[go: up one dir, main page]

CN113704712B - Identity authentication method, device, system and electronic device - Google Patents

Identity authentication method, device, system and electronic device Download PDF

Info

Publication number
CN113704712B
CN113704712B CN202010439564.0A CN202010439564A CN113704712B CN 113704712 B CN113704712 B CN 113704712B CN 202010439564 A CN202010439564 A CN 202010439564A CN 113704712 B CN113704712 B CN 113704712B
Authority
CN
China
Prior art keywords
identity
authenticated
entity object
blockchain
authentication
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010439564.0A
Other languages
Chinese (zh)
Other versions
CN113704712A (en
Inventor
朱江
贺虎
韩鹏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Kingsoft Cloud Network Technology Co Ltd
Original Assignee
Beijing Kingsoft Cloud Network Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Kingsoft Cloud Network Technology Co Ltd filed Critical Beijing Kingsoft Cloud Network Technology Co Ltd
Priority to CN202010439564.0A priority Critical patent/CN113704712B/en
Publication of CN113704712A publication Critical patent/CN113704712A/en
Application granted granted Critical
Publication of CN113704712B publication Critical patent/CN113704712B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

The invention provides an identity authentication method, an identity authentication device, an identity authentication system and electronic equipment, which are used for sending an identity authentication request to an identity authentication service according to an acquired identity mark of an entity object to be authenticated so as to authenticate the identity of the entity object to be authenticated, wherein the identity authentication service acquires an authentication result of the entity object to be authenticated recorded on a first blockchain and/or a second blockchain according to the identity mark, and receives the authentication result sent by the identity authentication service. According to the method, the entity object to be authenticated can acquire the authentication result of the entity object to be authenticated recorded on the first block chain and/or the second block chain through the identity authentication service according to the identity identification only by carrying out identity authentication once, so that the coexistence sharing of the identity authentication data in the same group or the mutual authentication intercommunication of the identity authentication data among groups is realized, and the efficiency of identity authentication is improved.

Description

Identity authentication method, device, system and electronic equipment
Technical Field
The present invention relates to the field of blockchain technologies, and in particular, to an identity authentication method, apparatus, system, and electronic device.
Background
In the real world, people, things, groups, etc. can be regarded as entities; there are a variety of credential data in the real world that describe the identity of entities, or relationships between entities, such as identity cards, travel cards, deposit certificates, prescriptions, graduation certificates, real estate certificates, and the like. These credential data of the entity need to be provided when verifying the identity of the entity; once the entity verifies the identity, the original identity data needs to be provided once, so that the operation is complex, and the risk of data leakage is easily caused.
Disclosure of Invention
In view of the above, the present invention aims to provide an identity authentication method, an identity authentication device, an identity authentication system and an electronic device, so as to simplify the identity authentication process and protect the data security.
In a first aspect, an embodiment of the present invention provides an identity authentication method, including: acquiring an identity of an entity object to be authenticated; according to the identity, an identity authentication request is sent to an identity authentication service, wherein the identity authentication request is used for requesting to authenticate the identity of the entity object to be authenticated, the identity authentication service is used for acquiring an authentication result of the entity object to be authenticated recorded on a first blockchain and/or a second blockchain according to the identity, and the objects to which the first blockchain and the second blockchain belong are different; and receiving the authentication result sent by the identity authentication service in response to the identity authentication request.
In a second aspect, an embodiment of the present invention provides an identity authentication method, including: acquiring an identity authentication request sent by a terminal device, wherein the identity authentication request is used for requesting authentication of the identity of an entity object to be authenticated; acquiring the identity of the entity object to be authenticated according to the identity authentication request; acquiring an authentication result of the entity object to be authenticated recorded on a first blockchain and/or a second blockchain according to the identity, wherein the objects to which the first blockchain and the second blockchain belong are different; and sending the authentication result to the terminal equipment.
In a third aspect, an embodiment of the present invention provides an identity authentication device, including: the first acquisition module is used for acquiring the identity of the entity object to be authenticated; the first sending module is used for sending an identity authentication request to an identity authentication service according to the identity identifier, wherein the identity authentication request is used for requesting authentication of the identity of the entity object to be authenticated, the identity authentication service is used for acquiring an authentication result of the entity object to be authenticated recorded on a first blockchain and/or a second blockchain according to the identity identifier, and the objects to which the first blockchain and the second blockchain belong are different; and the receiving module is used for receiving the authentication result sent by the identity authentication service in response to the identity authentication request.
In a fourth aspect, an embodiment of the present invention provides an identity authentication device, including: the second acquisition module is used for acquiring an identity authentication request sent by the terminal equipment, wherein the identity authentication request is used for requesting authentication of the identity of the entity object to be authenticated; the third acquisition module is used for acquiring the identity of the entity object to be authenticated according to the identity authentication request; a fourth obtaining module, configured to obtain, according to the identity, an authentication result of the entity object to be authenticated recorded on a first blockchain and/or a second blockchain, where objects to which the first blockchain and the second blockchain belong are different; and the second sending module is used for sending the authentication result to the terminal equipment.
In a fifth aspect, an embodiment of the present invention provides an identity authentication system, where the system includes a terminal device, an identity authentication service, a first blockchain, and a second blockchain; the terminal device is used for: acquiring an identity of an entity object to be authenticated; according to the identity, an identity authentication request is sent to an identity authentication service, wherein the identity authentication request is used for requesting authentication of the identity of the entity object to be authenticated; the authentication service is used for: acquiring an identity authentication request sent by terminal equipment; acquiring the identity of the entity object to be authenticated according to the identity authentication request; acquiring an authentication result of the entity object to be authenticated recorded on a first blockchain and/or a second blockchain according to the identity, wherein the objects to which the first blockchain and the second blockchain belong are different; and sending the authentication result to the terminal equipment.
In a sixth aspect, an embodiment of the present invention provides an electronic device, including a processor and a memory, where the memory stores machine executable instructions executable by the processor, and the processor executes the machine executable instructions to implement the identity authentication method according to any one of the above.
In a seventh aspect, embodiments of the present invention provide a machine-readable storage medium storing machine-executable instructions that, when invoked and executed by a processor, cause the processor to implement the identity authentication method of any one of the first or second aspects.
According to the identity authentication method, the device, the system and the electronic equipment, firstly, an identity authentication request is sent to an identity authentication service according to the acquired identity of the entity object to be authenticated, wherein the identity authentication request is used for requesting authentication of the identity of the entity object to be authenticated, the identity authentication service is used for acquiring an authentication result of the entity object to be authenticated recorded on the first blockchain and/or the second blockchain according to the identity identifier, and then receiving the authentication result sent by the identity authentication service in response to the identity authentication request. According to the method, the entity object to be authenticated can acquire the authentication result of the entity object to be authenticated recorded on the first block chain and/or the second block chain through the identity authentication service according to the identity identification only by carrying out identity authentication once, so that the coexistence sharing of the identity authentication data in the same group or the mutual authentication intercommunication of the identity authentication data among groups is realized, and the efficiency of identity authentication is improved.
Additional features and advantages of the invention will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by practice of the invention. The objectives and other advantages of the invention will be realized and attained by the structure particularly pointed out in the written description and claims hereof as well as the appended drawings.
In order to make the above objects, features and advantages of the present invention more comprehensible, preferred embodiments accompanied with figures are described in detail below.
Drawings
In order to more clearly illustrate the embodiments of the invention or the technical solutions in the prior art, the drawings that are needed in the description of the embodiments or the prior art will be briefly described, it being obvious that the drawings in the description below are some embodiments of the invention and that other drawings may be obtained from these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a flowchart of an identity authentication method according to an embodiment of the present invention;
FIG. 2 is a flowchart of another identity authentication method according to an embodiment of the present invention;
FIG. 3 is a flowchart of another identity authentication method according to an embodiment of the present invention;
FIG. 4 is a flowchart of another identity authentication method according to an embodiment of the present invention;
FIG. 5 is a flowchart of another identity authentication method according to an embodiment of the present invention;
FIG. 6 is a flowchart of another identity authentication method according to an embodiment of the present invention;
FIG. 7 is a schematic diagram of a system architecture for identity authentication according to an embodiment of the present invention;
FIG. 8 is a schematic diagram of a relationship between identity data according to an embodiment of the present invention;
FIG. 9 is a schematic diagram of an identity authentication device according to an embodiment of the present invention;
FIG. 10 is a schematic diagram of another identity authentication device according to an embodiment of the present invention;
FIG. 11 is a schematic diagram of an identity authentication system according to an embodiment of the present invention;
Fig. 12 is a schematic structural diagram of an electronic device according to an embodiment of the present invention.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the embodiments of the present invention more apparent, the technical solutions of the present invention will be clearly and completely described below with reference to the accompanying drawings, and it is apparent that the described embodiments are some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
In the related art, when verifying an identity of an entity, it is generally necessary to provide a plurality of related credential data of the entity; during the process of collecting, preserving, authorizing use, transmitting or authenticating these credential data, there is a risk of data privacy protection and the problem of data islanding within various groups or alliances. The entity identity and trusted data solution in the related technology can bear the trusted mapping of the actual identity of entities such as people or things and the on-chain identity, and realize the safe access authorization and data exchange between the entities. The solution at present mainly comprises two major modules, namely a DID (Decentralized identifier, de-centralized identity) module and a CREDENTIAL (identity credential) module; the DID module realizes a set of distributed multi-center identity identification protocol conforming to the DID specification of W3C (World Wide Web Consortium, world Wide Web alliance) on a FISCO-BCOS block chain bottom layer platform, so that the actual identities of entities such as people or things realize the identity identification on the chain; meanwhile, DID gives entities such as people or things the ability of directly owning and controlling own identity; the FISCO BCOS above can be understood as a fully Open-source federated blockchain underlying technology platform, which is the financial branch of the BCOS (Be Credible, open & Secure, a blockchain technology Open-source platform for enterprise-level application services) Open-source platform.
CREDENTIAL is a verifiable digital certificate, and there are a variety of data in the real world that describe the identity of entities, relationships between entities, such as identity cards, travel certificates, deposit certificates, prescriptions, graduation certificates, real estate certificates, and the like. CREDENTIAL provides a complete set of solutions based on the W3C VC (VC is a software development tool) specification, aimed at standardizing, electronizing this type of data, generating verifiable, exchangeable Credentials (CREDENTIAL). However, the system is a technical scheme of a framework class, and provides no specific solution for the steps of showing and verifying the identity credentials of the clients, obtaining and keeping the identity credentials of the users, and the like. Based on the above, the embodiment of the invention provides an identity authentication method, an identity authentication device, an identity authentication system and electronic equipment, and the technology can be applied to the application of identity authentication of entities such as people, objects or groups.
For the sake of understanding the present embodiment, first, an identity authentication method disclosed in the present embodiment is described in detail, as shown in fig. 1, and the method includes the following steps:
step S102, the identity of the entity object to be authenticated is obtained.
The entity object may include a person, an object, a group, or the like; the identity mark can be understood as an identity mark capable of proving identities of entity objects such as people, objects or groups, and for each entity object, the identity mark is generally unique, or the identity mark and the entity object are generally in one-to-one correspondence; the identity mark can be in various forms such as a two-dimensional code or a bar code; in actual implementation, the identity of the entity object to be authenticated needs to be obtained first, and the identity can be represented by the DID.
Step S104, an identity authentication request is sent to an identity authentication service according to the identity identifier, wherein the identity authentication request is used for requesting authentication of the identity of the entity object to be authenticated, and the identity authentication service is used for acquiring an authentication result of the entity object to be authenticated recorded on the first blockchain and/or the second blockchain according to the identity identifier, wherein the objects to which the first blockchain and the second blockchain belong are different.
The identity authentication service can run on a server; the blockchain can be understood as a shared database, and the data or information stored in the shared database generally has the characteristics of incapability of forging, trace-back, transparency disclosure, collective maintenance and the like; the first blockchain may generally include a plurality of node devices therein; the second blockchain may also typically include a plurality of node devices; the identity authentication service can be in communication connection with the first blockchain and the second blockchain; in actual implementation, the first blockchain or the second blockchain or the first blockchain and the second blockchain generally record the authentication result of the entity object to be authenticated, and after the identity of the entity object to be authenticated is acquired, an identity authentication request is sent to the identity authentication service according to the identity, so that the identity authentication service acquires the authentication result of the entity object to be authenticated recorded on the first blockchain or the second blockchain or the first blockchain and the second blockchain according to the identity. It may be understood that the number of the first blockchains and the second blockchains in the embodiments of the present invention may be multiple, for example, the first blockchain is a blockchain to which an acquirer that acquires an identity of an entity object to be authenticated belongs, one or more blockchains belonging to the acquirer may be included, the second blockchain is a blockchain to which other people or groups other than the acquirer belong, there may be multiple other people or groups other than the acquirer, and one or more blockchains to which other people or groups other than each acquirer belong may also be included. The invention is not limited to a particular number of first and second blockchains.
Step S106, receiving an authentication result sent by the identity authentication service in response to the identity authentication request.
The authentication result may include that the identity authentication of the entity object to be authenticated passes or that the identity authentication of the entity object to be authenticated fails; when authentication is passed, the authentication result generally further includes some related data information of the entity object to be authenticated, for example, real identity information or identity file of the entity object to be authenticated. After sending an identity authentication request to the identity authentication service, receiving an authentication result sent by the identity authentication service in response to the identity authentication request, wherein the number of the authentication result may be one or more, for example, if the authentication result of the entity object to be authenticated is recorded on both the first blockchain and the second blockchain, the number of the received authentication result is a plurality. For another example, the first blockchain is 1, there are no authentication results of the entity object to be authenticated recorded on the first blockchain, the second blockchain is K, where the L blockchains record the authentication results of the entity object to be authenticated, and then L authentication results are received, where K is greater than or equal to 2, L is less than or equal to K, and K and L are both positive integers.
According to the identity authentication method provided by the embodiment of the invention, firstly, an identity authentication request is sent to an identity authentication service according to the acquired identity of the entity object to be authenticated, wherein the identity authentication request is used for requesting authentication of the identity of the entity object to be authenticated, the identity authentication service is used for acquiring an authentication result of the entity object to be authenticated recorded on a first blockchain and/or a second blockchain according to the identity identifier, and then the authentication result sent by the identity authentication service in response to the identity authentication request is received. According to the method, the entity object to be authenticated can acquire the authentication result recorded on the first blockchain and/or the second blockchain for the entity object to be authenticated through the identity authentication service according to the identity identification only by carrying out identity authentication once, so that the coexistence sharing of the identity authentication data in the same group or the mutual authentication intercommunication of the identity authentication data among groups is realized, the efficiency of identity authentication is improved, and the original identity data is not required to be provided for many times, so that the safety of the identity authentication data is improved.
The embodiment of the invention also provides another identity authentication method, which is realized on the basis of the method of the embodiment; in the method, under the condition that the identity of the entity object to be authenticated is stored in a first blockchain, the identity of the entity object to be authenticated stored in the first blockchain is used for indicating an authentication result of passing authentication of the entity object to be authenticated, wherein an identity file corresponding to the identity of the entity object to be authenticated is also stored in the first blockchain.
Under the condition that the identity of the entity object to be authenticated is stored in the second blockchain, the identity of the entity object to be authenticated stored in the second blockchain is used for indicating an authentication result passing through the authentication of the entity object to be authenticated, wherein an identity file corresponding to the identity of the entity object to be authenticated is also stored in the second blockchain; the identity file is used for providing an access mode of the real identity information of the entity object to be authenticated; authentication results generally include: the true identity information and/or identity profile of the entity object to be authenticated.
The identity profile may be understood as a set of data sets meeting preset criteria for describing the corresponding identity characteristics, for example, the identity profile may include an access address of the real identity information of the entity object to be authenticated, but does not include the real identity information of the entity object to be authenticated; in actual implementation, the identity profile is typically stored in a distributed storage system; the above-mentioned true identity information can be understood as specific attribute or characteristic data of the entity object to be authenticated, and also can be understood as digital identity key data and original data, such as name, certificate number, contact phone, picture or original file of the entity object to be authenticated; in actual implementation, if the identity of the entity object to be authenticated is stored in the first blockchain, the first blockchain records an authentication result that the entity object to be authenticated passes through; if the identity of the entity object to be authenticated is stored in the second blockchain, the second blockchain records an authentication result of passing the authentication of the entity object to be authenticated; the authentication result typically also includes: the true identity information of the entity object to be authenticated, or the identity file, or both the true identity information and the identity file of the entity object to be authenticated are contained.
As shown in fig. 2, the method comprises the steps of:
Step S202, the identity of the entity object to be authenticated is obtained.
Step S204, an identity authentication request is sent to an identity authentication service according to the identity identifier, wherein the identity authentication request is used for requesting authentication of the identity of the entity object to be authenticated, and the identity authentication service is used for acquiring an authentication result of the entity object to be authenticated recorded on the first blockchain and/or the second blockchain according to the identity identifier, wherein the objects to which the first blockchain and the second blockchain belong are different.
Step S206, receiving the authentication result sent by the identity authentication service in response to the identity authentication request.
Step S208, sending an authentication result selection instruction to the identity authentication service; the authentication result selection instruction is used for selecting a target authentication result from the authentication results.
The above target authentication result may be understood as selecting one from one or more authentication results as the target authentication result. In practical implementation, for the same entity object to be authenticated, after sending an identity authentication request to an identity authentication service according to the obtained identity of the entity object to be authenticated, multiple authentication results may be received, for example, the identities of the entity object to be authenticated are stored in the first blockchain and the second blockchain at the same time, and the identity authentication service may obtain multiple authentication results of the entity object to be authenticated recorded in the first blockchain and the second blockchain according to the identities, and then an authentication result selection instruction is generally required to be sent to the identity authentication service to select a target authentication result from the multiple authentication results.
Step S210, receiving the identity file and/or the true identity information of the entity object to be authenticated, which is sent by the identity authentication service based on the target authentication result.
In actual implementation, the target authentication result generally includes the real identity information or the identity file of the entity object to be authenticated, or both the real identity information and the identity file of the entity object to be authenticated, and after the target authentication result is determined from the multiple authentication results, the real identity information or the identity file of the entity object to be authenticated, or both the real identity information and the identity file of the entity object to be authenticated, sent by the identity authentication service based on the target authentication result, can be received.
It should be noted that, the first blockchain and the second blockchain may respectively correspond to different groups, and the groups include a plurality of entity objects; the group may also be called a union, and in actual implementation, the group may be a bank, where the group includes branches of the bank; the first blockchain or the second blockchain corresponding to the group stores the identity of the registered user of each branch of the bank; the objects to which the first blockchain and the second blockchain belong are generally different, for example, the first blockchain corresponds to a bank a, the object thereof is a user of the bank a, the second blockchain corresponds to a bank B, the object thereof is a user of the bank B, and the like.
In the following, the first blockchain is taken as an example corresponding to the bank a, and because the identity of the registered user of each branch of the bank a is stored in the first blockchain, if the user completes registration in one of the branches of the bank a, when the user needs to transact business in other branches of the bank a, the user does not need to register again, and the authentication result can be obtained by directly performing the identity authentication according to the identity of the user stored in the first blockchain.
Taking a bank A corresponding to a first blockchain and a bank B corresponding to a second blockchain as an example, the first blockchain and the second blockchain are in communication connection with an identity authentication service; if the user completes registration in the bank A, the identity of the user is stored in the first blockchain, when the user transacts business in the bank B, the identity of the user is acquired from the first blockchain through the identity authentication service without re-registration, and the authentication result can be obtained by directly carrying out identity authentication according to the identity.
Through the identity authentication mode, the user does not need to provide the original identity data such as the identity card, the academic license, the driving license and the like for many times, so that the original identity data of the user can be effectively protected, if the user presents the original identity data for many times, the original identity data is easy to leak, the invention adopts the mode that the user only needs to perform identity authentication or registration once, the generated corresponding identity mark is stored in the corresponding first blockchain or the second blockchain, the identity authentication service obtains the authentication result of the entity object to be authenticated recorded on the first blockchain and/or the second blockchain according to the identity mark, so that the coexistence sharing of the identity authentication data in the same group can be realized, or the mutual authentication and intercommunication of the identity authentication data among groups can be realized without the need of re-carrying out identity authentication or registration by the user, the authentication can be completed, the user can be prevented from showing the original identity data for many times, and the purpose of protecting the original identity data is achieved.
According to the other identity authentication method provided by the embodiment of the invention, firstly, an identity authentication request is sent to an identity authentication service according to the acquired identity of the entity object to be authenticated, then an authentication result sent by the identity authentication service in response to the identity authentication request is received, finally, an authentication result selection instruction is sent to the identity authentication service to select a target authentication result from the authentication result, and the identity file and/or the real identity information of the entity object to be authenticated, sent by the identity authentication service based on the target authentication result, are received. According to the method, the entity object to be authenticated can acquire the authentication result recorded on the first blockchain and/or the second blockchain for the entity object to be authenticated through the identity authentication service according to the identity identification only by carrying out identity authentication once, so that the coexistence sharing of the identity authentication data in the same group or the mutual authentication intercommunication of the identity authentication data among groups is realized, the efficiency of identity authentication is improved, and the original identity data is not required to be provided for many times, so that the safety of the identity authentication data is improved.
The embodiment of the invention also provides another identity authentication method, as shown in fig. 3, which comprises the following steps:
step S302, an identity authentication request sent by a terminal device is obtained, wherein the identity authentication request is used for requesting authentication of the identity of an entity object to be authenticated.
The terminal equipment can be a terminal such as a computer or a mobile phone; when the identity authentication is needed in actual implementation, an identity authentication request for requesting to authenticate the identity of the entity object to be authenticated, which is sent by a terminal such as a computer or a mobile phone, needs to be acquired.
Step S304, according to the identity authentication request, the identity of the entity object to be authenticated is obtained.
The authentication request generally contains authentication materials required for identity authentication; for example, when the entity object to be authenticated is a person, taking into account that each person has a unique identification card number corresponding to the person, a corresponding identification mark can be obtained according to the identification card number contained in the identification authentication request; in actual implementation, after an identity authentication request sent by a terminal device is obtained, an identity identifier corresponding to the entity object to be authenticated is generally obtained based on authentication materials contained in the identity authentication request.
Step S306, according to the identity, the authentication result of the entity object to be authenticated recorded on the first blockchain and/or the second blockchain is obtained, and the objects to which the first blockchain and the second blockchain belong are different.
Step S308, the authentication result is sent to the terminal equipment.
According to the other identity authentication method provided by the embodiment of the invention, firstly, the identity of the entity object to be authenticated is obtained according to the obtained identity authentication request sent by the terminal equipment; and then, according to the identity, acquiring an authentication result of the entity object to be authenticated recorded on the first blockchain and/or the second blockchain, and finally, sending the authentication result to the terminal equipment. According to the method, the entity object to be authenticated can acquire the authentication result recorded on the first blockchain and/or the second blockchain for the entity object to be authenticated through the identity authentication service according to the identity identification only by carrying out identity authentication once, so that the coexistence sharing of the identity authentication data in the same group or the mutual authentication intercommunication of the identity authentication data among groups is realized, the efficiency of identity authentication is improved, and the original identity data is not required to be provided for many times, so that the safety of the identity authentication data is improved.
The embodiment of the invention also provides another identity authentication method, which is realized on the basis of the method of the embodiment; the method mainly describes a specific process of acquiring an authentication result of an entity object to be authenticated recorded on a first blockchain and/or a second blockchain according to an identity, and specifically corresponds to the following steps S406 to S414; as shown in fig. 4, the method comprises the steps of:
Step S402, an identity authentication request sent by a terminal device is obtained, wherein the identity authentication request is used for requesting authentication of an identity of an entity object to be authenticated.
Step S404, according to the identity authentication request, the identity of the entity object to be authenticated is obtained.
Step S406, a storage result of the identity is obtained, wherein the storage result is used for indicating whether the identity of the entity object to be authenticated is stored in the first blockchain and the second blockchain.
When the identity of the entity object to be authenticated is obtained in actual implementation, whether the identity of the entity object to be authenticated is stored in the first block chain and the second block chain is required to be confirmed; for example, taking the first blockchain corresponding to the bank a and the second blockchain corresponding to the bank B as an example, if the user opens an account for the first time at the bank, the identity of the entity object to be authenticated is not stored in the first blockchain corresponding to the bank a and the second blockchain corresponding to the bank B; if the user opens a household in bank A or bank B, the identity of the entity object to be authenticated is stored in the first blockchain or the second blockchain.
Step S408, determining the authentication result of the entity object to be authenticated recorded on the first blockchain and/or the second blockchain according to the storage result, wherein the identity of the entity object to be authenticated stored in the first blockchain is used for indicating that the first blockchain records the authentication result of the entity object to be authenticated passing through authentication under the condition that the identity of the entity object to be authenticated is stored in the first blockchain, and the identity of the entity object to be authenticated stored in the second blockchain is used for indicating that the second blockchain records the authentication result of the entity object to be authenticated passing through authentication under the condition that the identity of the entity object to be authenticated is stored in the second blockchain.
After the storage result is obtained, determining a first blockchain or a second blockchain or authentication results of the entity object to be authenticated recorded in the first blockchain and the second blockchain according to the storage result, and if the identity of the entity object to be authenticated is stored in the first blockchain, indicating that the first blockchain records authentication results passing through the authentication of the entity object to be authenticated; if the identity of the entity object to be authenticated is stored in the second blockchain, the second blockchain records an authentication result of passing the authentication of the entity object to be authenticated; if the identity of the entity object to be authenticated is stored in the first block chain and the second block chain at the same time, the first block chain and the second block chain record the authentication result that the entity object to be authenticated passes through the authentication.
Step S410, obtaining an authentication result selection instruction sent by a terminal device; the authentication result selection instruction is used for selecting a target authentication result from the authentication results.
In actual implementation, for the same entity object to be authenticated, multiple authentication results of the entity object to be authenticated recorded on the first blockchain and the second blockchain may be obtained, and then an authentication result selection instruction sent by the terminal device is generally required to be obtained to select a target authentication result from the multiple authentication results.
Step S412, determining a target authentication result based on the authentication result selection instruction.
Determining a target authentication result from a plurality of authentication results according to the acquired authentication result selection instruction; for example, when the first blockchain and the second blockchain record the authentication result of the entity object to be authenticated at the same time, if the authentication result selection instruction indicates that the authentication result of the entity object to be authenticated recorded in the first blockchain is selected, the authentication result of the entity object to be authenticated recorded in the first blockchain is determined to be the target authentication result according to the authentication result selection instruction.
Step S414, based on the target authentication result, authenticates the true identity information of the entity object to be authenticated. Specifically, the step S414 may be implemented by the following step one or the following step two:
Step one, under the condition that a target authentication result is recorded by a first blockchain, an identity file corresponding to the identity of an entity object to be authenticated is also stored in the first blockchain; the identity file is used for providing an access mode of the real identity information of the entity object to be authenticated. Inquiring an identity file corresponding to the identity of the entity object to be authenticated from the first blockchain; and obtaining an authentication result of the entity object to be authenticated through the queried identity file.
In actual implementation, if the authentication result of the entity object to be authenticated recorded in the first blockchain is determined as the target authentication result, the identity file corresponding to the identity of the entity object to be authenticated is queried from the first blockchain, and the identity file generally provides an access mode of the real identity information of the entity object to be authenticated, for example, information such as an access address of the real identity information of the entity object to be authenticated, and the authentication result of the entity object to be authenticated is obtained according to the queried identity file.
Step two, under the condition that the target authentication result is recorded by a second blockchain, an identity file corresponding to the identity of the entity object to be authenticated is also stored in the second blockchain; the identity file is used for providing an access mode of the real identity information of the entity object to be authenticated. Inquiring an identity file corresponding to the identity of the entity object to be authenticated from the second blockchain; and obtaining an authentication result of the entity object to be authenticated through the queried identity file.
In actual implementation, if the authentication result of the entity object to be authenticated recorded in the second blockchain is determined as the target authentication result, the identity file corresponding to the identity of the entity object to be authenticated is queried from the second blockchain, and the identity file generally provides an access mode of the real identity information of the entity object to be authenticated, for example, information such as an access address of the real identity information of the entity object to be authenticated, and the authentication result of the entity object to be authenticated is obtained according to the queried identity file.
Step S416, the authentication result is sent to the terminal equipment.
According to the other identity authentication method provided by the embodiment of the invention, firstly, the identity of the entity object to be authenticated is obtained according to the obtained identity authentication request sent by the terminal equipment; and then obtaining a storage result of the identity mark, determining an authentication result of the entity object to be authenticated recorded on the first blockchain and/or the second blockchain according to the storage result, and finally sending the authentication result to the terminal equipment. According to the method, the entity object to be authenticated can acquire the authentication result recorded on the first blockchain and/or the second blockchain for the entity object to be authenticated through the identity authentication service according to the identity identification only by carrying out identity authentication once, so that the coexistence sharing of the identity authentication data in the same group or the mutual authentication intercommunication of the identity authentication data among groups is realized, the efficiency of identity authentication is improved, and the original identity data is not required to be provided for many times, so that the safety of the identity authentication data is improved.
The embodiment of the invention also provides another identity authentication method, which is realized on the basis of the method of the embodiment; the method mainly describes a specific process of acquiring an authentication result of an entity object to be authenticated recorded on a first blockchain according to an identity, and specifically corresponds to the following step S506 to step S508; the identity file is used for providing an access mode of the real identity information of the entity object to be authenticated; as shown in fig. 5, the method comprises the steps of:
Step S502, an identity authentication request sent by a terminal device is obtained, wherein the identity authentication request is used for requesting authentication of an identity of an entity object to be authenticated.
Step S504, according to the identity authentication request, the identity of the entity object to be authenticated is obtained.
Step S506, under the condition that the identity of the entity object to be authenticated is stored in the first blockchain, the identity file corresponding to the identity of the entity object to be authenticated is queried from the first blockchain.
Step S508, obtaining the authentication result of the entity object to be authenticated through the queried identity file.
Step S510, the authentication result is sent to the terminal equipment.
According to the other identity authentication method provided by the embodiment of the invention, firstly, the identity of the entity object to be authenticated is obtained according to the obtained identity authentication request sent by the terminal equipment; under the condition that the identity of the entity object to be authenticated is stored in the first blockchain, inquiring an identity file corresponding to the identity of the entity object to be authenticated from the first blockchain, obtaining an authentication result of the entity object to be authenticated through the inquired identity file, and finally sending the authentication result to the terminal equipment. According to the method, the entity object to be authenticated can acquire the authentication result recorded on the first blockchain and/or the second blockchain for the entity object to be authenticated through the identity authentication service according to the identity identification only by carrying out identity authentication once, so that the coexistence sharing of the identity authentication data in the same group or the mutual authentication intercommunication of the identity authentication data among groups is realized, the efficiency of identity authentication is improved, and the original identity data is not required to be provided for many times, so that the safety of the identity authentication data is improved.
The embodiment of the invention also provides another identity authentication method, which is realized on the basis of the method of the embodiment; the method mainly describes a specific process of acquiring an authentication result of an entity object to be authenticated recorded on a second blockchain according to an identity, and specifically corresponds to the following steps S606 to S608; the identity file is used for providing an access mode of the real identity information of the entity object to be authenticated; the identity profile typically includes a hash value of the real identity information of the entity object and an access address of the real identity information of the entity object, but does not contain the real identity information of the entity object; in actual implementation, the identity profile is typically stored in a distributed storage system; the hash value can be understood as that the real identity information of the entity object is mapped into shorter data through a certain hash Algorithm, such as an Algorithm of MD5 (MESSAGE DIGEST Algorithm 5, fifth edition of message digest Algorithm), SHA-1 (Secure Hash Algorithm 1 ) and the like, the smaller data is the hash value of the real identity information of the entity object, once the real identity information of the entity object changes, the corresponding hash value also changes, namely, the real identity information of the entity object and the hash value are in one-to-one correspondence; the above access address may be understood as an address storing real identity information of an entity object, and may be represented by a URI (Uniform Resource Identifier ) in actual implementation; the identity profile typically also includes data information such as public keys, certificates, services, etc. corresponding to the identity.
The real identity information generally comprises identity credentials of the entity object; the identity credential is used for proving that the entity object has specified identity attribute; the identity credential may be understood as a verifiable electronic credential provided by the entity object for proving the identity of the entity object; the number of the identity certificates can be a plurality of, for example, a driving certificate, a social security card or related qualification certificate of the entity object; the identity attribute may be understood as a specific identity, for example, if the identity document is a driver license, the driver license may prove that the entity object is qualified for driving, which has the corresponding driver identity attribute.
As shown in fig. 6, the method includes the steps of:
step S602, an identity authentication request sent by a terminal device is obtained, wherein the identity authentication request is used for requesting authentication of an identity of an entity object to be authenticated.
Step S604, according to the identity authentication request, the identity of the entity object to be authenticated is obtained.
Step S606, under the condition that the identity of the entity object to be authenticated is stored in the second blockchain, the identity file corresponding to the identity of the entity object to be authenticated is queried from the second blockchain.
Step S608, obtaining the authentication result of the entity object to be authenticated through the queried identity file.
Specifically, the step S608 may be specifically implemented by the following steps three to six:
Thirdly, acquiring the real identity information of the entity object to be authenticated through the access address in the queried identity file; and verifying whether the real identity information of the entity object to be authenticated is tampered or not through the hash value in the queried identity file.
In actual implementation, the real identity information of the entity object to be authenticated is usually stored in a distributed storage system, and is not directly stored on the blockchain, but an access address and a hash value of the real identity information of the entity object to be authenticated are stored on the blockchain; when the identity of the entity object to be authenticated is required to be authenticated, the real identity information of the entity object to be authenticated can be obtained through the access address; because the hash value and the real identity information of the entity object to be authenticated are in one-to-one correspondence, if the queried hash value changes, the falsification of the real identity information of the entity object to be authenticated can be confirmed; if the queried hash value is not changed, the fact that the true identity information of the entity object to be authenticated is not tampered can be confirmed.
And step four, if the real identity information of the entity object to be authenticated is not tampered, acquiring the identity credential of the entity object to be authenticated from the real identity information of the entity object to be authenticated.
If the hash value in the queried identity file is unchanged, namely the real identity information of the entity object to be authenticated is not tampered, the identity certificate of the entity object to be authenticated can be obtained from the real identity information of the entity object to be authenticated; in practical implementation, in some special application scenarios, it may be further required to obtain related identity credentials of the entity object to be authenticated, and verify the identity credentials, for example, in recruitment scenarios, it is insufficient for the recruiter to obtain only the identity credentials of the recruiter, and further it is required to obtain related identity credentials such as an academic certificate, and the like of the recruiter; in the traffic control department, a driver's license and the like are required to be acquired; at this time, the required relevant identity credentials are required to be obtained from the real identity information of the entity object to be authenticated according to different application scenarios.
Step five, verifying whether the acquired identity certificate is legal or not; if the identity credential is legal, determining that the entity object to be authenticated has the identity attribute corresponding to the identity credential.
After acquiring the relevant identity credentials of the entity object to be authenticated, it is usually required to verify whether the identity credentials are legal, for example, after the recruiter acquires the identity credentials such as the academic credentials and the academic credentials of the recruiter, the authenticity of the credentials needs to be confirmed; after the traffic management department obtains the driver license, the traffic management department needs to verify whether the vehicle type driven by the driver exceeds the range of the standard driving vehicle type approved by the driver license or not, if the identity certificate is legal, the entity object to be authenticated can be confirmed to have the identity attribute corresponding to the identity certificate, for example, if the academic certificate and the academic certificate of the recruiter are legal, the recruiter is indicated to have corresponding academic and academic degrees; if the driver's license is legal, it means that the driver is allowed to drive the corresponding vehicle.
And step six, determining the true identity information and/or identity file of the entity object to be authenticated as an authentication result of the entity object to be authenticated.
If the true identity information of the entity object to be authenticated is not tampered, determining the true identity information, or the identity file, or the true identity information and the identity file of the entity object to be authenticated as an authentication result of the entity object to be authenticated.
Step S610, the authentication result is sent to the terminal device.
According to the other identity authentication method provided by the embodiment of the invention, firstly, the identity of the entity object to be authenticated is obtained according to the obtained identity authentication request sent by the terminal equipment; under the condition that the identity of the entity object to be authenticated is stored in the second blockchain, inquiring an identity file corresponding to the identity of the entity object to be authenticated from the second blockchain, obtaining an authentication result of the entity object to be authenticated through the inquired identity file, and finally sending the authentication result to the terminal equipment. According to the method, the entity object to be authenticated can acquire the authentication result recorded on the first blockchain and/or the second blockchain for the entity object to be authenticated through the identity authentication service according to the identity identification only by carrying out identity authentication once, so that the coexistence sharing of the identity authentication data in the same group or the mutual authentication intercommunication of the identity authentication data among groups is realized, the efficiency of identity authentication is improved, and the original identity data is not required to be provided for many times, so that the safety of the identity authentication data is improved.
In actual use, the first blockchain may include a first coalition chain; the second blockchain may include a second federation chain; the first alliance chain, the second alliance chain and the identity authentication service can be connected through a preset relay service engine; the alliance can be understood as a blockchain service group consisting of a plurality of members, and the alliance members are taken as participants to participate in the construction of a blockchain network together; a federation chain can be understood as a licensed blockchain managed by several groups together, each group running one or more nodes, wherein data only allows different groups in the system to read, write and send transactions, and together record transaction data; in actual implementation, the first federation chain and the second federation chain may be intra-group federation chains, where the intra-group federation chains may be understood as a federation deployed only inside a group; the identity authentication service can realize authorization data interaction among different organizations, groups or groups; the relay service engine can provide unified data relay bridging service for the first alliance chain, the second alliance chain and the identity authentication service, and in actual implementation, the first alliance chain, the second alliance chain and the identity authentication service are commonly mutually authenticated and intercommunicated through unified identity identification specifications, such as DID specifications.
In order to further understand the above embodiments, an identity chain is taken as an example to illustrate, where the identity chain provides a solution for associating, collecting, storing, transmitting and authenticating entity attribute features such as people, objects, groups and the like in the real world with identity credential identifiers in the virtual world, the identity chain stores hash values of digital identity key data and hash values of original data of entity objects on a blockchain, and the digital identity key data and the original data can be stored in a distributed storage system.
According to the positioning difference of the identity chain functions in different scenes, the identity chain is divided into an intra-group identity chain (corresponding to the first blockchain and/or the second blockchain) and an open identity chain (corresponding to the identity authentication service), wherein the intra-group identity chain can be understood as an intra-group alliance chain which is deployed in a specific organization group and comprehensively manages entity identity data in the group, the intra-group alliance chain is deployed in different industry groups, such as banks, insurance, enterprise groups and the like, the data storage and use are required to be supervised by related industry supervision departments, and related supervision requirements are required to be met in design. The open identity chain can be understood as an open alliance chain for carrying out entity identity data encryption transmission, authorization use and authenticity authentication among different organization groups, and the requirements of data privacy protection, supervision, data authorization use and the like are considered in design. The intra-group identity chain and the open identity chain can be used as independent products, for example, the open identity chain can be understood as a single service, the intra-group identity chain is an apparent product, and the open identity chain can provide services to the outside through an interface and is connected with the intra-group identity chain 1, the intra-group identity chain 2 or the intra-group identity chain 3; only the node devices of the identity chain in the group are required to provide relevant data through the interface. The intra-group identity chain and the open identity chain can also be combined into the same product.
In actual implementation, the intra-group identity chain can be an intra-group alliance chain used for coexisting and sharing digital credential data, and real-name authentication among all node devices in the group is provided; the open identity chain can adopt an open alliance chain for ecological intercommunicating of digital credential data, and provides identity authentication of the identity chain in a group crossing the group; the two are constructed on different alliance chains, namely an identity chain system adopts an intra-group alliance chain and an open alliance chain double-chain architecture; the two chains interact with each other through the unified DID specification and the relay service engine. For example, if a group corresponds to a bank, the open identity chain can be used for identity authentication of entity objects to be authenticated among a plurality of different banks.
In the following, a part of terms related to an identity chain are explained, wherein a group can be understood as a main body for deploying the identity chain in the group, is an owner side of an identity chain platform in the group and is also a participant of an open identity chain, a group DID can be understood as a system DID of the identity chain in the group, the group also belongs to a management mechanism, the management mechanism can be understood as a mechanism participating in platform operation, can maintain and use personal entity and group entity identity information in the service field, can issue and verify identity credentials, the management mechanism can also maintain branch groups and group user rights, the management mechanism is a group entity, and group users are personal entities; the personal entity can be understood as a DID registration entity by taking a person as a person, and personal identity information can be maintained through a C-terminal Client to authorize the identity information, wherein the C-terminal represents a Consumer personal user Consumer; the group entity takes the group as a DID registration entity, and can maintain the identity information of enterprises or organizations through the Client at the B end and authorize the identity information; the B end represents Business of the enterprise user.
In actual implementation, each group is usually provided with a specific supervisor, and the supervisor has a super key of the group; the supervision party is an industry supervision unit of a group where the identity chain is deployed, has supervision authority on the operation and data of the identity chain in the group, and can perform unlimited query operation on the data in the group system through supervision clients.
To further understand the above embodiment, a schematic diagram of a system architecture of identity authentication shown in fig. 7 is provided below, where the system architecture includes an open identity chain (corresponding to the above identity authentication service), a relay service engine, and a plurality of intra-group identity chains (corresponding to the above first blockchain or the second blockchain), where the plurality of intra-group identity chains are respectively intra-group identity chain 1, intra-group identity chain 2 and intra-group identity chain M, the number of intra-group identity chains may be set according to an actual application scenario or requirement, each intra-group identity chain includes a plurality of nodes, such as node 1, node 2 and node N, and the number of nodes included in each intra-group identity chain may also be set according to an actual application scenario or requirement.
The relay service engine can provide unified data relay bridging service for the identity chains and the open identity chains in a plurality of groups, and the identity chains and the open identity chains in the plurality of groups are mutually acknowledged and communicated through unified DID specifications. For example, the identity of the entity object to be authenticated is stored in the intra-group identity chain 1, and when the entity object to be authenticated in the intra-group identity chain 1 sends an identity authentication request to the open identity chain through the terminal equipment, the identity of the entity object to be authenticated is extracted from the identity authentication request; according to the identity, the identity file corresponding to the identity of the entity object to be authenticated is inquired from the intra-group identity chain 1, and according to the inquired identity file, the authentication result of the entity object to be authenticated is obtained, namely the coexistence sharing of the identity authentication data among all node devices in the intra-group identity chain 1 is realized.
Taking the intra-group identity chain 1 and the intra-group identity chain 2 as examples, wherein the intra-group identity chain 1 and the intra-group identity chain 2 are both in communication connection with an open identity chain, and only the identity of the entity object to be authenticated is stored in the intra-group identity chain 2, when the entity object to be authenticated in the intra-group identity chain 1 sends an identity authentication request to the open identity chain through a terminal device, the identity of the entity object to be authenticated is extracted from the identity authentication request; according to the identity, the identity file corresponding to the identity of the entity object to be authenticated is inquired from the intra-group identity chain 2, and according to the inquired identity file, the authentication result of the entity object to be authenticated is obtained, namely the mutual authentication and intercommunication of the identity authentication data between the intra-group identity chain 1 and the intra-group identity chain 2 are realized.
The identity Data of the entity in the real world is mapped onto an identity chain, and its attributes generally include DID (corresponding to the identity), DID Document (corresponding to the identity Document), DID Data (corresponding to the identity information), DID CREDENTIALS (corresponding to the identity credential), and so on.
In an identity chain system, DID may be used to represent a unique identification of an Entity (Entity) person, group, thing, etc. Through DID, the related archive data and verification mode of the entity represented by the DID can be found in the identity chain system. In an alternative embodiment of the present invention, the relevant specifications may be formulated with reference to the W3C Decentralized Identifiers (DIDs) v1.0 specification and the W3C Verifiable CREDENTIALS DATA Model 1.0 specification; wherein, the W3C Decentralized Identifiers (DIDs) v1.0 specification is a distributed ID specification issued by the W3C organization; the W3C Verifiable CREDENTIALS DATA Model 1.0 specification is a verifiable credential data Model specification promulgated by the W3C organization. It should be understood that the specification of the identity, the identity file, the identity information, the identity credential, etc. in the embodiment of the present invention is not limited to the above examples, and the specification of the specific use of the present invention is not limited to the above examples, and the specification, the execution standard, etc. in the embodiment of the present invention are all exemplified.
DID documents can also be understood as DID files, which generally contain a set of data sets conforming to JSON-LD (JavaScript Object Notation for LINKED DATA is an abbreviation for describing the characteristics of the DID, which is a method for representing and transmitting interconnection data based on JSON, wherein JSON can be understood as a lightweight data exchange format), for example, data information including public keys, certificates, services and the like corresponding to the DID, and specific attribute or characteristic data of entities corresponding to the DID, such as names, certificate numbers, contact phones and the like, are not generally contained in the DID documents. If the identity information such as specific attribute or feature data of the entity or other services related to the DID needs to be obtained, the identity information of the corresponding entity provided in the DID Document needs to be obtained from the access address. DID is in a one-to-one relationship with DID documents, which are typically stored on a blockchain rather than a database, or a centralized server, etc.
The DID Data may be understood as a Data set, such as a name, a certificate number, a contact phone, etc., which represents detailed attributes or features of an entity corresponding to the DID and conforms to JSON standards. DID Data does not exist directly on the blockchain, but rather is present by the Data providing or holding group in its own Data system, which may be the group to which the blockchain belongs's own distributed storage system. The URI (corresponding to the above access address) for acquiring the DID Data is defined in the DID Document. The DID Data structure is required to conform to DID DATA SCHEMA definitions.
DID DATA SCHEMA corresponds to a DID Data template, which is typically stored on a blockchain and fully disclosed, wherein information such as DID Data type, attribute definition, KYC (Know Your Customer ) level, etc. is defined.
DID CREDENTIALS corresponds to an identity credential, typically a verifiable electronic credential provided by a group or individual joining the identity chain system to prove the identity of the DID entity. Any number CREDENTIALS of items may be published per DID, one CREDENTIAL possibly containing several Data items in the DID Data. DID CREDENTIAL publishers may be referred to as issuers, and structured data related to entities corresponding to the DID published by the issuers as defined by DID DATA SCHEMA may be referred to as Claim. A Verifier that verifies DID CREDENTIAL the authenticity may be referred to as a Verifier; the Holder of published DID CREDENTIAL may be referred to as a Holder who published to Issuer application DID CREDENTIAL and provided to a Verifier for verification, typically the entity represented by the DID in DID CREDENTIALS. The data structure in DID CREDENTIALS is generally required to conform to the DID CREDENTIAL SCHEMA definition.
DID CREDENTIAL SCHEMA corresponds to a DID identity credential template, typically a verifiable electronic credential provided by a group or individual joining the identity chain system to prove the identity of the DID entity.
To further understand the above embodiment, a schematic diagram of relationship between identity Data is provided below, as shown in fig. 8, where the Entity represents an Entity object to be authenticated, the DID is an identity for representing the Entity, the DID Document is a DID Document for explaining the feature of the DID, where the access address corresponding to the DID Data including the Entity is included, the access address points to the DID Data, and the DID Data is used to specifically describe the detailed attribute or feature of the Entity, based on each DID, the Data items contained in the number DID CREDENTIALS, DID CREDENTIALS may be published, which generally depends on the Data items in the DID Data, and each DID CREDENTIAL may include several Data items in the DID Data.
In the following, a KYC scenario in which an identity chain is applied to a bank is taken as an example for explanation, for example, a client Zhang Mou succeeds in opening an account in a certain bank, when real-name authentication is completed in the process of opening the account, the bank generates a unique DID corresponding to the client Zhang Mou, only basic identity credentials are generated when opening the account, and other derived identity credentials can be regenerated according to later-period requirements; for example, if Zhang Mou arrives at the traffic division, it may be necessary to generate its corresponding driver's license.
If Zhang Mou needs to go to the line of singapore to open an account, zhang Mou needs to resubmit the real-name authentication material once in the line of singapore in the existing mode. When the identity chain system is deployed in the line, zhang Mou only needs to submit real-name authentication materials once in the line, and business can be transacted in all the network points around the line, which is equivalent to an intra-group identity chain application scene, and the scene can be extended to an open identity chain application scene, for example, the line is combined with other banks or groups to realize the intercommunication of the identity chains, and the real-name authentication materials can be shared under the condition of client authorization to realize the application of the identity chains across groups or organizations. The cross-domain mutual authentication of the driving license and the graduation license can all attempt to apply an identity chain.
In actual implementation, when a customer handles business at other sites of the same bank, only the customer is usually required to provide the DID. If a customer needs to transact a service from another different bank, it is generally necessary to query the DID document from the identity chain storing the identity of the customer based on the DID, and finally obtain the DID data according to the access address of the DID data stored in the DID document.
The embodiment of the invention provides a structural schematic diagram of an identity authentication device, as shown in fig. 9, the device comprises: a first obtaining module 90, configured to obtain an identity of an entity object to be authenticated; the first sending module 91 is configured to send an identity authentication request to an identity authentication service according to an identity identifier, where the identity authentication request is used to request authentication of an identity of an entity object to be authenticated, and the identity authentication service is configured to obtain an authentication result of the entity object to be authenticated recorded on the first blockchain and/or the second blockchain according to the identity identifier, where the objects to which the first blockchain and the second blockchain belong are different; the receiving module 92 is configured to receive an authentication result sent by the authentication service in response to the authentication request.
According to the identity authentication device provided by the embodiment of the invention, firstly, an identity authentication request is sent to an identity authentication service according to the acquired identity of the entity object to be authenticated, wherein the identity authentication request is used for requesting authentication of the identity of the entity object to be authenticated, the identity authentication service is used for acquiring an authentication result of the entity object to be authenticated recorded on the first blockchain and/or the second blockchain according to the identity identifier, and then the authentication result sent by the identity authentication service in response to the identity authentication request is received. In the device, the entity object to be authenticated can acquire the authentication result recorded on the first blockchain and/or the second blockchain for the entity object to be authenticated through the identity authentication service according to the identity identification only by carrying out identity authentication once, so that the coexistence sharing of the identity authentication data in the same group or the mutual authentication intercommunication of the identity authentication data among groups is realized, the efficiency of identity authentication is improved, and the original identity data is not required to be provided for many times, thereby improving the security of the identity authentication data.
Further, under the condition that the identity of the entity object to be authenticated is stored in the first blockchain, the identity of the entity object to be authenticated stored in the first blockchain is used for indicating an authentication result that the entity object to be authenticated passes authentication, wherein an identity file corresponding to the identity of the entity object to be authenticated is also stored in the first blockchain; under the condition that the identity of the entity object to be authenticated is stored in the second blockchain, the identity of the entity object to be authenticated stored in the second blockchain is used for indicating an authentication result passing through the authentication of the entity object to be authenticated, wherein an identity file corresponding to the identity of the entity object to be authenticated is also stored in the second blockchain; the identity file is used for providing an access mode of the real identity information of the entity object to be authenticated; the device is also used for: sending an authentication result selection instruction to the identity authentication service; the authentication result selection instruction is used for selecting a target authentication result from the authentication results; and receiving the identity file and/or the true identity information of the entity object to be authenticated, which is sent by the identity authentication service based on the target authentication result.
Further, under the condition that the identity of the entity object to be authenticated is stored in the first blockchain, the identity of the entity object to be authenticated stored in the first blockchain is used for indicating an authentication result that the entity object to be authenticated passes authentication, wherein an identity file corresponding to the identity of the entity object to be authenticated is also stored in the first blockchain; under the condition that the identity of the entity object to be authenticated is stored in the second blockchain, the identity of the entity object to be authenticated stored in the second blockchain is used for indicating an authentication result passing through the authentication of the entity object to be authenticated, wherein an identity file corresponding to the identity of the entity object to be authenticated is also stored in the second blockchain; the identity file is used for providing an access mode of the real identity information of the entity object to be authenticated; the authentication result includes: the true identity information and/or identity profile of the entity object to be authenticated.
The identity authentication device provided by the embodiment of the invention has the same implementation principle and technical effects as those of the embodiment of the identity authentication method, and for the sake of brief description, the corresponding content in the embodiment of the identity authentication method can be referred to where the embodiment of the identity authentication device is not mentioned.
An embodiment of the present invention provides a schematic structural diagram of another identity authentication device, as shown in fig. 10, where the device includes: a second obtaining module 100, configured to obtain an identity authentication request sent by a terminal device, where the identity authentication request is used to request authentication of an identity of an entity object to be authenticated; a third obtaining module 101, configured to obtain, according to the identity authentication request, an identity of the entity object to be authenticated; a fourth obtaining module 102, configured to obtain, according to the identity, an authentication result of an object to be authenticated recorded on the first blockchain and/or the second blockchain, where the objects to which the first blockchain and the second blockchain belong are different; and the second sending module 103 is used for sending the authentication result to the terminal equipment.
According to the other identity authentication device provided by the embodiment of the invention, firstly, the identity of the entity object to be authenticated is obtained according to the obtained identity authentication request sent by the terminal equipment; and then, according to the identity, acquiring an authentication result of the entity object to be authenticated recorded on the first blockchain and/or the second blockchain, and finally, sending the authentication result to the terminal equipment. In the device, the entity object to be authenticated can acquire the authentication result recorded on the first blockchain and/or the second blockchain for the entity object to be authenticated through the identity authentication service according to the identity identification only by carrying out identity authentication once, so that the coexistence sharing of the identity authentication data in the same group or the mutual authentication intercommunication of the identity authentication data among groups is realized, the efficiency of identity authentication is improved, and the original identity data is not required to be provided for many times, thereby improving the security of the identity authentication data.
Further, the fourth obtaining module 102 is further configured to: obtaining a storage result of the identity mark, wherein the storage result is used for indicating whether the identity mark of the entity object to be authenticated is stored in the first block chain and the second block chain; and determining an authentication result of the entity object to be authenticated recorded on the first blockchain and/or the second blockchain according to the storage result, wherein under the condition that the identity of the entity object to be authenticated is stored in the first blockchain, the identity of the entity object to be authenticated stored in the first blockchain is used for indicating that the first blockchain records the authentication result of the entity object to be authenticated passing through authentication, and under the condition that the identity of the entity object to be authenticated is stored in the second blockchain, the identity of the entity object to be authenticated stored in the second blockchain is used for indicating that the second blockchain records the authentication result of the entity object to be authenticated passing through authentication.
Further, the fourth obtaining module 102 is further configured to: acquiring an authentication result selection instruction sent by terminal equipment; the authentication result selection instruction is used for selecting a target authentication result from the authentication results; determining a target authentication result based on the authentication result selection instruction; based on the target authentication result, the true identity information of the entity object to be authenticated is authenticated.
Further, the fourth obtaining module 102 is further configured to: under the condition that the target authentication result is recorded by the first blockchain, the first blockchain also stores an identity file corresponding to the identity of the entity object to be authenticated; the identity file is used for providing an access mode of the real identity information of the entity object to be authenticated; inquiring an identity file corresponding to the identity of the entity object to be authenticated from the first blockchain; and obtaining an authentication result of the entity object to be authenticated through the queried identity file.
Further, the fourth obtaining module 102 is further configured to: under the condition that the target authentication result is recorded by the second blockchain, the second blockchain also stores an identity file corresponding to the identity of the entity object to be authenticated; the identity file is used for providing an access mode of the real identity information of the entity object to be authenticated; inquiring an identity file corresponding to the identity of the entity object to be authenticated from the second blockchain; and obtaining an authentication result of the entity object to be authenticated through the queried identity file.
Further, under the condition that the identity of the entity object to be authenticated is stored in the first blockchain, an identity file corresponding to the identity of the entity object to be authenticated is also stored in the first blockchain; the identity file is used for providing an access mode of the real identity information of the entity object to be authenticated; the fourth acquisition module 102 is further configured to: under the condition that the identity of the entity object to be authenticated is stored in the first blockchain, inquiring an identity file corresponding to the identity of the entity object to be authenticated from the first blockchain; and obtaining an authentication result of the entity object to be authenticated through the queried identity file.
Further, under the condition that the identity of the entity object to be authenticated is stored in the second blockchain, an identity file corresponding to the identity of the entity object to be authenticated is also stored in the second blockchain; the identity file is used for providing an access mode of the real identity information of the entity object to be authenticated; the fourth acquisition module 102 is further configured to: under the condition that the identity of the entity object to be authenticated is stored in the second blockchain, inquiring an identity file corresponding to the identity of the entity object to be authenticated from the second blockchain; and obtaining an authentication result of the entity object to be authenticated through the queried identity file.
Further, the identity file comprises a hash value of the real identity information of the entity object and an access address of the real identity information of the entity object; the fourth acquisition module 102 is further configured to: acquiring the real identity information of the entity object to be authenticated through the access address in the queried identity file; verifying whether the real identity information of the entity object to be authenticated is tampered or not through the hash value in the queried identity file; if the true identity information of the entity object to be authenticated is not tampered, determining the true identity information and/or identity file of the entity object to be authenticated as an authentication result of the entity object to be authenticated.
Further, the real identity information comprises an identity credential of the entity object; the identity certificate is used for proving that the entity object has specified identity attribute; the fourth acquisition module 102 is further configured to: acquiring an identity credential of the entity object to be authenticated from the real identity information of the entity object to be authenticated; verifying whether the acquired identity certificate is legal or not; if the identity credential is legal, determining that the entity object to be authenticated has the identity attribute corresponding to the identity credential.
The identity authentication device provided by the embodiment of the invention has the same implementation principle and technical effects as those of the embodiment of the identity authentication method, and for the sake of brief description, the corresponding content in the embodiment of the identity authentication method can be referred to where the embodiment of the identity authentication device is not mentioned.
The embodiment of the invention provides an identity authentication system, as shown in fig. 11, which comprises a terminal device 110, an identity authentication service 111, a first blockchain 112 and a second blockchain 113;
The terminal device 110 is configured to: acquiring an identity of an entity object to be authenticated; and sending an identity authentication request to the identity authentication service 111 according to the identity identifier, wherein the identity authentication request is used for requesting authentication of the identity of the entity object to be authenticated.
The authentication service 111 is used to: acquiring an identity authentication request sent by the terminal equipment 110; acquiring the identity of the entity object to be authenticated according to the identity authentication request; according to the identity, acquiring an authentication result of an entity object to be authenticated recorded on the first blockchain 112 and/or the second blockchain 113, wherein the objects of the first blockchain 112 and the second blockchain 113 are different; and sending the authentication result to the terminal equipment.
Through the identity authentication system, the KYC requirement of 'one-time authentication and multiple-time use' inside the same group and the identity data transmission authentication requirement among groups can be considered, namely the solution provided by the application for acquiring and keeping the digital certificates can be considered, the coexistence sharing of the data inside the group and the mutual authentication and intercommunication of the digital certificates among groups or organizations are considered, the data controllability can be realized, and the DID and the method for verifying the certificates can ensure that the KYC is realized but the private data is not exposed.
The embodiment of the present invention further provides an electronic device, referring to fig. 12, where the electronic device includes a processor 130 and a memory 131, where the memory 131 stores machine executable instructions that can be executed by the processor 130, and the processor 130 executes the machine executable instructions to implement the identity authentication method described above.
Further, the electronic device shown in fig. 12 further includes a bus 132 and a communication interface 133, and the processor 130, the communication interface 133, and the memory 131 are connected through the bus 132.
The memory 131 may include a high-speed random access memory (RAM, random Access Memory), and may further include a non-volatile memory (non-volatile memory), such as at least one disk memory. The communication connection between the system network element and at least one other network element is implemented via at least one communication interface 133 (which may be wired or wireless), and may use the internet, a wide area network, a local network, a metropolitan area network, etc. Bus 132 may be an ISA bus, a PCI bus, an EISA bus, or the like. The buses may be classified as address buses, data buses, control buses, etc. For ease of illustration, only one bi-directional arrow is shown in FIG. 12, but not only one bus or type of bus.
The processor 130 may be an integrated circuit chip with signal processing capabilities. In implementation, the steps of the above method may be performed by integrated logic circuitry in hardware or instructions in software in processor 130. The processor 130 may be a general-purpose processor, including a central processing unit (Central Processing Unit, abbreviated as CPU), a network processor (Network Processor, abbreviated as NP), etc.; but may also be a digital signal Processor (DIGITAL SIGNAL Processor, DSP), application Specific Integrated Circuit (ASIC), field-Programmable gate array (FPGA) or other Programmable logic device, discrete gate or transistor logic device, discrete hardware components. The disclosed methods, steps, and logic blocks in the embodiments of the present invention may be implemented or performed. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. The steps of the method disclosed in connection with the embodiments of the present invention may be embodied directly in the execution of a hardware decoding processor, or in the execution of a combination of hardware and software modules in a decoding processor. The software modules may be located in a random access memory, flash memory, read only memory, programmable read only memory, or electrically erasable programmable memory, registers, etc. as well known in the art. The storage medium is located in the memory 131, and the processor 130 reads the information in the memory 131, and in combination with its hardware, performs the steps of the method of the foregoing embodiment.
The embodiment of the invention also provides a machine-readable storage medium, which stores machine-executable instructions that, when being called and executed by a processor, cause the processor to implement the identity authentication method, and the specific implementation can be referred to the method embodiment and will not be described herein.
The identity authentication method, apparatus, system and computer program product of electronic device provided in the embodiments of the present invention include a computer readable storage medium storing program codes, where the instructions included in the program codes may be used to execute the method described in the foregoing method embodiment, and specific implementation may refer to the method embodiment and will not be repeated herein.
The functions, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a computer-readable storage medium. Based on this understanding, the technical solution of the present invention may be embodied essentially or in a part contributing to the prior art or in a part of the technical solution, in the form of a software product stored in a storage medium, comprising several instructions for causing a computer device (which may be a personal computer, a server, a network device, etc.) to perform all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a usb disk, a removable hard disk, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), a magnetic disk, or an optical disk, or other various media capable of storing program codes.
Finally, it should be noted that: the above examples are only specific embodiments of the present invention for illustrating the technical solution of the present invention, but not for limiting the scope of the present invention, and although the present invention has been described in detail with reference to the foregoing examples, it will be understood by those skilled in the art that the present invention is not limited thereto: any person skilled in the art may modify or easily conceive of the technical solution described in the foregoing embodiments, or perform equivalent substitution of some of the technical features, while remaining within the technical scope of the present disclosure; such modifications, changes or substitutions do not depart from the spirit and scope of the technical solutions of the embodiments of the present invention, and are intended to be included in the scope of the present invention. Therefore, the protection scope of the invention is subject to the protection scope of the claims.

Claims (14)

1. An identity authentication method, comprising:
acquiring an identity of an entity object to be authenticated;
according to the identity, an identity authentication request is sent to an identity authentication service, wherein the identity authentication request is used for requesting to authenticate the identity of the entity object to be authenticated, the identity authentication service is used for acquiring an authentication result of the entity object to be authenticated recorded on a first blockchain and/or a second blockchain according to the identity, and the objects to which the first blockchain and the second blockchain belong are different;
receiving the authentication result sent by the identity authentication service in response to the identity authentication request;
Under the condition that the identity of the entity object to be authenticated is stored in the first blockchain, the identity of the entity object to be authenticated stored in the first blockchain is used for indicating an authentication result passing through authentication of the entity object to be authenticated, wherein an identity file corresponding to the identity of the entity object to be authenticated is also stored in the first blockchain;
Under the condition that the identity of the entity object to be authenticated is stored in the second blockchain, the identity of the entity object to be authenticated stored in the second blockchain is used for indicating an authentication result passing through the authentication of the entity object to be authenticated, wherein an identity file corresponding to the identity of the entity object to be authenticated is also stored in the second blockchain; the identity file is used for providing an access mode of the real identity information of the entity object to be authenticated;
the authentication result comprises: and the true identity information and/or the identity file of the entity object to be authenticated.
2. The method of claim 1, wherein the step of determining the position of the substrate comprises,
After the step of receiving the authentication result sent by the authentication service in response to the authentication request, the method further includes:
Sending an authentication result selection instruction to the identity authentication service; the authentication result selection instruction is used for selecting a target authentication result from the authentication results;
And receiving the identity file and/or the real identity information of the entity object to be authenticated, which is sent by the identity authentication service based on the target authentication result.
3. An identity authentication method, comprising:
acquiring an identity authentication request sent by a terminal device, wherein the identity authentication request is used for requesting authentication of the identity of an entity object to be authenticated;
acquiring the identity of the entity object to be authenticated according to the identity authentication request;
acquiring an authentication result of the entity object to be authenticated recorded on a first blockchain and/or a second blockchain according to the identity, wherein the objects to which the first blockchain and the second blockchain belong are different;
Sending the authentication result to the terminal equipment;
Under the condition that the identity of the entity object to be authenticated is stored in the first blockchain, an identity file corresponding to the identity of the entity object to be authenticated is also stored in the first blockchain;
The step of obtaining the authentication result of the entity object to be authenticated recorded on the first blockchain according to the identity mark comprises the following steps:
under the condition that the identity of the entity object to be authenticated is stored in the first blockchain, inquiring an identity file corresponding to the identity of the entity object to be authenticated from the first blockchain;
Obtaining an authentication result of the entity object to be authenticated through the queried identity file;
under the condition that the identity of the entity object to be authenticated is stored in the second blockchain, an identity file corresponding to the identity of the entity object to be authenticated is also stored in the second blockchain; the identity file is used for providing an access mode of the real identity information of the entity object to be authenticated;
the step of obtaining the authentication result of the entity object to be authenticated recorded on the second blockchain according to the identity mark comprises the following steps:
Under the condition that the identity of the entity object to be authenticated is stored in the second blockchain, inquiring an identity file corresponding to the identity of the entity object to be authenticated from the second blockchain;
And obtaining an authentication result of the entity object to be authenticated through the queried identity file.
4. A method according to claim 3, wherein the step of obtaining the authentication result of the entity object to be authenticated recorded on the first blockchain and/or the second blockchain according to the identity comprises: acquiring a storage result of the identity, wherein the storage result is used for indicating whether the identity of the entity object to be authenticated is stored in the first block chain and the second block chain;
And determining an authentication result of the entity object to be authenticated recorded on the first blockchain and/or the second blockchain according to the storage result, wherein the identity of the entity object to be authenticated stored in the first blockchain is used for indicating that the first blockchain records an authentication result of the entity object to be authenticated passing authentication when the identity of the entity object to be authenticated is stored in the first blockchain, and the identity of the entity object to be authenticated stored in the second blockchain is used for indicating that the second blockchain records an authentication result of the entity object to be authenticated passing authentication when the identity of the entity object to be authenticated is stored in the second blockchain.
5. The method of claim 4, wherein after the step of determining the authentication result of the entity object to be authenticated recorded on the first blockchain and/or the second blockchain according to the stored result, the method further comprises:
Acquiring an authentication result selection instruction sent by the terminal equipment; the authentication result selection instruction is used for selecting a target authentication result from the authentication results;
determining a target authentication result based on the authentication result selection instruction;
and authenticating the true identity information of the entity object to be authenticated based on the target authentication result.
6. The method according to claim 5, wherein the step of authenticating the true identity information of the entity object to be authenticated based on the target authentication result comprises:
Under the condition that the target authentication result is recorded by the first blockchain, the first blockchain also stores an identity file corresponding to the identity of the entity object to be authenticated; the identity file is used for providing an access mode of the real identity information of the entity object to be authenticated;
querying an identity file corresponding to the identity of the entity object to be authenticated from the first blockchain; and obtaining an authentication result of the entity object to be authenticated through the queried identity file.
7. The method according to claim 5, wherein the step of authenticating the true identity information of the entity object to be authenticated based on the target authentication result comprises:
under the condition that the target authentication result is recorded by the second blockchain, the second blockchain also stores an identity file corresponding to the identity of the entity object to be authenticated; the identity file is used for providing an access mode of the real identity information of the entity object to be authenticated;
querying an identity file corresponding to the identity of the entity object to be authenticated from the second blockchain; and obtaining an authentication result of the entity object to be authenticated through the queried identity file.
8. The method according to any of claims 6-7, wherein the identity profile comprises a hash value of the real identity information of the entity object and an access address of the real identity information of the entity object;
The step of obtaining the authentication result of the entity object to be authenticated through the queried identity file comprises the following steps:
Acquiring the real identity information of the entity object to be authenticated through the inquired access address in the identity file; verifying whether the real identity information of the entity object to be authenticated is tampered or not through the queried hash value in the identity file;
if the true identity information of the entity object to be authenticated is not tampered, determining the true identity information and/or identity file of the entity object to be authenticated as an authentication result of the entity object to be authenticated.
9. The method according to claim 8, wherein the real identity information includes identity credentials of the entity object; the identity credential is used for proving that the entity object has specified identity attribute;
Before the step of determining the true identity information and/or identity file of the entity object to be authenticated as the authentication result of the entity object to be authenticated, the method further includes:
Acquiring an identity credential of the entity object to be authenticated from the real identity information of the entity object to be authenticated;
Verifying whether the acquired identity certificate is legal or not; and if the identity credential is legal, determining that the entity object to be authenticated has the identity attribute corresponding to the identity credential.
10. An identity authentication device, comprising:
The first acquisition module is used for acquiring the identity of the entity object to be authenticated;
The first sending module is used for sending an identity authentication request to an identity authentication service according to the identity identifier, wherein the identity authentication request is used for requesting authentication of the identity of the entity object to be authenticated, the identity authentication service is used for acquiring an authentication result of the entity object to be authenticated recorded on a first blockchain and/or a second blockchain according to the identity identifier, and the objects to which the first blockchain and the second blockchain belong are different;
The receiving module is used for receiving the authentication result sent by the identity authentication service in response to the identity authentication request;
Under the condition that the identity of the entity object to be authenticated is stored in the first blockchain, the identity of the entity object to be authenticated stored in the first blockchain is used for indicating an authentication result passing through authentication of the entity object to be authenticated, wherein an identity file corresponding to the identity of the entity object to be authenticated is also stored in the first blockchain;
Under the condition that the identity of the entity object to be authenticated is stored in the second blockchain, the identity of the entity object to be authenticated stored in the second blockchain is used for indicating an authentication result passing through the authentication of the entity object to be authenticated, wherein an identity file corresponding to the identity of the entity object to be authenticated is also stored in the second blockchain; the identity file is used for providing an access mode of the real identity information of the entity object to be authenticated;
the authentication result comprises: and the true identity information and/or the identity file of the entity object to be authenticated.
11. An identity authentication device, comprising:
the second acquisition module is used for acquiring an identity authentication request sent by the terminal equipment, wherein the identity authentication request is used for requesting authentication of the identity of the entity object to be authenticated;
The third acquisition module is used for acquiring the identity of the entity object to be authenticated according to the identity authentication request;
A fourth obtaining module, configured to obtain, according to the identity, an authentication result of the entity object to be authenticated recorded on a first blockchain and/or a second blockchain, where objects to which the first blockchain and the second blockchain belong are different;
the second sending module is used for sending the authentication result to the terminal equipment;
Under the condition that the identity of the entity object to be authenticated is stored in the first blockchain, an identity file corresponding to the identity of the entity object to be authenticated is also stored in the first blockchain; the identity file is used for providing an access mode of the real identity information of the entity object to be authenticated;
The fourth acquisition module is further configured to:
under the condition that the identity of the entity object to be authenticated is stored in the first blockchain, inquiring an identity file corresponding to the identity of the entity object to be authenticated from the first blockchain;
Obtaining an authentication result of the entity object to be authenticated through the queried identity file;
under the condition that the identity of the entity object to be authenticated is stored in the second blockchain, an identity file corresponding to the identity of the entity object to be authenticated is also stored in the second blockchain; the identity file is used for providing an access mode of the real identity information of the entity object to be authenticated;
The fourth acquisition module is further configured to:
Under the condition that the identity of the entity object to be authenticated is stored in the second blockchain, inquiring an identity file corresponding to the identity of the entity object to be authenticated from the second blockchain;
And obtaining an authentication result of the entity object to be authenticated through the queried identity file.
12. An identity authentication system, comprising a terminal device, an identity authentication service, a first blockchain, and a second blockchain;
the terminal device is used for: acquiring an identity of an entity object to be authenticated; according to the identity, an identity authentication request is sent to an identity authentication service, wherein the identity authentication request is used for requesting authentication of the identity of the entity object to be authenticated;
The authentication service is used for: acquiring an identity authentication request sent by terminal equipment; acquiring the identity of the entity object to be authenticated according to the identity authentication request; acquiring an authentication result of the entity object to be authenticated recorded on a first blockchain and/or a second blockchain according to the identity, wherein the objects to which the first blockchain and the second blockchain belong are different; sending the authentication result to the terminal equipment;
Under the condition that the identity of the entity object to be authenticated is stored in the first blockchain, the identity of the entity object to be authenticated stored in the first blockchain is used for indicating an authentication result passing through authentication of the entity object to be authenticated, wherein an identity file corresponding to the identity of the entity object to be authenticated is also stored in the first blockchain;
Under the condition that the identity of the entity object to be authenticated is stored in the second blockchain, the identity of the entity object to be authenticated stored in the second blockchain is used for indicating an authentication result passing through the authentication of the entity object to be authenticated, wherein an identity file corresponding to the identity of the entity object to be authenticated is also stored in the second blockchain; the identity file is used for providing an access mode of the real identity information of the entity object to be authenticated;
The authentication result comprises: the true identity information and/or identity file of the entity object to be authenticated;
The step of obtaining the authentication result of the entity object to be authenticated recorded on the first blockchain according to the identity mark comprises the following steps:
under the condition that the identity of the entity object to be authenticated is stored in the first blockchain, inquiring an identity file corresponding to the identity of the entity object to be authenticated from the first blockchain;
Obtaining an authentication result of the entity object to be authenticated through the queried identity file;
the step of obtaining the authentication result of the entity object to be authenticated recorded on the second blockchain according to the identity mark comprises the following steps:
Under the condition that the identity of the entity object to be authenticated is stored in the second blockchain, inquiring an identity file corresponding to the identity of the entity object to be authenticated from the second blockchain;
And obtaining an authentication result of the entity object to be authenticated through the queried identity file.
13. An electronic device comprising a processor and a memory, the memory storing machine executable instructions executable by the processor, the processor executing the machine executable instructions to implement the authentication method of any of claims 1-9.
14. A machine-readable storage medium storing machine-executable instructions which, when invoked and executed by a processor, cause the processor to implement the identity authentication method of any one of claims 1-9.
CN202010439564.0A 2020-05-21 2020-05-21 Identity authentication method, device, system and electronic device Active CN113704712B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010439564.0A CN113704712B (en) 2020-05-21 2020-05-21 Identity authentication method, device, system and electronic device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010439564.0A CN113704712B (en) 2020-05-21 2020-05-21 Identity authentication method, device, system and electronic device

Publications (2)

Publication Number Publication Date
CN113704712A CN113704712A (en) 2021-11-26
CN113704712B true CN113704712B (en) 2024-11-19

Family

ID=78646073

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010439564.0A Active CN113704712B (en) 2020-05-21 2020-05-21 Identity authentication method, device, system and electronic device

Country Status (1)

Country Link
CN (1) CN113704712B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114978668B (en) * 2022-05-19 2023-05-02 中国人民大学 Cross-chain data entity identity management and authentication method and system
CN115801269A (en) * 2022-10-31 2023-03-14 云南电网有限责任公司 Heterogeneous fusion networking equipment authentication method based on block chain

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109327314A (en) * 2018-11-08 2019-02-12 阿里巴巴集团控股有限公司 Access method, device, electronic equipment and the system of business datum
CN109327312A (en) * 2018-10-26 2019-02-12 阿里巴巴集团控股有限公司 Authentication method and device, electronic equipment

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108768933B (en) * 2018-04-11 2020-11-03 深圳技术大学 Autonomous supervision digital identity authentication system on block chain platform

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109327312A (en) * 2018-10-26 2019-02-12 阿里巴巴集团控股有限公司 Authentication method and device, electronic equipment
CN109327314A (en) * 2018-11-08 2019-02-12 阿里巴巴集团控股有限公司 Access method, device, electronic equipment and the system of business datum

Also Published As

Publication number Publication date
CN113704712A (en) 2021-11-26

Similar Documents

Publication Publication Date Title
US12086799B2 (en) Method and system for zero-knowledge and identity based key management for decentralized applications
CN110046996B (en) Data processing method and device
US11481768B2 (en) System and method of generating and validating encapsulated cryptographic tokens based on multiple digital signatures
CN109886026B (en) Data storage query method, device, computer system and readable storage medium
JP2021536698A (en) Method and device for managing user identification authentication data
US8781130B2 (en) Access control
CN112437938A (en) System and method for block chain address and owner verification
CN110096903B (en) Asset verification method based on block chain and block chain network system
CN110719176A (en) Blockchain-based logistics privacy protection method, system and readable storage medium
Brunner et al. SPROOF: A Platform for Issuing and Verifying Documents in a Public Blockchain.
CN115811412B (en) Communication method and device, SIM card, electronic equipment and terminal equipment
Li et al. A decentralized and secure blockchain platform for open fair data trading
Kwame et al. V-chain: A blockchain-based car lease platform
CN112700251B (en) Identity confirmation method, device and system in financial scene
CN112700250B (en) Identity authentication method, device and system in financial scene
CN112862589B (en) Authentication method, device and system in financial scene
CN112291062A (en) Voting method and device based on block chain
CN114239043B (en) A shared encrypted storage system based on blockchain technology
CN113704712B (en) Identity authentication method, device, system and electronic device
Cai et al. Socialchain: Decoupling social data and applications to return your data ownership
Das et al. Design of a trust-based authentication scheme for blockchain-enabled iov system
US20240202718A1 (en) Blockchain based system and method
CN114240399A (en) Government affair data processing method and system based on block chain platform
Millenaar et al. The case for a unified identity
Shi et al. Design of electronic contract architecture based on blockchain technology

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant