system according to an embodiment of the disclosure.
Detailed Description
Hereinafter, embodiments of the present disclosure will be described with reference to the accompanying drawings. It should be understood that the description is illustrative only and is not intended to limit the scope of the present disclosure. In the following detailed description, for purposes of explanation, numerous specific details are set forth in order to provide a thorough understanding of the embodiments of the disclosure. It may be evident, however, that one or more embodiments may be practiced without these specific details. Moreover, in the following description, descriptions of well-known structures and techniques are omitted so as to not unnecessarily obscure the concepts of the present disclosure.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the disclosure. The terms "comprises," "comprising," and the like, as used herein, specify the presence of stated features, steps, operations, and/or components, but do not preclude the presence or addition of one or more other features, steps, operations, or components.
All terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art unless otherwise defined. It is noted that the terms used herein should be interpreted as having a meaning that is consistent with the context of this specification and should not be interpreted in an idealized or overly formal sense.
Where a convention analogous to "at least one of A, B and C, etc." is used, in general such a construction is intended in the sense one having skill in the art would understand the convention (e.g., "a system having at least one of A, B and C" would include but not be limited to systems that have a alone, B alone, C alone, a and B together, a and C together, B and C together, and/or A, B, C together, etc.). Where a convention analogous to "A, B or at least one of C, etc." is used, in general such a construction is intended in the sense one having skill in the art would understand the convention (e.g., "a system having at least one of A, B or C" would include but not be limited to systems that have a alone, B alone, C alone, a and B together, a and C together, B and C together, and/or A, B, C together, etc.).
The existing bank cross-border service needs an overseas client to designate a sponsor to take a document for agency, and the dealing process of the document is complex and consumes a long time. The cross-border business processing also has the problems of time difference and the like, and if the cross-border business processing is carried out by bank outlets of internal and external parties simultaneously and online, the resources consumed for authentication and processing are too large, and the economic benefit is not high.
In view of this, embodiments of the present disclosure provide an identity authentication method and apparatus based on a block chain. The method comprises sending an identification request; receiving identity information of a user, wherein the identity information of the user is generated in response to an identity recognition request; generating information to be verified of the user according to the identity information of the user; and verifying the information to be verified according to the authentication information of the user stored in the block chain.
Fig. 1 schematically illustrates an exemplary system architecture 100 to which block chain based authentication methods and apparatus may be applied, according to an embodiment of the present disclosure. It should be noted that fig. 1 is only an example of a system architecture to which the embodiments of the present disclosure may be applied to help those skilled in the art understand the technical content of the present disclosure, and does not mean that the embodiments of the present disclosure may not be applied to other devices, systems, environments or scenarios.
As shown in fig. 1, the system architecture 100 according to this embodiment may include an information collecting apparatus 101, a PC client 102, and a switch 103 at an intranet site, an information collecting apparatus 101, a PC client 102, and a switch 103 at an overseas site, and further include a private bank network, an intelligent portable device 104, a firewall 105, a load balancer 106, a bank application service cluster 107, and a block chain platform 108.
According to the embodiment of the disclosure, the information acquisition devices 101 of the domestic and overseas websites can be devices such as an identification card reader, a face information acquisition device and a fingerprint collector, and can be used for acquiring identification card information, face information, fingerprint information and the like of a user.
The PC client 102 of the domestic site may send a business transaction request to the bank application service cluster 107 through the switch 103 of the domestic site and the private network of the bank. The PC client 102 of the foreign site can send a business transaction request to the bank application service cluster 107 through the switch 103 of the foreign site and the private network of the bank. The service transaction request may be a cross-border service transaction request, and the cross-border service request may include, for example, a cross-border identification request and a transaction service request after identification is passed. The PC client 102 of the domestic network point also has corresponding configuration software for controlling and adjusting the information acquisition equipment 101 of the domestic network point, and the PC client 102 of the overseas network point also has corresponding configuration software for controlling and adjusting the information acquisition equipment 101 of the overseas network point.
The switch 103 of the domestic site is used for the PC client of the domestic site to interact with the bank application server 107. The switch 103 of the outbound network point is used for PC clients of the outbound network point to interact with the bank application server 107.
The smart portable device 104 may be various electronic devices such as a smart phone, a computer, etc. with a camera and a fingerprint acquisition device, and is used for acquiring the identity information of an overseas user when the overseas user performs service handling at an overseas site, and interacting with the bank application server 107 after being verified by the firewall 105 through the public network.
The firewall 105 is used to screen requests to access the bank application server 107 to control risk.
The load balancer 106 is configured to receive a request for asking the bank application server 107, and send the request to a bank application server of a corresponding service, for example, a face recognition authentication request is sent to a recognition algorithm server, and a result returned by the server is received and returned to the application end.
The bank application server cluster 107 may be an existing bank application service cluster and may be used to process different business requests, respectively. The bank application server cluster 107 is mainly composed of an operating system and a computer server of a database management system, and can be used for storing basic information related to users, receiving and checking acquired information, identifying face information, identity card information and fingerprint information, and performing next-step business processing according to an identification result.
The blockchain platform 108 is configured to store the identity information of the overseas user applying the cross-border identity authentication request, and verify whether the identity information of the user applying the cross-border service request is consistent with the stored identity information of the overseas user. It can be understood that the overseas user applies for the cross-border identification request online, and the identity information of the overseas user can be written into the block chain for storage after the audit is passed, so that the identity information of the overseas user passing the audit cannot be tampered.
For example, an overseas user transacts a cross-border authentication service at an overseas site, acquires identification card information, facial information, and fingerprint information of the overseas user through the information acquisition apparatus 101 of the overseas site, and the PC client 102 of the overseas site transmits the identification card information, facial information, and fingerprint information of the overseas user to the bank application server 107 through a private network security channel of the bank. The bank application server 107 verifies the identification card information, the face information and the fingerprint information of the overseas user, processes the identification card information, the face information and the fingerprint information of the overseas user by using a preset algorithm after the verification is passed, generates authentication information of the overseas user, and writes the authentication information into the block chain for storage.
It can be understood that the overseas user transacts the identity authentication service at the overseas site, generating the authentication information of the overseas user, which can be used to verify whether the transactor is the user himself or herself. The authentication information of the overseas user is stored in the block chain, so that the non-tampering property of the identity authentication result of the overseas user can be ensured, the chain matching verification can be performed when the overseas user is in service, and a service handling mode which is not limited by time and space is stopped for the overseas client which cannot handle the service abroad due to some reason.
Specifically, after the overseas user transacts the cross-border identification service through the overseas network, the domestic agent can be entrusted to transact the service at the domestic site. When the domestic agent goes to the domestic network for the overseas user to take the business, the domestic network needs to verify the identity information of the overseas user, and then the validity of the domestic agent is verified. Specifically, the PC client 102 at the domestic site initiates a request for verifying the identity information of the overseas user to the bank application server 107, the bank application server 107 sends an identity recognition request to the intelligent portable device 104 of the overseas user, the portable device 104 receives the identity recognition request, invokes a camera and a fingerprint acquisition device to acquire the face information and fingerprint information of the overseas user, sends the acquired face information, fingerprint information and identification information of the overseas user to the bank application server 107, the bank application server 107 processes the received face information, fingerprint information and identification information by using a preset algorithm to obtain the to-be-verified information of the overseas user, verifies that the to-be-verified information is compared with the authentication information of the overseas user stored in the block chain platform 108, and if the comparison result is consistent, the identity verification of the overseas user is successful, the domestic agent is shown as a legal agent, and the domestic network can process the applied agent service.
It can be understood that when the domestic agent is used for the overseas user agent service, the identification information of the overseas user is subjected to on-chain matching verification based on the authentication information of the overseas user stored in the block chain, so that the time and space limitations of the identification verification are broken, and the bank service quality and the customer satisfaction are effectively improved.
It should be noted that the identity authentication method based on the blockchain provided by the embodiment of the present disclosure may be generally performed by the bank application server 107. Accordingly, the identity verification device based on the blockchain provided by the embodiment of the present disclosure may be generally disposed in the bank application server 107.
It should be understood that the number of information gathering devices 101, PC clients 102, switches 103, private banking networks, intelligent portable devices 104, firewalls 105, load balancers 106, bank application service clusters 107, and blockchain platforms 108 in fig. 1 are merely illustrative. There may be any number of information gathering devices 101, PC clients 102, switches 103, private banking networks, intelligent portable devices 104, firewalls 105, load balancers 106, bank application service clusters 107, and blockchain platforms 108, as desired for an implementation.
Fig. 2 schematically shows a flow chart of a block chain based identity verification method according to an embodiment of the present disclosure.
As shown in fig. 2, the method includes operations S201 to S204.
In operation S201, an identification request is transmitted.
According to the embodiment of the disclosure, the foreign user entrusts the domestic agent to handle the business at the domestic outlet, and the domestic agent can hold media such as a bank card and the like handled by the foreign user in the domestic outlet to handle the business at the domestic outlet during the business hours of the domestic bank outlet. The identity information of the outside user needs to be verified for the outside user agent service, and the validity of the inside agent is further verified.
Specifically, the overseas client can keep contact with the domestic agent, and the domestic agent informs the overseas user to start handling the service, so that the overseas user is required to ensure normal network communication of the portable equipment in the service handling process, and can receive the cross-border identity identification request.
According to the embodiment of the disclosure, the PC client of the domestic network initiates a request for verifying the identity information of the overseas user to the bank application server, and the bank application server sends a cross-border identity recognition request to the intelligent portable equipment of the overseas user.
According to the embodiment of the disclosure, the intelligent portable equipment of the overseas user receives the cross-border identity identification request, establishes a secure connection channel with the bank application server, calls the camera and the fingerprint acquisition device to acquire the facial information and the fingerprint information of the overseas user, and sends the acquired facial information, the fingerprint information and the identification card information of the overseas user as the user identity information to the bank application server through the secure connection channel.
In operation S202, identity information of a user is received. Wherein the identity information of the user is generated in response to the identification request.
According to the embodiment of the disclosure, the bank application server receives the face information, the fingerprint information and the identity card information of the overseas user, which are sent by the intelligent portable equipment of the overseas user, and the identity card information can be an identity card number, for example.
In operation S203, information to be authenticated of the user is generated according to the identity information of the user.
According to the embodiment of the disclosure, the face information and the fingerprint information of the overseas user represent the biological characteristics of the overseas user, the feature information of the overseas user can be generated according to the face information and the fingerprint information of the overseas user, and then the feature information and the identity card information of the overseas user are subjected to hash processing to generate the information to be verified of the overseas user.
In operation S204, the information to be verified is verified according to the authentication information of the user stored in the block chain.
According to the embodiment of the disclosure, the block chain stores the authentication information of the overseas user who passes the identity authentication, and the authentication information is generated when the overseas user applies for transacting the cross-border identity authentication service at the overseas website. Specifically, the overseas user applies for an identity authentication service at an overseas website, the device acquisition apparatus of the overseas website acquires the facial information and fingerprint information of the overseas user, can generate the characteristic information of the overseas user according to the facial information and the fingerprint information, and performs hash processing on the characteristic information and the identity card information of the overseas user to generate the authentication information of the overseas user. The authentication information can verify whether the transactor is the overseas user, and the authentication information is stored in the blockchain, so that the identity authentication result of the overseas user can be prevented from being tampered.
According to the embodiment of the disclosure, the information to be verified of the overseas user can be compared with the authentication information of the overseas user stored in the block chain, if the comparison result is consistent, the identity verification of the overseas user is successful, which indicates that the domestic agent is a legal agent, and the domestic outlet can process the applied agent service. If the comparison result is not consistent, the authentication of the overseas user fails, and the service transaction is ended.
According to an embodiment of the present disclosure, an identity recognition request is sent; receiving identity information of a user, wherein the identity information of the user is generated in response to an identity recognition request; generating information to be verified of the user according to the identity information of the user; and verifying the information to be verified according to the authentication information of the user stored in the block chain. When the domestic agent is used for the overseas user agent service, the identity information of the overseas user is matched and verified based on the authentication information of the overseas user stored in the block chain, so that the time and space limitation of identity verification is broken, and the bank service quality and the customer satisfaction degree are effectively improved.
The method shown in fig. 2 is further described with reference to fig. 3-6 in conjunction with specific embodiments.
Fig. 3 schematically shows a flowchart of a method for generating information to be authenticated of a user according to identity information of the user according to an embodiment of the present disclosure.
As shown in fig. 3, the method includes operations S331 to S332.
In operation S331, an identity feature value of a user is generated according to a biometric feature of the user.
In operation S332, information to be verified of the user is generated according to the identity card identifier and the identity feature value of the user.
According to the embodiment of the disclosure, after receiving the identity information of the overseas user, the bank application server performs feature extraction on the face information and the fingerprint information of the overseas user, and then performs encryption processing to obtain the feature value u 'corresponding to the overseas user, and performs hash processing on the feature value u' and the identity card number to generate the character string h (u '+ ID') to be verified.
Fig. 4 schematically shows a flowchart of a method of storing authentication information of a user to a blockchain according to an embodiment of the present disclosure.
As shown in fig. 4, the method includes operations S401 to S404.
In operation S401, an identity authentication request is received.
According to the embodiment of the disclosure, the overseas user transacts the cross-border identity authentication service at the overseas website, and the authentication result is stored in the block chain, so that the on-chain matching verification can be performed when the domestic agent transacts the service for the overseas user, and the time and space limitations of identity verification are broken.
According to the embodiment of the disclosure, after the overseas website worker verifies the identity of the overseas user as the person, the information acquisition device of the overseas website collects the identity card information, the face information and the fingerprint information of the overseas user, and the PC client of the overseas website sends an identity authentication request to the bank application server, wherein the identity authentication request comprises the identity card information, the face information and the fingerprint information of the overseas user.
In operation S402, it is verified whether identity information of the user is included in the registered user retention information.
According to the embodiment of the disclosure, the bank application server verifies whether the overseas user is a legal user registered in the country, and verifies whether the face information and the fingerprint information are consistent with the reserved information of the registered user.
In operation S403, in a case where it is determined that the registered user retention information includes the identity information of the user, authentication information of the user is generated according to the identity information of the user.
According to the embodiment of the disclosure, under the condition that the overseas user is verified to be a legal user registered in the country and the face information and the fingerprint information are verified to be consistent with the reserved information of the registered user, the feature information of the overseas user can be generated according to the face information and the fingerprint information of the overseas user, and then the authentication information of the overseas user is generated after the feature information and the identity card information of the overseas user are subjected to hash processing.
In operation S404, authentication information of a user is stored to a block chain.
According to the embodiment of the disclosure, the authentication information is written into the block chain for storage, that is, the offline identity authentication result of the overseas user at the overseas website is written into the chain for storage. Because of the non-tamper property of the block chain technology, the external user authentication information written in the block chain can be read and verified at any time by internal and external nodes, and the space limit and the time limit of the traditional offline authentication are broken.
Fig. 5 schematically shows a flowchart of a method of generating authentication information of a user from identity information of the user according to an embodiment of the present disclosure.
As shown in fig. 5, the method includes operations S531 to S532.
In operation S531, an identity feature value of the user is generated according to the biometric feature of the user.
In operation S532, authentication information of the user is generated according to the identity card identifier and the identity feature value of the user.
According to the embodiment of the disclosure, feature extraction and encryption processing are performed on the identification card information and the face information of the overseas user to obtain the feature information u for the overseas, the feature information u and the identification card information are subjected to hash processing to generate h (u + ID) which is used as the authentication information of the overseas user, and the authentication information h (u + ID) is written into the blockchain storage.
Fig. 6 schematically shows a flowchart of a method for verifying information to be verified according to authentication information of a user stored in a blockchain according to an embodiment of the present disclosure.
As shown in fig. 6, the method includes operations S641 to S643.
In operation S641, it is verified whether the authentication information of the user is identical to the information to be verified. If the two are the same, operation S642 is performed, and if not, operation S643 is performed.
In operation S642, the proxy service is processed.
In operation S643, the proxy service is ended.
According to the embodiment of the disclosure, the character string h (u '+ ID') to be verified can be compared with the authentication information h (u + ID) stored in the block chain, if the comparison result is consistent, the verification of the information to be verified is determined to be successful, the proxy service can be continuously processed, and if the comparison result is inconsistent, the verification of the information to be verified is determined to be failed, and the proxy service is ended.
Fig. 7 schematically illustrates an apparatus block diagram of blockchain-based authentication according to an embodiment of the present disclosure.
As shown in fig. 7, the apparatus 700 for identity verification based on blockchain includes a sending module 701, a first receiving module 702, a first generating module 703 and a first verifying module 704.
The sending module 701 is configured to send an identification request.
The first receiving module 702 is configured to receive identity information of a user, where the identity information of the user is generated in response to an identity identification request;
the first generating module 703 is configured to generate information to be verified of the user according to the identity information of the user;
the first verification module 704 is configured to verify the information to be verified according to the authentication information of the user stored in the blockchain.
According to the embodiment of the present disclosure, the identity information includes an identity card identifier and a biometric feature, and the first generating module 703 is specifically configured to generate an identity feature value of the user according to the biometric feature of the user; and generating the information to be verified of the user according to the identity card identification and the identity characteristic value of the user.
According to the embodiment of the present disclosure, the first generating module 703 is specifically configured to perform hash processing on the identification card identifier and the identity characteristic value to obtain information to be verified.
According to an embodiment of the present disclosure, the apparatus 700 for identity verification based on a blockchain further includes a second receiving module, a second verifying module, a second generating module, and a storing module.
The second receiving module is used for receiving an identity authentication request, and the identity authentication request comprises identity information of a user.
The second verification module is used for verifying whether the registered user retention information comprises the identity information of the user.
The second generation module is used for generating the authentication information of the user according to the identity information of the user under the condition that the registered user retention information comprises the identity information of the user.
The storage module is used for storing the authentication information of the user to the block chain.
According to an embodiment of the present disclosure, the second generating module is specifically configured to generate an identity feature value of the user according to a biological feature of the user; and generating authentication information of the user according to the identity card identification and the identity characteristic value of the user.
According to the embodiment of the disclosure, the second generation module is specifically configured to perform hash processing on the identity card identifier and the identity feature value to obtain the authentication information.
According to an embodiment of the present disclosure, the first verification module 704 is specifically configured to verify whether the authentication information of the user is the same as the information to be verified; and under the condition that the authentication information of the user is determined to be the same as the information to be verified, the information to be verified passes the verification.
According to an embodiment of the present disclosure, the biometric feature includes at least one of face information and fingerprint information.
Any number of modules, sub-modules, units, sub-units, or at least part of the functionality of any number thereof according to embodiments of the present disclosure may be implemented in one module. Any one or more of the modules, sub-modules, units, and sub-units according to the embodiments of the present disclosure may be implemented by being split into a plurality of modules. Any one or more of the modules, sub-modules, units, sub-units according to embodiments of the present disclosure may be implemented at least in part as a hardware circuit, such as a Field Programmable Gate Array (FPGA), a Programmable Logic Array (PLA), a system on a chip, a system on a substrate, a system on a package, an Application Specific Integrated Circuit (ASIC), or may be implemented in any other reasonable manner of hardware or firmware by integrating or packaging a circuit, or in any one of or a suitable combination of software, hardware, and firmware implementations. Alternatively, one or more of the modules, sub-modules, units, sub-units according to embodiments of the disclosure may be at least partially implemented as a computer program module, which when executed may perform the corresponding functions.
For example, any plurality of the sending module 701, the first receiving module 702, the first generating module 703 and the first verifying module 704 may be combined and implemented in one module/unit/sub-unit, or any one of the modules/units/sub-units may be split into a plurality of modules/units/sub-units. Alternatively, at least part of the functionality of one or more of these modules/units/sub-units may be combined with at least part of the functionality of other modules/units/sub-units and implemented in one module/unit/sub-unit. According to the embodiment of the present disclosure, at least one of the sending module 701, the first receiving module 702, the first generating module 703 and the first verifying module 704 may be at least partially implemented as a hardware circuit, such as a Field Programmable Gate Array (FPGA), a Programmable Logic Array (PLA), a system on a chip, a system on a substrate, a system on a package, an Application Specific Integrated Circuit (ASIC), or may be implemented by hardware or firmware in any other reasonable manner of integrating or packaging a circuit, or implemented by any one of three implementations of software, hardware and firmware, or implemented by a suitable combination of any several of them. Alternatively, at least one of the sending module 701, the first receiving module 702, the first generating module 703 and the first verifying module 704 may be at least partially implemented as a computer program module, which, when executed, may perform a corresponding function.
It should be noted that the identity verification device part based on the block chain in the embodiment of the present disclosure corresponds to the identity verification method part based on the block chain in the embodiment of the present disclosure, and the description of the identity verification device part based on the block chain specifically refers to the identity verification method part based on the block chain, and is not described herein again.
FIG. 8 schematically illustrates a block diagram of a computer system suitable for implementing the above-described method, according to an embodiment of the present disclosure. The computer system illustrated in FIG. 8 is only one example and should not impose any limitations on the scope of use or functionality of embodiments of the disclosure.
As shown in fig. 8, a computer system 800 according to an embodiment of the present disclosure includes a processor 801 that can perform various appropriate actions and processes according to a program stored in a Read Only Memory (ROM)802 or a program loaded from a storage section 808 into a Random Access Memory (RAM) 803. The processor 801 may include, for example, a general purpose microprocessor (e.g., a CPU), an instruction set processor and/or associated chipset, and/or a special purpose microprocessor (e.g., an Application Specific Integrated Circuit (ASIC)), among others. The processor 801 may also include onboard memory for caching purposes. The processor 801 may include a single processing unit or multiple processing units for performing different actions of the method flows according to embodiments of the present disclosure.
In the RAM 803, various programs and data necessary for the operation of the system 800 are stored. The processor 801, the ROM 802, and the RAM 803 are connected to each other by a bus 804. The processor 801 performs various operations of the method flows according to the embodiments of the present disclosure by executing programs in the ROM 802 and/or RAM 803. Note that the programs may also be stored in one or more memories other than the ROM 802 and RAM 803. The processor 801 may also perform various operations of method flows according to embodiments of the present disclosure by executing programs stored in the one or more memories.
System 800 may also include an input/output (I/O) interface 805, also connected to bus 804, according to an embodiment of the disclosure. The system 800 may also include one or more of the following components connected to the I/O interface 805: an input portion 806 including a keyboard, a mouse, and the like; an output section 807 including a signal such as a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and the like, and a speaker; a storage portion 808 including a hard disk and the like; and a communication section 809 including a network interface card such as a LAN card, a modem, or the like. The communication section 809 performs communication processing via a network such as the internet. A drive 810 is also connected to the I/O interface 805 as necessary. A removable medium 811 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is mounted on the drive 810 as necessary, so that a computer program read out therefrom is mounted on the storage section 808 as necessary.
According to embodiments of the present disclosure, method flows according to embodiments of the present disclosure may be implemented as computer software programs. For example, embodiments of the present disclosure include a computer program product comprising a computer program embodied on a computer readable storage medium, the computer program containing program code for performing the method illustrated by the flow chart. In such an embodiment, the computer program can be downloaded and installed from a network through the communication section 809 and/or installed from the removable medium 811. The computer program, when executed by the processor 801, performs the above-described functions defined in the system of the embodiments of the present disclosure. The systems, devices, apparatuses, modules, units, etc. described above may be implemented by computer program modules according to embodiments of the present disclosure.
The present disclosure also provides a computer-readable storage medium, which may be contained in the apparatus/device/system described in the above embodiments; or may exist separately and not be assembled into the device/apparatus/system. The computer-readable storage medium carries one or more programs which, when executed, implement the method according to an embodiment of the disclosure.
According to an embodiment of the present disclosure, the computer-readable storage medium may be a non-volatile computer-readable storage medium. Examples may include, but are not limited to: a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the present disclosure, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
For example, according to embodiments of the present disclosure, a computer-readable storage medium may include the ROM 802 and/or RAM 803 described above and/or one or more memories other than the ROM 802 and RAM 803.
Embodiments of the present disclosure also include a computer program product comprising a computer program containing program code for performing the method provided by the embodiments of the present disclosure, when the computer program product is run on an electronic device, the program code being configured to cause the electronic device to implement the blockchain-based authentication method provided by the embodiments of the present disclosure.
The computer program, when executed by the processor 801, performs the above-described functions defined in the system/apparatus of the embodiments of the present disclosure. The systems, apparatuses, modules, units, etc. described above may be implemented by computer program modules according to embodiments of the present disclosure.
In one embodiment, the computer program may be hosted on a tangible storage medium such as an optical storage device, a magnetic storage device, or the like. In another embodiment, the computer program may also be transmitted in the form of a signal on a network medium, distributed, downloaded and installed via communication section 809, and/or installed from removable media 811. The computer program containing program code may be transmitted using any suitable network medium, including but not limited to: wireless, wired, etc., or any suitable combination of the foregoing.
In accordance with embodiments of the present disclosure, program code for executing computer programs provided by embodiments of the present disclosure may be written in any combination of one or more programming languages, and in particular, these computer programs may be implemented using high level procedural and/or object oriented programming languages, and/or assembly/machine languages. The programming language includes, but is not limited to, programming languages such as Java, C + +, python, the "C" language, or the like. The program code may execute entirely on the user computing device, partly on the user device, partly on a remote computing device, or entirely on the remote computing device or server. In the case of a remote computing device, the remote computing device may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computing device (e.g., through the internet using an internet service provider).
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions. Those skilled in the art will appreciate that various combinations and/or combinations of features recited in the various embodiments and/or claims of the present disclosure can be made, even if such combinations or combinations are not expressly recited in the present disclosure. In particular, various combinations and/or combinations of the features recited in the various embodiments and/or claims of the present disclosure may be made without departing from the spirit or teaching of the present disclosure. All such combinations and/or associations are within the scope of the present disclosure.
The embodiments of the present disclosure have been described above. However, these examples are for illustrative purposes only and are not intended to limit the scope of the present disclosure. Although the embodiments are described separately above, this does not mean that the measures in the embodiments cannot be used in advantageous combination. The scope of the disclosure is defined by the appended claims and equivalents thereof. Various alternatives and modifications can be devised by those skilled in the art without departing from the scope of the present disclosure, and such alternatives and modifications are intended to be within the scope of the present disclosure.

Claims (12)

1. An identity authentication method based on a block chain comprises the following steps:
sending an identity recognition request;
receiving identity information of a user, the identity information of the user being generated in response to the identity recognition request;
generating information to be verified of the user according to the identity information of the user;
and verifying the information to be verified according to the authentication information of the user stored in the block chain.
2. The method of claim 1, wherein the identity information comprises an identification card and a biometric feature, and the generating the information to be verified of the user according to the identity information of the user comprises:
generating an identity characteristic value of the user according to the biological characteristics of the user;
and generating the information to be verified of the user according to the identity card identification and the identity characteristic value of the user.
3. The method of claim 2, wherein the generating the to-be-verified information of the user according to the identity card identifier and the identity feature value of the user comprises:
and carrying out Hash processing on the identification card identification and the identity characteristic value to obtain the information to be verified.
4. The method of claim 1, further comprising storing authentication information of the user into a blockchain, the storing authentication information of the user into a blockchain comprising:
receiving an identity authentication request, wherein the identity authentication request comprises identity information of the user;
verifying whether registered user retention information comprises identity information of the user;
under the condition that the registered user retention information comprises the identity information of the user, generating the authentication information of the user according to the identity information of the user;
and storing the authentication information of the user to the block chain.
5. The method of claim 4, wherein the identity information comprises an identification card and a biometric feature, and the generating authentication information of the user from the identity information of the user comprises:
generating an identity characteristic value of the user according to the biological characteristics of the user;
and generating the authentication information of the user according to the identity card identification and the identity characteristic value of the user.
6. The method of claim 5, wherein the generating authentication information of the user according to the identity card identification and the identity characteristic value of the user comprises:
and carrying out Hash processing on the identity card identification and the identity characteristic value to obtain the authentication information.
7. The method of claim 1, wherein the verifying the information to be verified according to the authentication information of the user stored in the blockchain comprises:
verifying whether the authentication information of the user is the same as the information to be verified;
and under the condition that the authentication information of the user is determined to be the same as the information to be verified, the information to be verified passes the verification.
8. The method of claim 2 or 5, the biometric characteristic comprising at least one of facial information and fingerprint information.
9. An identity verification device based on a blockchain, comprising:
the sending module is used for sending an identity recognition request;
a first receiving module, configured to receive identity information of a user, where the identity information of the user is generated in response to the identity identification request;
the first generation module is used for generating the information to be verified of the user according to the identity information of the user;
and the first verification module is used for verifying the information to be verified according to the authentication information of the user stored in the block chain.
10. A computer system, comprising:
one or more processors;
a memory for storing one or more programs,
wherein the one or more programs, when executed by the one or more processors, cause the one or more processors to implement the method of any of claims 1-8.
11. A computer readable storage medium having stored thereon executable instructions which, when executed by a processor, cause the processor to carry out the method of any one of claims 1 to 8.
12. A computer program product comprising a computer program which, when executed by a processor, implements the method according to any one of claims 1 to 8.
CN202110222878.XA 2021-02-26 2021-02-26 Block chain-based identity authentication method, device, system and medium Pending CN112991042A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110222878.XA CN112991042A (en) 2021-02-26 2021-02-26 Block chain-based identity authentication method, device, system and medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110222878.XA CN112991042A (en) 2021-02-26 2021-02-26 Block chain-based identity authentication method, device, system and medium

Publications (1)

Publication Number Publication Date
CN112991042A true CN112991042A (en) 2021-06-18

Family

ID=76351425

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110222878.XA Pending CN112991042A (en) 2021-02-26 2021-02-26 Block chain-based identity authentication method, device, system and medium

Country Status (1)

Country Link
CN (1) CN112991042A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113656785A (en) * 2021-07-30 2021-11-16 中金金融认证中心有限公司 Method for identity authentication and authentication service of bank user and related product
CN113657998A (en) * 2021-09-02 2021-11-16 中国银行股份有限公司 People searching method and device based on block chain
CN115051856A (en) * 2022-06-16 2022-09-13 中国银行股份有限公司 Block chain-based biological verification information input method, device and equipment

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107888384A (en) * 2017-11-30 2018-04-06 中链科技有限公司 A kind of identity data management method, system and computer-readable recording medium
CN108521418A (en) * 2018-04-04 2018-09-11 广州广电运通金融电子股份有限公司 A kind of identity identifying method and system merging block chain and living things feature recognition
CN110555296A (en) * 2019-08-01 2019-12-10 阿里巴巴集团控股有限公司 identity verification method, device and equipment based on block chain

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107888384A (en) * 2017-11-30 2018-04-06 中链科技有限公司 A kind of identity data management method, system and computer-readable recording medium
CN108521418A (en) * 2018-04-04 2018-09-11 广州广电运通金融电子股份有限公司 A kind of identity identifying method and system merging block chain and living things feature recognition
CN110555296A (en) * 2019-08-01 2019-12-10 阿里巴巴集团控股有限公司 identity verification method, device and equipment based on block chain
CN111859347A (en) * 2019-08-01 2020-10-30 创新先进技术有限公司 Identity verification method, device and equipment based on block chain

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113656785A (en) * 2021-07-30 2021-11-16 中金金融认证中心有限公司 Method for identity authentication and authentication service of bank user and related product
CN113656785B (en) * 2021-07-30 2024-07-02 中金金融认证中心有限公司 Method for carrying out identity authentication and authentication service on bank user and related products
CN113657998A (en) * 2021-09-02 2021-11-16 中国银行股份有限公司 People searching method and device based on block chain
CN115051856A (en) * 2022-06-16 2022-09-13 中国银行股份有限公司 Block chain-based biological verification information input method, device and equipment

Similar Documents

Publication Publication Date Title
US10796379B2 (en) Handing requests in a consensus network
CN105306490B (en) Payment verifying system, method and device
CN112991042A (en) Block chain-based identity authentication method, device, system and medium
US9578004B2 (en) Authentication of API-based endpoints
AU2015202710B2 (en) System and method enabling multiparty and multi level authorizations for accessing confidential information
US9892404B2 (en) Secure identity authentication in an electronic transaction
CN111523147A (en) Block chain-based core method and related hardware
US11763548B2 (en) Monitoring devices at enterprise locations using machine-learning models to protect enterprise-managed information and resources
CN109450872A (en) Method for authenticating user identity, system, storage medium and electronic equipment
US20190197530A1 (en) Location based wallets
CN113191902A (en) Transaction processing method and device based on block chain, electronic equipment and medium
WO2016083987A1 (en) Method of and system for obtaining proof of authorisation of a transaction
US11094174B1 (en) Intelligent processing of broken or failed ATM transactions
US20210233165A1 (en) Systems and methods for distributed ledger based global credit scoring
CN112669040A (en) Identity authentication system based on information security
CN112182653A (en) Service processing method, device, equipment and storage medium
US11769127B2 (en) Intelligent processing of broken or failed ATM transactions
US20240073029A1 (en) Multi-Computer System For User Authentication Based on Client-Side One-Time Passcode
US20230012019A1 (en) Application Programming Interface (API)-enabled Automated Compliance Verification and Processing
US9619826B1 (en) Third-party authentication systems and methods
CN117436045A (en) Service processing method and device, electronic equipment and computer readable storage medium
CN117494087A (en) Information verification method, device, equipment and storage medium
CN117763517A (en) Cloud data-based refund account verification method, system, terminal and storage medium
CN116703576A (en) Trade detection method and device, storage medium and electronic equipment
CN116311441A (en) Identity verification method, device, system, storage medium and program product

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination