TWI702552B - System for creating digital identities and processing digital assets authorization and transaction using distributed ledger technology - Google Patents

Abstract

A system for creating digital identities and processing digital assets authorization and transaction using distributed ledger technology is provided. The system includes multiple node devices. Each node device can directly or indirectly communicate with other node devices through the network to send and receive data to form a blockchain architecture. It also includes an ID management module, a digital asset management module, a digital asset authorization transaction module and a data storage module. The invention utilizes distributed ledger technology and directed acyclic graph technology in blockchain to effectively combine IoT devices, providing transaction and authorization services to establish digital identity and conduct digital asset. It is really necessary for human life.

Description

System for establishing digital identity and authorizing and transferring digital assets with distributed ledger technology

The present invention is a system for establishing digital identities and authorizing and transferring digital assets, especially a system for establishing digital identities and authorizing digital asset transfers using a distributed ledger, which can be applied to Internet of Things equipment and various digital assets. Authorization and transfer.

With the continuous deployment of 5G architecture, the Internet Of Things era is about to unfold. In the scenario where everything is connected (with specific norms that can communicate with each other to obtain necessary information and complete specific tasks), people's physical activities and even thoughts can be interpreted from data generation and information flow. In the online world, in addition to self-generating meaningful data, IoT devices can also generate information related to human social activities, such as digital identities with personal identification. This information may be a right granted by a certain law in human society, or it may be a disguised property right that involves other physical property rights in use, and the latter is essentially a digital asset. Therefore, these digital assets will need to be transferred and authorized due to market changes. A possible scenario is that a certain person A owns an electric car and needs to be charged by a certain person B’s charging device. A certain person A’s car is charging its users’ personal data. Under the authorization condition of supplying certain person B, you can directly obtain the service of receiving 10 kilowatt-hours of electricity from the charging device. In the current electric vehicle charging transfer process, people need to use money as a medium to complete the money payment through a specific bank server before they can perform related services. It may be difficult to imagine that non-physical digital assets can be used in place of money, and it is even harder to understand that this transfer can be done directly through IoT devices. However, such application scenarios will be visible in the near future.

In addition, a booming application is blockchain. Developed from the peer-to-peer network technology architecture, coupled with the use of virtual currency to stimulate network nodes to collaborate, thereby forming a distributed ledger to complete various peer-to-peer transfers on the network. The application of blockchain can not only be stored on the network. The modified data, the virtual currency that it has developed, has replaced the physical currency as a medium for transferring objects. At present, mature blockchain technology has already cooperated with the aforementioned IoT technology to create a transfer platform for the next generation. In other words, the combination of the two can meet the requirements of the aforementioned application scenarios. One transfer platform under development is IOTA.

It can be seen from the above description that although the "blockchain + Internet of Things" technical solutions are in the ascendant, many applications in specific fields have not yet matured. A clear example is the establishment of digital identities and the authorization and transfer of digital assets, which actually require technical personnel to work hard to achieve completeness. This is also the fundamental reason proposed by the present invention.

This paragraph extracts and compiles certain features of the present invention. Other features will be revealed in subsequent paragraphs. Its purpose is to cover the spirit and scope of the additional patent application, various modifications and similar arrangements.

In order to meet the above requirements, the present invention proposes a system for establishing digital identities and authorizing and transferring digital assets using distributed ledger technology. The system contains multiple node devices, each A node device can directly or indirectly communicate with other node devices through the network to send and receive data and form a blockchain architecture. It is characterized in that: each node device includes: 1. Identification code (ID) management module, Used to generate a digital ID bound to an entity ID, and send the digital ID to each node device; a digital asset management module, used to receive or generate a digital asset, and assign the digital asset to a digital ID, And send the digital asset return relationship of the digital ID to each node device; a digital asset authorization transfer module used to set a transfer authority for any digital ID, and specify the digital asset for a specific digital ID that meets the transfer authority The conversion or time authorized access, and the results of the exchange of designated digital assets or time authorized access are sent to each node device; and a data storage module to store and provide all or part of the The digital ID sent by the node device, the digital asset ownership relationship of the digital ID, and the result of the exchange of the designated digital asset or the access authorized by time. The digital ID is obtained by a generating calculation.

Preferably, the generation calculation can be a hash calculation of a digital asset, a unique URL (Uniform Resource Locator, URL), or a hash calculation of an entity ID.

Preferably, the entity ID can be issued by a specific agency to verify the identity of a specific person, the network platform is registered and generated to distinguish user identities and permissions, the universally unique identifier (UUID) of the node device, or the entity The domain location or garbled code formed by encrypting the item authentication file.

Preferably, any digital asset can be returned by concatenating it with a specific digital ID or with other digital assets that have been concatenated with a specific digital ID.

Preferably, the digital assets may include more than one digital ID other than the digital ID of the household to which they belong.

Preferably, the transfer authority can be with or without a certain digital asset.

Preferably, the blockchain architecture can comply with IOTA, Ethereum or Bitcoin decentralized ledger operation specifications.

Preferably, the digital asset may include the user's digital behavior footprint, identity certification, or physical asset certification.

As mentioned above, the present invention utilizes the distributed ledger technology in the blockchain and effectively combines the Internet of Things devices. The system can provide services for establishing digital identities and authorizing the transfer of digital assets, which is actually necessary for human life.

111: ID management module

112: Digital Asset Management Module

113: Digital Asset Authorization Transfer Module

114: Data Storage Module

110: The first node device

120: second node device

130: third node device

140: The fourth node device

FIG. 1 is a diagram illustrating the architecture of a system for establishing digital identities and authorizing and transferring digital assets by using distributed ledger technology according to an embodiment of the present invention; FIG. 2 shows the state of account return of digital assets.

The present invention will be further described in detail below in conjunction with the drawings.

Please refer to Fig. 1, which is an illustrative diagram of the architecture of a system for establishing digital identities and performing digital asset authorization and transfer (hereinafter referred to as the system) using distributed ledger technology according to an embodiment of the present invention. The system is constructed by many node devices. According to the size of the scale, the number of node devices is at least dozens, and can reach more than one million. Each node device can directly or indirectly communicate with other node devices through the network to send and receive data and form a blockchain architecture. To simplify the description, this embodiment and subsequent application examples take four node devices (a first node device 110, a second node device 120, a third node device 130, and a fourth node device 140) as representatives. . The above-mentioned block chain architecture can be various current block chain underlying architectures that use distributed ledger technology to store block data on the network to make the content difficult to tamper with. For example, the blockchain architecture can meet IOTA, Ethereum or Bitcoin distributed ledger operation specifications. Regardless of whether you want to issue virtual currency on this system to maintain accounts, verify transfers, and encourage accounting, in the corresponding accounting operating environment, appropriately adding cooperative modules to each node device can achieve the establishment of digital identity And the purpose of authorization and transfer of digital assets.

According to the present invention, each node device can have different aspects and functions, such as monitoring images (web cameras), providing lighting (smart street lights), selling goods or services (vending machines), and providing network services (web Access sharing device), obtain environmental data (temperature and humidity detector), provide data access services (Network Attached Storage (NAS) storage devices), or provide network platform services (server). Each node device has its own central processing unit, memory, storage device (such as Embedded Multi Media Card (EMMC ) , hard disk, solid state disk or disk array), I/O device, etc. These hardwares are not shown in FIG. 1, but they are necessary components of general von Neumann-based electronic products, and those skilled in the relevant fields should understand. In addition, each node device of the present invention needs to have its own network communication interface, regardless of whether it is connected to a fixed network or a mobile network in a wired or wireless manner. The following introduces the technical requirements for each module of the present invention to utilize or cooperate with the existing hardware for each node device. Therefore, they can be software, including specific code and data objects, and run in at least part of the hardware framework under the operating system (such as the code and related data files stored in the storage device, in the operating system The operation is temporarily stored in the memory, and is dynamically called and executed by the central processing unit). On the other hand, the modules may also be special hardware, such as application-specific integrated circuits (ASIC) or external cards, to perform the functions assigned by the modules. What's more, these technical requirements can be part of software and part of hardware, and they can be effectively integrated according to the needs of product designers, and they are all within the technical scope of this patent. However, it must be emphasized that these modules may have different "scales" because of the different functions specified by the node device. For example, the node device of the present invention can be divided into a full node device that records all data and blocks, and a partial data record. The hardware resources and configuration functions occupied by the respective data storage modules of the light node devices of the block are also different.

Each node device includes an ID management module, a digital asset management module, a digital asset authorization transfer module, and a data storage module. For the convenience of description, the present invention takes the ID management module 111, the digital asset management module 112, the digital asset authorization transfer module 113, and the data storage module 114 in the first node device 110 as examples. The function of each module is Make presentations with interactive methods. As mentioned above, each module may have different workloads due to the hardware limitations of the node device to which it belongs or its configuration (full node or light node), but the core functions of each identical module are the same.

The function of the ID management module 111 is to generate a digital ID bound to an entity ID, and send the digital ID to each node device. Digital ID is the core of the invention. The form of the digital ID can be a series of meaningless English and digital mashups, or it can be a Uniform Resource Locator (URL) that has no physical correspondence, and it commends a corresponding entity ID. The digital ID is not repeated, and each digital ID is unique. The entity ID itself can belong to a person, such as a personal ID number, bank account number, mobile phone number, network platform account number, etc.; it can also belong to a thing, such as a body serial number, a universal unique identification code ( UUID), cell phone base station unit identification code (Cell ID), and even product history (or the encrypted data of its scanned file). In other words, the entity ID can be issued by a specific agency to verify the identity of a specific person, a network platform is registered to distinguish user identities and permissions, or a network domain location or garbled code formed by encrypting the entity item authentication file . The duplication of these entity IDs does not affect the operation of this system, because The operation of the system is determined by the digital ID. However, after the digital ID is regenerated, it must be bound to an entity ID, otherwise the nodes of the system cannot accept it.

The digital ID is obtained by a generating calculation. There are many kinds of generating calculations, such as but not limited to hashing a digital asset to obtain a hash value, generating a unique URL, or hashing an entity ID Operate to obtain a hash value. For example, the ID management module of each node device in the system can be set to add the current timestamp to the universal code (Unicode) of the location of the node device to perform a secure hash algorithm when accepting an application for new digital ID generation. (Secure Hash Algorithm-512, SHA-512) operation. Or, according to the order of application, set each digital ID to a URL with a specific number of digits continuously increasing. Furthermore, it is possible to perform Message-Digest 4 (MD4) operations on any entity ID value. These practices can determine the uniqueness of the digital ID.

The digital asset management module 112 can be used to receive or generate a digital asset, assign the digital asset to a digital ID, and send the digital asset assignment relationship of the digital ID to each node device. In the present invention, digital assets can be any digital information that can be obtained by the system; in essence, it is data that proves the identity, characteristics, attribution, or operation records of an entity, and can even be data generated by users of the system , Regardless of whether it has a special meaning or not. In terms of type, digital assets can be plaintext, files, structured data, or the encrypted result of the former. The generation of digital assets by the digital asset management module 112 means that it can accept user operations to input data, or obtain data through other modules of the node device, such as obtaining mobile data through accelerometers. Regarding the meaning of digital asset return, the digital asset management module 112 can complete the return of any digital asset by connecting it with a specific digital ID or with other digital assets that have been connected with a specific digital ID. In order to have a better understanding of this, please refer to Figure 2, which shows the status of the return of digital assets. Each digital asset and digital ID in Figure 2 have been encrypted into ciphertext, and the Chinese below it shows the original data state. In this example, the data is "%%%%" is concatenated and then connected to the home data. In form, this is very similar to a blockchain. However, in fact, this setting only connects the relevant data to a new data (which can be a file); other methods, such as using a relational database, can also achieve the same effect, but it is more troublesome. At the beginning of these materials, it is a digital ID + a bound entity ID (personal). For example, a user applies for a digital ID bound to his ID number in the system. During the operation, he went to a shopping platform to apply for an account and password (identity authentication). The digital asset management module 112 assigned the encrypted identity authentication to the digital ID, that is, "use any digital asset with Connect with a specific digital ID". Then, the user bought a webcam on the platform, the aforementioned platform issued a digital purchase certificate, and the digital asset management module 112 returned the digital asset to the account again. Since the proof of purchase is not directly connected to the digital ID, it is so-called "connected to other digital assets that have been connected to a specific digital ID." There are two ways to return digital assets. Then, because of the purchase certificate, the user can create a digital ID for the network camera in the system, and then it can become a node device in the system. The digital asset at this time is another digital ID, which contains the bound entity ID, such as the Mac Address of the network camera. In other words, the digital asset may contain more than one digital ID that is not the digital ID of the household to which it belongs. At the end of this example, the data collected by the network camera can also become a digital asset, and continue to be accounted under the personal digital ID. However, the surveillance video file of a webcam may be very large, and it is not necessary to record it completely in the home data. As long as the file name, timestamp, and Mac Address of the webcam are recorded, it can be effectively tracked. Other data collected or created by the webcam or the user can be returned to the account one after another.

The digital asset authorization transfer module 113 is used to set a transfer authority to any digital ID, to perform the conversion or time authorization access to the specified digital asset for the specific digital ID that meets the transfer authority, and to authorize the exchange or time authorization of the specified digital asset The result of the access is sent to each node device. This Here, the transfer authority refers to the possession or absence of a certain digital asset. For example, the first node device 110 is a cigarette vending machine, and the second node device 120 is a smart phone, which is operated by a user with a first digital ID to buy cigarettes from the cigarette vending machine through a connection. There is an age limit for buying cigarettes, so the automatic cigarette vending machine can obtain evidence (digital assets) that proves the age of the user from a full-node device in the system that stores the first digital ID and return information or the smartphone. Only those digital assets that are restricted to prove the age of a digital ID owner and meet a certain age limit are eligible to buy cigarettes, which is a way to set the transfer authority with "a certain digital asset". Conversely, if you do not have the authority to transfer a specific digital asset, the cigarette vending machine can be set to search for digital assets with bad transfer records. If a second digital ID returns to the account more than one digital asset that is in arrears with credit card fees, the owner using the second digital ID cannot transfer to cigarette vending. The digital asset authorization transfer module 113 is a technical element responsible for the exchange of digital assets between specific digital IDs. Digital assets can be divided into permanent exchange (transfer) or temporary authorized access. An example of permanent exchange is that the third node device 130 and the fourth node device 140 are both computers in the system, and the owner of the third digital ID of the virtual currency can transfer 100 units of virtual currency through the third node device 130 Transfer to the owner who owns the fourth digital ID of the virtual currency, and the latter can use the fourth node device 140 to confirm the transfer. One of the two computers can subtract 100 from the virtual currency wallet with the third digital ID, and add 100 to the virtual currency wallet with the third digital ID to complete the transfer. An example of temporary authorized access is for example, the third node device 130 is a server of a digital footprint management company, and there are many users browsing the data data of the web, and the fourth node device 140 is a marketing company that requires a certain group of customers Internet user habits (digital footprint). Therefore, employees of the marketing company can transfer a specific amount to the digital footprint management company through a bank transfer server, and have a certain period of time, such as a week, to access the digital footprint management company’s fifth digital ID. Specific digital footprint. The time has come, and the digital assets under the fifth digital ID have not changed. In the past, through online platforms such as portals, users' digital footprints were collected for free by large companies to generate effective business activities. However, under the operation of this system, this kind of data (digital assets) can no longer be free, and can be authorized by a third party or party to decide based on the price. Finally, the digital asset authorization transfer module 113 sends the result of the designated digital asset exchange or time authorized access to each node device. This action is to store the data in other node devices in the form of blockchain accounting, if it is a full node The device will accept it, and other node devices will depend on its set operation mode.

The data storage module 114 is used to store and provide all or part of the digital ID, digital ID sent by each node device, and the result of the designated digital asset exchange or time authorized access under the condition that the transfer authority is satisfied. That is to say, when the node device is a full node device, it stores "all" the digital ID and the digital asset ownership relationship of the digital ID sent by each node device, and the result of the exchange of designated digital assets or the result of time authorized access; When the node device is a light node device, it stores the "part" of the digital ID and the digital asset ownership relationship sent by each node device, as well as the result of the exchange of designated digital assets or the result of time authorized access.

Here, use several other operating examples to further illustrate the system.

For example, if the owner of the sixth-digit ID owns a diamond, he can turn the encrypted electronic file of the sales certificate or invoice of the diamond into a digital asset and return it to the sixth-digit ID. When he wants to sell a diamond to a friend, as long as the two parties transfer the transaction amount to the diamond and transfer the digital asset from the sixth digital ID to the seventh digital ID owned by the friend, all the node devices in this system can be at any time Present evidence of the transfer. In addition, Yinlou can join the system through a device (such as a server) to check the digital asset that proves the ownership of the diamond to change hands to determine whether the diamond resold by the friend is stolen, so as to ensure the security of the physical transfer.

Another example is that after a user A purchases a personal computer (such as the first node device 110), he connects the personal computer to the system as a new node device. User A is a legal person and uses its company's seal and seal as identification information, and the encrypted file of the scanned copy of the purchase certificate invoice (with its company name and related personal information) is used as a digital asset, and the account belongs to the company's eighth Under the digital ID. In addition to the personal computer, this data is also stored in the system dedicated server (such as the third node device 130) and a portal server cluster (such as the fourth node device 140). As a node device, a personal computer can allow anyone to access each node device in the system with the permission of the other party. Another user B, after purchasing a smart phone (such as the second node device 120), connects the smart phone to the system as another new node device. User B is a natural person with a ninth digit ID. When the personal computer exceeds the company's service life, and user B wants to buy a personal computer of the same model, this system can be used as a platform and proof of transfer. The method is that User B negotiates with User A, transfers an amount to User A’s designated account and converts the receipt into a digital asset. The smartphone sends the digital asset transfer, and User A returns the digital assets of the personal computer to the user. Under the ninth digital ID of B; if necessary, another digital asset with the asset transfer certificate can be attached at the same time. After the digital asset transfer of user A and user B is completed, the records of their digital asset transfer are recorded in the personal computer and smart phone 270 respectively, and simultaneously stored in the system dedicated server and the portal server cluster. When user B wants to use a personal computer from user A, user A must do so, because all the transferred data are written in the node device, which can be used as evidence for resolving civil disputes. This is an application that uses digital assets to transfer physical assets.

Another example is if the first node device 110 is a Wi-Fi sharing device, and its account password is the digital asset of user C, which has been stored in the Wi-Fi sharing device and the system dedicated server (such as the second node device 120) . User C bought another network monitor (such as the third node device 130), based on the record of the proof of purchase, such as the invoice, to create the digital ID of the network monitor. The network monitor needs to connect to the Internet through a Wi-Fi sharer, and verify that it is the same user C’s asset in the system, which is assigned to the tenth digital ID. After the digital asset is authorized, the network monitor 250 can directly obtain the permission of the Wi-Fi sharer 240 to connect to the Internet. There is no need to transfer the mode of the network monitor to manually or other remote settings. The password is entered in the network monitor. It is feasible that if the user passes away and wants to hand over all his node equipment and digital assets to his son to inherit, he only needs to transfer all his physical property inheritance certificates, such as suicide notes and witness documents, and digital assets. The transfer of ownership to the eleventh digit ID of the transferred household to his son can be easily and safely completed.

Another example is that the user D owns an electric vehicle (such as the first node device 110) and needs to be charged by a smart charging pile (such as the second node device 120). After joining the system, user D’s electric vehicle can transfer a certain digital asset of user D to the smart charging pile under certain authorization conditions set by the smart charging pile (not necessarily through the smart charging pile, but may be through other node equipment ), in exchange for a service that can charge 10 kWh within a period of time. The above authorization conditions can also be set according to actual needs between users to obtain authorization, such as a certain social relationship link, usage fee, time, location information, object distance... etc. But the premise is that all need to be digital assets in the system.

Although the present invention has been disclosed in the above embodiments, it is not intended to limit the present invention. Anyone with ordinary knowledge in the relevant technical field can make some changes and modifications without departing from the spirit and scope of this creation. Therefore, The scope of protection of the present invention shall be subject to those defined by the attached patent scope.

111: ID management module

112: Digital Asset Management Module

113: Digital Asset Authorization Transfer Module

114: Data Storage Module

110: The first node device

120: second node device

130: third node device

140: The fourth node device

Claims (7)

A system that uses distributed ledger technology to establish digital identities and authorize and transfer digital assets. It includes multiple node devices. Each node device can directly or indirectly communicate with other node devices through the network to send and receive data and form a unit. The blockchain architecture is characterized in that: each node device includes: an ID management module for generating a digital ID bound to a physical ID, and sending the digital ID to each node device; a digital asset management module , Used to receive or generate a digital asset, return the digital asset to a digital ID, and send the digital asset return relationship of the digital ID to each node device; a digital asset authorization transfer module for any A digital ID sets a transfer authority, performs conversion of designated digital assets or time authorization access to a specific digital ID that meets the transfer authorization, and sends the results of the exchange of designated digital assets or time authorization access to each node device; and A data storage module used to store and provide all or part of the digital ID and digital ID sent by each node device under the account of the digital asset ownership relationship, and the result of the exchange of designated digital assets or the result of time authorized access , Where the digital ID is obtained by hashing a digital asset, generating a unique URL, or hashing a physical ID; any digital asset is obtained by concatenating with a specific digital ID, or with Other digital assets connected with a specific digital ID are connected to complete the return. For example, in the system described in item 1 of the scope of patent application, when a digital asset is hashed, the ID management module adds the current timestamp to the universal code of the node device to perform SHA-512 operation; When generating a unique URL, the ID management module sets each number in the order of application The bit ID is a URL with an increasing number of specific digits; when an entity ID is hashed, the ID management module performs MD4 operation on any entity ID value. For example, the system described in item 1 of the scope of patent application, wherein the entity ID is issued by a specific agency to verify the identity of a specific person, and the network platform is registered to generate or encrypt the physical item authentication document to distinguish the user's identity and authority. The domain location or garbled characters. For the system described in item 1 of the scope of patent application, the digital assets contain more than one digital ID that is not the digital ID of the household to which they belong. For example, the system described in item 1 of the scope of patent application, wherein the transfer authority is with or without a certain digital asset. Such as the system described in item 1 of the scope of patent application, where the blockchain architecture complies with IOTA, Ethereum or Bitcoin distributed ledger operation specifications. For example, in the system described in item 1 of the scope of patent application, the digital asset includes the user's digital behavior footprint, identity certificate or physical asset certificate.

Images