CN111881483A - Resource account binding method, device, equipment and medium based on block chain - Google Patents
Resource account binding method, device, equipment and medium based on block chain Download PDFInfo
- Publication number
- CN111881483A CN111881483A CN202010788761.3A CN202010788761A CN111881483A CN 111881483 A CN111881483 A CN 111881483A CN 202010788761 A CN202010788761 A CN 202010788761A CN 111881483 A CN111881483 A CN 111881483A
- Authority
- CN
- China
- Prior art keywords
- resource account
- digital identity
- user
- account
- identity file
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 52
- 230000007246 mechanism Effects 0.000 claims abstract description 93
- 238000012795 verification Methods 0.000 claims description 55
- 238000004590 computer program Methods 0.000 claims description 16
- 230000000977 initiatory effect Effects 0.000 claims description 4
- 230000008520 organization Effects 0.000 abstract description 13
- 238000010586 diagram Methods 0.000 description 6
- 230000008569 process Effects 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 2
- 238000013475 authorization Methods 0.000 description 1
- 238000012217 deletion Methods 0.000 description 1
- 230000037430 deletion Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000010606 normalization Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- General Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Health & Medical Sciences (AREA)
- Databases & Information Systems (AREA)
- Storage Device Security (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
The application relates to the technical field of networks, and provides a resource account binding method and device based on a block chain, computer equipment and a storage medium. The method and the system can improve the identification efficiency and the access efficiency of the business organization to the resource account. The method comprises the following steps: the method comprises the steps of responding to a binding request of a user, obtaining a digital identity file corresponding to the user and a resource account to be bound of the user from the binding request, binding the digital identity file and the corresponding resource account after the digital identity file is verified, uploading the digital identity file, the resource account and binding information of the digital identity file and the resource account to a block chain for storage, and opening access rights to a plurality of service mechanism servers by the digital identity file, the resource account and the binding information of the digital identity file and the resource account stored in the block chain.
Description
Technical Field
The present application relates to the field of network information technologies, and in particular, to a method and an apparatus for binding a resource account based on a block chain, a computer device, and a storage medium.
Background
With the development of network information technology, the internet activity frequency of a user is greatly improved, the user usually opens a resource account in a business mechanism, and the resource account of the user is managed and controlled by a service end corresponding to the business mechanism.
In the prior art, a user usually opens corresponding resource accounts in a plurality of service organizations, and account information of the user stored in different service organizations is mutually independent. When different business organizations manage the resource accounts of users, the users are generally required to provide original documents such as identity certificates and the like to verify the identities of the users, and the efficiency is low.
Disclosure of Invention
Based on this, it is necessary to provide a method and an apparatus for binding a resource account based on a block chain, a computer device, and a storage medium for solving the technical problem existing in the prior art that a business entity deals with user resource account management efficiently.
A method for resource account binding based on a blockchain, the method comprising:
responding to a binding request of a user, and acquiring a digital identity file corresponding to the user and a resource account to be bound corresponding to the user from the binding request;
verifying the digital identity file;
if the verification is passed, binding the digital identity file with the resource account corresponding to the user;
uploading the digital identity file, the resource account and binding information of the digital identity file and the resource account to a block chain for storage; and the digital identity file and the resource account stored in the blockchain and the binding information of the digital identity file and the resource account open access rights to service mechanism servers of a plurality of service mechanisms.
In one embodiment, the verifying the digital identity file includes:
and checking the digital identity document according to the DID protocol specification.
In one embodiment, the resource account is an account bound to a primary account of the user, the method further comprising:
responding to the resource account opening request of the user, and acquiring opening application information corresponding to the user from the resource account opening request; the opening application information comprises the digital signature of the user and a basic account to be bound;
verifying the digital signature of the user;
if the verification is passed, the resource account and the certificate of the user are created;
after adding an agency signature to the resource account, sending the account identifier of the resource account and the certificate to a resource account server;
and acquiring verification passing information sent by the resource account server after the authority signature passes verification, and binding the resource account and the basic account.
A method for resource account binding based on a blockchain, the method comprising:
acquiring a digital identity file of a user;
sending a binding request to a service mechanism server corresponding to a service mechanism, wherein the binding request carries the digital identity file and a resource account to be bound corresponding to the user; the binding request is used for triggering the service mechanism server to verify the digital identity file, if the verification is passed, the digital identity file is bound with the resource account, the digital identity file, the resource account and binding information of the digital identity file and the resource account are uploaded to a block chain to be stored, and the digital identity file, the resource account and the binding information of the resource account stored in the block chain open access authority to the service mechanism servers of a plurality of service mechanisms.
In one embodiment, before the acquiring the digital identity file of the user, the method includes:
acquiring identity information of the user;
acquiring a first key and a second key corresponding to the first key;
signing the identity information of the user according to the first secret key to obtain the digital identity file containing signature information; the digital identity document conforms to DID protocol specifications; the digital identity file also comprises the second key, and the second key is used for verifying the signature information of the digital identity file.
In one embodiment, the resource account is an account bound to a primary account of the user, the method further comprising:
acquiring a digital signature of the user opening resource account and a basic account to be bound;
initiating a resource account opening request to the service mechanism server, wherein the resource account opening request carries the digital signature of the user and the basic account to be bound; the resource account opening request is used for triggering the service agency server to verify the digital signature, if the digital signature passes the verification, the resource account and the certificate of the user are created, after the agency signature is added to the resource account, the account identification of the resource account and the certificate are sent to the resource account server, verification passing information sent after the agency signature passes the verification of the resource account server is obtained, and the resource account and the basic account are bound.
An apparatus for binding resource accounts based on blockchains, the apparatus comprising:
the receiving module is used for responding to a binding request of a user, and acquiring a digital identity file corresponding to the user and a resource account to be bound corresponding to the user from the binding request;
the verification module is used for verifying the digital identity file;
the binding module is used for binding the digital identity file with the resource account corresponding to the user if the verification is passed;
the uplink module is used for uploading the digital identity file, the resource account and the binding information of the digital identity file and the resource account to a block chain for storage; and the digital identity file and the resource account stored in the blockchain and the binding information of the digital identity file and the resource account open access rights to service mechanism servers of a plurality of service mechanisms.
An apparatus for binding resource accounts based on blockchains, the apparatus comprising:
the identity file acquisition module is used for acquiring a digital identity file of a user;
a sending module, configured to initiate a binding request to a service mechanism server corresponding to a service mechanism, where the binding request carries the digital identity file and a resource account to be bound corresponding to the user; the binding request is used for triggering the service mechanism server to verify the digital identity file, if the verification is passed, the digital identity file is bound with the resource account, the digital identity file, the resource account and binding information of the digital identity file and the resource account are uploaded to a block chain to be stored, and the digital identity file, the resource account and the binding information of the resource account stored in the block chain open access authority to the service mechanism servers of a plurality of service mechanisms.
A computer device comprising a memory and a processor, the memory storing a computer program, the processor implementing the following steps when executing the computer program:
responding to a binding request of a user, and acquiring a digital identity file corresponding to the user and a resource account to be bound corresponding to the user from the binding request; verifying the digital identity file; if the verification is passed, binding the digital identity file with the resource account corresponding to the user; uploading the digital identity file, the resource account and binding information of the digital identity file and the resource account to a block chain for storage; and the digital identity file and the resource account stored in the blockchain and the binding information of the digital identity file and the resource account open access rights to service mechanism servers of a plurality of service mechanisms.
A computer device comprising a memory and a processor, the memory storing a computer program, the processor implementing the following steps when executing the computer program:
acquiring a digital identity file of a user; sending a binding request to a service mechanism server corresponding to a service mechanism, wherein the binding request carries the digital identity file and a resource account to be bound corresponding to the user; the binding request is used for triggering the service mechanism server to verify the digital identity file, if the verification is passed, the digital identity file is bound with the resource account, the digital identity file, the resource account and binding information of the digital identity file and the resource account are uploaded to a block chain to be stored, and the digital identity file, the resource account and the binding information of the resource account stored in the block chain open access authority to the service mechanism servers of a plurality of service mechanisms.
A computer-readable storage medium, on which a computer program is stored which, when executed by a processor, carries out the steps of:
responding to a binding request of a user, and acquiring a digital identity file corresponding to the user and a resource account to be bound corresponding to the user from the binding request; verifying the digital identity file; if the verification is passed, binding the digital identity file with the resource account corresponding to the user; uploading the digital identity file, the resource account and binding information of the digital identity file and the resource account to a block chain for storage; and the digital identity file and the resource account stored in the blockchain and the binding information of the digital identity file and the resource account open access rights to service mechanism servers of a plurality of service mechanisms.
A computer-readable storage medium, on which a computer program is stored which, when executed by a processor, carries out the steps of:
acquiring a digital identity file of a user; sending a binding request to a service mechanism server corresponding to a service mechanism, wherein the binding request carries the digital identity file and a resource account to be bound corresponding to the user; the binding request is used for triggering the service mechanism server to verify the digital identity file, if the verification is passed, the digital identity file is bound with the resource account, the digital identity file, the resource account and binding information of the digital identity file and the resource account are uploaded to a block chain to be stored, and the digital identity file, the resource account and the binding information of the resource account stored in the block chain open access authority to the service mechanism servers of a plurality of service mechanisms.
According to the resource account binding method, device, computer equipment and storage medium based on the block chain, the digital identity file corresponding to the user and the resource account to be bound of the user are obtained from the binding request by responding to the binding request of the user, the digital identity file is bound with the corresponding resource account after being verified, the digital identity file, the resource account and binding information of the digital identity file and the resource account are uploaded to the block chain for storage, the digital identity file and the resource account stored in the block chain and the binding information of the digital identity file and the resource account open access rights to a plurality of service mechanism servers, so that the plurality of service mechanisms can access the resource account of the user bound with the service mechanisms through the digital identity file of the user, and the identification efficiency and the management efficiency of the service mechanism servers on the resource account of the user are improved.
Drawings
FIG. 1 is a diagram of an application environment of a method for resource account binding based on a blockchain in one embodiment;
FIG. 2 is a flowchart illustrating a method for binding resource accounts based on a blockchain in an embodiment;
FIG. 3 is a flowchart illustrating a method for binding resource accounts based on blockchains in an embodiment;
FIG. 4 is a flowchart illustrating a method for binding resource accounts based on blockchains in an embodiment;
FIG. 5 is a flowchart illustrating a method for binding resource accounts based on blockchains in an embodiment;
FIG. 6 is a block diagram of an apparatus for binding resource accounts based on block chains according to an embodiment;
FIG. 7 is a block diagram of an apparatus for binding resource accounts based on block chains in one embodiment;
FIG. 8 is a diagram illustrating an internal structure of a computer device according to an embodiment.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the present application is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the present application and are not intended to limit the present application.
It should be noted that the term "first \ second" referred to in the embodiments of the present invention is only used for distinguishing similar objects, and does not represent a specific ordering for the objects, and it should be understood that "first \ second" may exchange a specific order or sequence order if allowed. It should be understood that "first \ second" distinct objects may be interchanged under appropriate circumstances such that embodiments of the invention described herein may be practiced in sequences other than those illustrated or described herein.
The resource account binding method based on the block chain can be applied to the application environment shown in fig. 1. Wherein the terminal 102 communicates with the service mechanism server 104 via a network, and the service mechanism server communicates with the resource account server 106 via a network. The service mechanism server 104 responds to the binding request sent by the terminal 102, obtains the digital identity file corresponding to the user and the resource account with binding from the binding request, and uploads the related information to the block chain. The service mechanism server 104 may open the resource account according to the resource account opening request of the terminal 102, and after the service mechanism server 104 sends the relevant information to the resource account server 106 for verification, the resource account is bound with the corresponding basic account of the user. The terminal 102 may be, but is not limited to, various personal computers, notebook computers, smart phones, tablet computers, and portable wearable devices, and the service organization server 104 and the resource account server 106 may be implemented by independent servers or a server cluster formed by a plurality of servers.
In one embodiment, as shown in fig. 2, a method for binding resource accounts based on a block chain is provided, which is described by taking the method as an example applied to the business institution server 104 in fig. 1, and includes the following steps:
step S201, in response to the binding request of the user, obtaining the digital identity file corresponding to the user and the resource account to be bound corresponding to the user from the binding request.
The digital identity file of the user can be a user digital identity generated by the user according to the distributed Digital Identity (DID) protocol specification and the identity information of the user, the digital identity file corresponding to the specific identity of the user has uniqueness, verifiability and distributed, and the user can independently control the digital identity of the user. The resource account may be an account that the user registers or obtains at a business organization that relates to the user's property, information, resources, etc. related content. Users may be individuals, businesses, corporations, and other organizations of entities. The business entity may be a bank or the like. The user digital identity file contains the digital identity ID information of the user.
In a specific implementation, the service mechanism server 104 responds to a binding request of a user, and obtains a digital identity file corresponding to the user and a resource account to be bound corresponding to the user from the binding request.
Step S202, the digital identity file is verified.
In a specific implementation, the service organization server 104 may perform one or more dimension checks on the digital identity file. For example, the business entity server 104 verifies one or more of the authenticity of the digital identity file, the content, format, or source legitimacy.
Step S203, if the verification is passed, the digital identity file and the resource account corresponding to the user are bound.
In a specific implementation, when the digital identity file conforms to the corresponding verification standard side, the digital identity file passes the verification. The service mechanism server 104 may bind the digital identity file with the resource account corresponding to the user.
And step S204, uploading the digital identity file, the resource account and the binding information of the digital identity file and the resource account to a block chain for storage.
The digital identity files and the resource accounts of the users stored in the blockchain and the binding information of the digital identity files and the resource accounts open access rights to the service mechanism servers of the plurality of service mechanisms. The blockchain may have a trusted service authority server of a plurality of service authorities as a blockchain node. Each service mechanism server can access the digital identity file of the user and the resource account bound with the digital identity file through the digital identity ID information of the user.
In a specific implementation, the service mechanism server 104 uploads the digital identity file and the resource account and the binding information of the digital identity file and the resource account to the block chain, and stores and manages the digital identity file and the resource account through an intelligent contract on the block chain.
According to the resource account binding method based on the block chain, the digital identity file corresponding to the user and the resource account to be bound of the user are obtained from the binding request by responding to the binding request of the user, the digital identity file is verified, the digital identity file and the corresponding resource account are bound, the digital identity file, the resource account and the binding information of the digital identity file and the resource account are uploaded to the block chain for storage, the digital identity file and the resource account stored on the block chain and the binding information of the digital identity file and the resource account open access rights to a plurality of service mechanism servers, so that the plurality of service mechanisms can access the resource account of the user bound with the service mechanisms through the digital identity file of the user, and the identification and management efficiency of the service mechanism servers to the resource account of the user are improved.
In one embodiment, the step of verifying the digital identity file determined in step S202 includes:
and checking the digital identity document according to the DID protocol specification.
In this embodiment, a DID Distributed Identities (DID) is generated according to a certain algorithm, and a pair of keys is generated at the same time, where a first key of the pair of keys is used to sign user identity information, and the signature information and the original identity information are combined to obtain a digital identity file, and a second key is used to verify the digital identity file. The user as the user of DID creates and manages his DID through the program, and stores the information related to the identity in the component, and the personal information of the user related to DID is not linked. Among the open-source standards of DID, the DID standard includes a DID specification including a DID identifier and a DID document and a verifiable declaration. In a specific implementation, the service organization server 104 may perform format verification on the digital identity file of the user according to a format requirement specified by the DID protocol, and may also perform verification on the digital identity file according to a public key included in the digital identity file of the user.
In some embodiments, the service mechanism server 104 may obtain the authentication information of the user sent by the terminal 102, and verify the identity of the user according to the authentication information. The identity authentication information can be data such as the identity document of the user, and can also be the identity certificate of the user issued by other DID issuing parties.
According to the scheme of the embodiment, the digital identity file is verified through the DID protocol specification, and the normalization and the authenticity of the acquired user identity information are improved.
In one embodiment, the resource account is an account bound to a base account of the user, the method further comprising:
responding to a resource account opening request of a user, and acquiring opening application information corresponding to the user from the resource account opening request; the opening application information comprises a digital signature of a user and a basic account to be bound; verifying a digital signature of a user; if the verification is passed, the resource account and the certificate of the user are created; after adding an agency signature to the resource account, sending an account identifier and a certificate of the resource account to a resource account server; and acquiring verification passing information sent after the signature of the resource account server verification mechanism passes, and binding the resource account and the basic account.
In this embodiment, the basic account is an account that is opened by the user in the service organization according to the identity credential or other credentials, and is associated with the actual resource occupation of the user. The account identification of the resource account may be an account name or other information that can determine the resource account. In some embodiments, the primary account may be a bank account that the user opens at a bank based on the identity document, associated with the user's actual cash asset possession, and the resource account may be bound to the bank account, related to the bank account but with a different account present on the usage rules.
If the user of the terminal 102 needs to obtain the resource account, the user needs to make an application to the service institution server 104. The service mechanism server 104 responds to the resource account opening request of the user, and acquires the corresponding digital signature of the user and the basic account to be bound from the resource account opening request. After the service agency server 104 verifies the digital signature of the user, it creates a resource account of the user, allocates a certificate, adds an agency signature to the resource account, and sends the account identifier and the certificate of the resource account to the resource account server 106. The resource account server 106 verifies the institution signature and stores the resource account identification and certificate information after the verification is passed. The service organization server 104 acquires the verification passing information sent back by the resource account server 106 to complete the binding of the resource account and the basic account of the user.
In the scheme of the embodiment, after the service organization server 104 obtains the resource account opening request of the user and verifies the user signature, the resource account of the user is created and the certificate is allocated, the organization signature is added to the resource account, the account identifier and the certificate of the resource account are submitted to the resource account server 106 for verification, the resource account and the basic account of the user are bound, and the security and the compliance of the creation of the resource account of the user are improved.
In one embodiment, as shown in fig. 3, a resource account binding method based on a block chain is provided, which is described by taking the method as an example applied to the terminal 102 in fig. 1, and includes the following steps:
step 301, acquiring a digital identity file of a user.
In a specific implementation, the terminal 102 may obtain the digital identity file of the user according to the identity information of the user.
Step 302, a binding request is initiated to a service mechanism server corresponding to a service mechanism, and the binding request carries a digital identity file and a resource account to be bound corresponding to a user.
The binding request is used for triggering the service mechanism server to check the digital identity file, if the check is passed, the digital identity file is bound with the resource account, the digital identity file, the resource account and binding information of the digital identity file and the resource account are uploaded to the block chain to be stored, and the digital identity file, the resource account and the binding information of the resource account stored in the block chain open access permissions for the service mechanism servers of the plurality of service mechanisms.
In a specific implementation, the terminal 102 may obtain a resource account to be bound corresponding to the user, and send a binding request carrying the digital identity file and the resource account corresponding to the user to the service mechanism server 104. The service organization server 104 may bind the digital identity file and the resource account according to the binding request, and upload the digital identity file, the resource account, and the binding information of the two to the block chain for storage, and the trusted service organization servers of the plurality of service organizations may access the resource account according to the digital identity file.
According to the scheme of the embodiment, the digital identity file of the user is acquired, the binding request carrying the digital identity file and the resource account corresponding to the user is sent to the service mechanism server 104, so that the service mechanism server 104 acquires the digital identity file corresponding to the user and the resource account to be bound of the user from the binding request by responding to the binding request of the user, the digital identity file and the corresponding resource account are bound after the digital identity file is verified, the digital identity file, the resource account and the binding information of the digital identity file and the resource account are uploaded to the block chain for storage, the trusted service mechanism servers of a plurality of service mechanisms can access the resource account of the user bound with the trusted service mechanism servers through the digital identity file of the user, and the identification efficiency and the management efficiency of the service mechanism server on the resource account of the user are improved.
In an embodiment, before the step S301 determines to acquire the digital identity file of the user, the method further includes:
acquiring identity information of a user; acquiring a first key and a second key corresponding to the first key; and signing the identity information of the user according to the first secret key to obtain the digital identity file.
In this embodiment, the digital identity document conforms to the DID protocol specification, the digital identity document further includes a second key, the second key is used for performing signature verification on the digital identity document, and the second key corresponds to the first key. The terminal 102 may obtain the identity information corresponding to the user, obtain a key pair including a first key and a second key, sign the identity information of the user according to the first key, and obtain a digital identity file of the user that conforms to the DID protocol specification. In some embodiments, the terminal 102 may be a bank APP client or a Web browser, and the terminal 102 may obtain identity information corresponding to the user according to the user login information or registration information reserved in the business institution. In some embodiments, the terminal 102 may have a key pair generation function, and the terminal 102 may sign the identity information of the user according to a private key.
In the scheme of the above embodiment, the terminal 102 signs the acquired identity information of the user through the first key to obtain the digital identity file of the user, so that the authenticity and the security of the digital identity file are improved.
In one embodiment, the method further comprises:
the resource account is an account bound with a basic account of the user, and a digital signature for opening the resource account by the user and the basic account to be bound are obtained; and initiating a resource account opening request to the service mechanism server, wherein the resource account opening request carries the digital signature of the user and the basic account to be bound.
In this embodiment, the terminal 102 obtains a digital signature for opening a resource account and a basic account with binding, and sends a resource account opening request carrying the digital signature of the user and the basic account to be bound to the service institution server 104, the service institution server 104 creates the resource account of the user and allocates a certificate after the signature verification passes according to the resource account opening request, and adds an institution signature to the resource account, and sends an account identifier and a certificate of the resource account to the resource account server 106. The service organization server 104 acquires the verification passing information sent back by the resource account server 106 to complete the binding of the resource account and the basic account of the user.
In the scheme of the embodiment, the terminal 102 sends a resource account opening request carrying a digital signature of a user and a basic account to be bound to the service institution server 104, the service institution 104 performs digital signature verification according to the resource account opening request, creates a resource account of the user and allocates a certificate, adds an institution signature to the resource account, submits an account identifier and a certificate of the resource account to the resource account server 106 for verification, and binds the resource account and the basic account of the user, thereby improving the security and the compliance of creation of the resource account of the user.
In order to better understand the technical solution of the present application, according to fig. 4 and fig. 5, a usage scenario of the above resource account binding method based on a block chain in the terminal 102, the service entity server 104, and the resource account server 106 is further explained. The service mechanism server 104 may be a bank server or other digital legal tender operation mechanism servers, the terminal 102 may be a bank APP client or a Web browser, the resource account server 106 may be a central bank digital legal tender server, the resource account may be a digital legal tender account, and the basic account may be a bank account.
The bank APP client side applies for opening a digital legal account to a bank server, acquires registered identity information of a user and submits an identity verification request to the bank server, the bank APP client side generates a pair of digital identity keys and creates a digital identity file of the user based on a DID digital identity Document protocol format, and the bank APP client side can request for binding the digital identity Document of the bank APP client side with the opened digital legal account to the bank server. And the bank server verifies the data submitted by the user and uploads the data to the block chain.
The bank server serves as a unified business service entrance to provide specific services for a user digital legal account client/browser end of the bank server, and the specific services comprise business logic interfaces of creation, updating and deletion of digital identities, digital identity authentication, binding of the digital identities and the digital legal accounts and the like. Ensure that the digital identity registered to the blockchain is legitimate and unique and that the digital identity on the blockchain is authentic and valid.
After obtaining the authorization of issuing legal Digital Currency (DC/EP for short) of the central bank, the bank server can apply for issuing the quota of the DC/EP to the central bank. After the central bank passes the examination and approval, the central bank can return the credit certificate of the issued credit obtained by the service organization to the bank server, and the digital legal account application and the identity verification of the user also need the central bank digital legal server to carry out authentication.
The flow of the user creating the digital legal account is shown in fig. 4. The user needs to establish the digital legal account based on the existing bank account, the binding relationship between the bank account and the digital currency account is appointed by the user in the opening process, the bank account is bound with the digital currency account after the opening is successful, and the user can access the digital currency account through the bank account.
The process of the user creating the digital identity and binding the existing digital legal account is shown in fig. 5. The bank server creates a digital identity file of the user according to the user request, the bank APP client binds a digital legal account of the user according to the digital identity file, and the bank server can complete the operation only after the user passes identity verification.
It should be understood that although the various steps in the flow charts of fig. 2-5 are shown in order as indicated by the arrows, the steps are not necessarily performed in order as indicated by the arrows. The steps are not performed in the exact order shown and described, and may be performed in other orders, unless explicitly stated otherwise. Moreover, at least some of the steps in fig. 2-5 may include multiple steps or multiple stages, which are not necessarily performed at the same time, but may be performed at different times, which are not necessarily performed in sequence, but may be performed in turn or alternately with other steps or at least some of the other steps.
In one embodiment, as shown in fig. 6, there is provided a resource account binding apparatus based on a block chain, the apparatus 600 includes:
a receiving module 601, configured to respond to a binding request of a user, and obtain a digital identity file corresponding to the user and a resource account to be bound corresponding to the user from the binding request;
a verification module 602, configured to verify the digital identity file;
a binding module 603, configured to bind the digital identity file and the resource account corresponding to the user if the verification passes;
the uplink module 604 is configured to upload the digital identity file and the resource account and the binding information of the digital identity file and the resource account to a block chain for storage; the digital identity files and the resource accounts stored in the block chain and the binding information of the digital identity files and the resource accounts open access rights to the service mechanism servers of a plurality of service mechanisms.
In one embodiment, the verification module 602 is further configured to verify the digital identity file according to the DID protocol specification.
In one embodiment, the resource account is an account bound to a base account of the user, and the apparatus 600 further includes: the resource account opening module is used for responding to a resource account opening request of a user and acquiring opening application information corresponding to the user from the resource account opening request; the opening application information comprises a digital signature of a user and a basic account to be bound; verifying a digital signature of a user; if the verification is passed, the resource account and the certificate of the user are created; after adding an agency signature to the resource account, sending an account identifier and a certificate of the resource account to a resource account server; and acquiring verification passing information after the signature of the resource account server verification mechanism passes, and binding the resource account and the basic account.
In one embodiment, as shown in fig. 7, there is provided a resource account binding apparatus based on a block chain, the apparatus 700 including:
an identity file obtaining module 701, configured to obtain a digital identity file of a user;
a sending module 702, configured to initiate a binding request to a service mechanism server corresponding to a service mechanism, where the binding request carries a digital identity file and a resource account to be bound corresponding to a user; the binding request is used for triggering the service mechanism server to check the digital identity file, if the check is passed, the digital identity file is bound with the resource account, the digital identity file, the resource account and binding information of the digital identity file and the resource account are uploaded to the block chain for storage, and the digital identity file, the resource account and the binding information of the digital identity file and the resource account stored in the block chain open access permissions for the service mechanism servers of the plurality of service mechanisms.
In one embodiment, the apparatus 700 further comprises: the identity information signature module is used for acquiring the identity information of the user; acquiring a first key and a second key corresponding to the first key; signing the identity information of the user according to the first secret key to obtain a digital identity file comprising signature information; the digital identity document conforms to DID protocol specifications; the digital identity file also comprises a second secret key which is used for verifying signature information of the digital identity file.
In one embodiment, the resource account is an account bound to a base account of the user, and the apparatus 700 further includes: the resource account opening module is used for acquiring a digital signature for opening a resource account by a user and a basic account to be bound; initiating a resource account opening request to a service mechanism server, wherein the resource account opening request carries a digital signature of a user and a basic account to be bound; the resource account opening request is used for triggering the service agency server to verify the digital signature, if the digital signature passes the verification, the resource account and the certificate of the user are created, after the agency signature is added to the resource account, the account identification and the certificate of the resource account are sent to the resource account server, the verification passing information sent after the agency signature passes the verification of the resource account server is obtained, and the resource account and the basic account are bound.
For specific limitations of the resource account binding apparatus based on the blockchain, reference may be made to the above limitations of the resource account binding method based on the blockchain, and details are not described here again. The modules in the block chain-based resource account binding apparatus may be implemented in whole or in part by software, hardware, and a combination thereof. The modules can be embedded in a hardware form or independent from a processor in the computer device, and can also be stored in a memory in the computer device in a software form, so that the processor can call and execute operations corresponding to the modules.
In one embodiment, a computer device is provided, which may be a server, and its internal structure diagram may be as shown in fig. 8. The computer device includes a processor, a memory, and a network interface connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device comprises a nonvolatile storage medium and an internal memory. The non-volatile storage medium stores an operating system, a computer program, and a database. The internal memory provides an environment for the operation of an operating system and computer programs in the non-volatile storage medium. The database of the computer device is used for storing user resource account data, basic account data and user digital identity files. The network interface of the computer device is used for communicating with an external terminal through a network connection. The computer program when executed by a processor implements a blockchain-based resource account binding method.
Those skilled in the art will appreciate that the architecture shown in fig. 8 is merely a block diagram of some of the structures associated with the disclosed aspects and is not intended to limit the computing devices to which the disclosed aspects apply, as particular computing devices may include more or less components than those shown, or may combine certain components, or have a different arrangement of components.
In one embodiment, a computer device is provided, comprising a memory storing a computer program and a processor implementing the steps of the above method embodiments when the processor executes the computer program.
In an embodiment, a computer-readable storage medium is provided, on which a computer program is stored which, when being executed by a processor, carries out the steps of the above-mentioned method embodiments.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by hardware instructions of a computer program, which can be stored in a non-volatile computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. Any reference to memory, storage, database or other medium used in the embodiments provided herein can include at least one of non-volatile and volatile memory. Non-volatile Memory may include Read-Only Memory (ROM), magnetic tape, floppy disk, flash Memory, optical storage, or the like. Volatile Memory can include Random Access Memory (RAM) or external cache Memory. By way of illustration and not limitation, RAM can take many forms, such as Static Random Access Memory (SRAM) or Dynamic Random Access Memory (DRAM), among others.
The technical features of the above embodiments can be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the above embodiments are not described, but should be considered as the scope of the present specification as long as there is no contradiction between the combinations of the technical features.
The above-mentioned embodiments only express several embodiments of the present application, and the description thereof is more specific and detailed, but not construed as limiting the scope of the invention. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the concept of the present application, which falls within the scope of protection of the present application. Therefore, the protection scope of the present patent shall be subject to the appended claims.
Claims (10)
1. A resource account binding method based on a block chain is characterized by comprising the following steps:
responding to a binding request of a user, and acquiring a digital identity file corresponding to the user and a resource account to be bound corresponding to the user from the binding request;
verifying the digital identity file;
if the verification is passed, binding the digital identity file with the resource account corresponding to the user;
uploading the digital identity file, the resource account and binding information of the digital identity file and the resource account to a block chain for storage; and the digital identity file and the resource account stored in the blockchain and the binding information of the digital identity file and the resource account open access rights to service mechanism servers of a plurality of service mechanisms.
2. The method of claim 1, wherein verifying the digital identity file comprises:
and checking the digital identity document according to the DID protocol specification.
3. The method of claim 1, wherein the resource account is an account bound to a base account of the user, the method further comprising:
responding to the resource account opening request of the user, and acquiring opening application information corresponding to the user from the resource account opening request; the opening application information comprises the digital signature of the user and a basic account to be bound;
verifying the digital signature of the user;
if the verification is passed, the resource account and the certificate of the user are created;
after adding an agency signature to the resource account, sending the account identifier of the resource account and the certificate to a resource account server;
and acquiring verification passing information sent by the resource account server after the authority signature passes verification, and binding the resource account and the basic account.
4. A resource account binding method based on a block chain is characterized by comprising the following steps:
acquiring a digital identity file of a user;
sending a binding request to a service mechanism server corresponding to a service mechanism, wherein the binding request carries the digital identity file and a resource account to be bound corresponding to the user; the binding request is used for triggering the service mechanism server to verify the digital identity file, if the verification is passed, the digital identity file is bound with the resource account, the digital identity file, the resource account and binding information of the digital identity file and the resource account are uploaded to a block chain to be stored, and the digital identity file, the resource account and the binding information of the resource account stored in the block chain open access authority to the service mechanism servers of a plurality of service mechanisms.
5. The method of claim 4, wherein before the obtaining the digital identity file of the user, the method comprises:
acquiring identity information of the user;
acquiring a first key and a second key corresponding to the first key;
signing the identity information of the user according to the first secret key to obtain the digital identity file comprising signature information; the digital identity document conforms to DID protocol specifications; the digital identity file also comprises the second key, and the second key is used for verifying the signature information of the digital identity file.
6. The method of claim 4, wherein the resource account is an account bound to a base account of the user, the method further comprising:
acquiring a digital signature of the user opening resource account and a basic account to be bound;
initiating a resource account opening request to the service mechanism server, wherein the resource account opening request carries the digital signature of the user and the basic account to be bound; the resource account opening request is used for triggering the service agency server to verify the digital signature, if the digital signature passes the verification, the resource account and the certificate of the user are created, after the agency signature is added to the resource account, the account identification of the resource account and the certificate are sent to the resource account server, verification passing information sent after the agency signature passes the verification of the resource account server is obtained, and the resource account and the basic account are bound.
7. An apparatus for binding resource accounts based on block chains, the apparatus comprising:
the receiving module is used for responding to a binding request of a user, and acquiring a digital identity file corresponding to the user and a resource account to be bound corresponding to the user from the binding request;
the verification module is used for verifying the digital identity file;
the binding module is used for binding the digital identity file with the resource account corresponding to the user if the verification is passed;
the uplink module is used for uploading the digital identity file, the resource account and the binding information of the digital identity file and the resource account to a block chain for storage; and the digital identity file and the resource account stored in the blockchain and the binding information of the digital identity file and the resource account open access rights to service mechanism servers of a plurality of service mechanisms.
8. An apparatus for binding resource accounts based on block chains, the apparatus comprising:
the identity file acquisition module is used for acquiring a digital identity file of a user;
a sending module, configured to initiate a binding request to a service mechanism server corresponding to a service mechanism, where the binding request carries the digital identity file and a resource account to be bound corresponding to the user; the binding request is used for triggering the service mechanism server to verify the digital identity file, if the verification is passed, the digital identity file is bound with the resource account, the digital identity file, the resource account and binding information of the digital identity file and the resource account are uploaded to a block chain to be stored, and the digital identity file, the resource account and the binding information of the resource account stored in the block chain open access authority to the service mechanism servers of a plurality of service mechanisms.
9. A computer device comprising a memory and a processor, the memory storing a computer program, characterized in that the processor, when executing the computer program, implements the steps of the method of any of claims 1 to 6.
10. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the method of any one of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010788761.3A CN111881483B (en) | 2020-08-07 | 2020-08-07 | Resource account binding method, device, equipment and medium based on blockchain |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010788761.3A CN111881483B (en) | 2020-08-07 | 2020-08-07 | Resource account binding method, device, equipment and medium based on blockchain |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111881483A true CN111881483A (en) | 2020-11-03 |
| CN111881483B CN111881483B (en) | 2024-02-23 |
Family
ID=73211045
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010788761.3A Active CN111881483B (en) | 2020-08-07 | 2020-08-07 | Resource account binding method, device, equipment and medium based on blockchain |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111881483B (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112396409A (en) * | 2020-11-27 | 2021-02-23 | 中国银联股份有限公司 | Digital resource account binding method, device, equipment and medium |
| CN112653557A (en) * | 2020-12-25 | 2021-04-13 | 北京天融信网络安全技术有限公司 | Digital identity processing method and device, electronic equipment and readable storage medium |
| CN113570373A (en) * | 2021-09-23 | 2021-10-29 | 北京理工大学 | Responsibility pursuing transaction method and system based on block chain |
| CN113918984A (en) * | 2020-12-11 | 2022-01-11 | 京东科技信息技术有限公司 | Application access method and system based on block chain, storage medium and electronic equipment |
| CN114971607A (en) * | 2022-05-31 | 2022-08-30 | 上海盛付通电子支付服务有限公司 | Method, apparatus, medium, and program product for issuing resources instead |
| CN115564438A (en) * | 2022-12-06 | 2023-01-03 | 北京百度网讯科技有限公司 | Block chain-based digital resource processing method, device, equipment and storage medium |
Citations (18)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20090276771A1 (en) * | 2005-09-15 | 2009-11-05 | 3Tera, Inc. | Globally Distributed Utility Computing Cloud |
| US20130311772A1 (en) * | 2012-05-17 | 2013-11-21 | Zenerji Llc | Non-pki digital signatures and information notary public in the cloud |
| WO2015135399A1 (en) * | 2014-03-13 | 2015-09-17 | Tencent Technology (Shenzhen) Company Limited | Device, system, and method for creating virtual credit card |
| CN107392601A (en) * | 2017-06-26 | 2017-11-24 | 中国人民银行数字货币研究所 | The application method and system of digital cash wallet |
| US20180048461A1 (en) * | 2016-08-10 | 2018-02-15 | Peer Ledger Inc. | Apparatus, system, and methods for a blockchain identity translator |
| US20180293553A1 (en) * | 2017-04-06 | 2018-10-11 | Stronghold Labs, Llc | Account platform for a distributed network of nodes |
| CN108764872A (en) * | 2018-06-01 | 2018-11-06 | 杭州复杂美科技有限公司 | A kind of authority to pay method and system, equipment and storage medium |
| CN110060037A (en) * | 2019-04-24 | 2019-07-26 | 上海能链众合科技有限公司 | A kind of distributed digital identification system based on block chain |
| WO2019191213A1 (en) * | 2018-03-27 | 2019-10-03 | Workday, Inc. | Digital credential authentication |
| US20190333054A1 (en) * | 2018-04-20 | 2019-10-31 | Infonetworks Llc | System for verification of pseudonymous credentials for digital identities with managed access to personal data on trust networks |
| US20200026834A1 (en) * | 2018-07-23 | 2020-01-23 | One Kosmos Inc. | Blockchain identity safe and authentication system |
| WO2020024968A1 (en) * | 2018-08-01 | 2020-02-06 | 腾讯科技(深圳)有限公司 | Resource transfer data management method and apparatus, and storage medium |
| CN110766579A (en) * | 2019-10-22 | 2020-02-07 | 深圳技术大学 | Online education management verification system and method based on block chain platform |
| WO2020098839A2 (en) * | 2020-02-14 | 2020-05-22 | Alipay (Hangzhou) Information Technology Co., Ltd. | Data authorization based on decentralized identifiers |
| CN111401871A (en) * | 2020-05-29 | 2020-07-10 | 支付宝(杭州)信息技术有限公司 | Transaction processing method, device, equipment and system |
| CN111475845A (en) * | 2020-04-13 | 2020-07-31 | 中国工商银行股份有限公司 | Unstructured data identity authorization access system and method |
| CN111489145A (en) * | 2020-06-24 | 2020-08-04 | 支付宝(杭州)信息技术有限公司 | Resource transfer method, device and equipment based on block chain |
| CN111901359A (en) * | 2020-08-07 | 2020-11-06 | 广州运通链达金服科技有限公司 | Resource account authorization method, device, system, computer equipment and medium |
-
2020
- 2020-08-07 CN CN202010788761.3A patent/CN111881483B/en active Active
Patent Citations (18)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20090276771A1 (en) * | 2005-09-15 | 2009-11-05 | 3Tera, Inc. | Globally Distributed Utility Computing Cloud |
| US20130311772A1 (en) * | 2012-05-17 | 2013-11-21 | Zenerji Llc | Non-pki digital signatures and information notary public in the cloud |
| WO2015135399A1 (en) * | 2014-03-13 | 2015-09-17 | Tencent Technology (Shenzhen) Company Limited | Device, system, and method for creating virtual credit card |
| US20180048461A1 (en) * | 2016-08-10 | 2018-02-15 | Peer Ledger Inc. | Apparatus, system, and methods for a blockchain identity translator |
| US20180293553A1 (en) * | 2017-04-06 | 2018-10-11 | Stronghold Labs, Llc | Account platform for a distributed network of nodes |
| CN107392601A (en) * | 2017-06-26 | 2017-11-24 | 中国人民银行数字货币研究所 | The application method and system of digital cash wallet |
| WO2019191213A1 (en) * | 2018-03-27 | 2019-10-03 | Workday, Inc. | Digital credential authentication |
| US20190333054A1 (en) * | 2018-04-20 | 2019-10-31 | Infonetworks Llc | System for verification of pseudonymous credentials for digital identities with managed access to personal data on trust networks |
| CN108764872A (en) * | 2018-06-01 | 2018-11-06 | 杭州复杂美科技有限公司 | A kind of authority to pay method and system, equipment and storage medium |
| US20200026834A1 (en) * | 2018-07-23 | 2020-01-23 | One Kosmos Inc. | Blockchain identity safe and authentication system |
| WO2020024968A1 (en) * | 2018-08-01 | 2020-02-06 | 腾讯科技(深圳)有限公司 | Resource transfer data management method and apparatus, and storage medium |
| CN110060037A (en) * | 2019-04-24 | 2019-07-26 | 上海能链众合科技有限公司 | A kind of distributed digital identification system based on block chain |
| CN110766579A (en) * | 2019-10-22 | 2020-02-07 | 深圳技术大学 | Online education management verification system and method based on block chain platform |
| WO2020098839A2 (en) * | 2020-02-14 | 2020-05-22 | Alipay (Hangzhou) Information Technology Co., Ltd. | Data authorization based on decentralized identifiers |
| CN111475845A (en) * | 2020-04-13 | 2020-07-31 | 中国工商银行股份有限公司 | Unstructured data identity authorization access system and method |
| CN111401871A (en) * | 2020-05-29 | 2020-07-10 | 支付宝(杭州)信息技术有限公司 | Transaction processing method, device, equipment and system |
| CN111489145A (en) * | 2020-06-24 | 2020-08-04 | 支付宝(杭州)信息技术有限公司 | Resource transfer method, device and equipment based on block chain |
| CN111901359A (en) * | 2020-08-07 | 2020-11-06 | 广州运通链达金服科技有限公司 | Resource account authorization method, device, system, computer equipment and medium |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112396409A (en) * | 2020-11-27 | 2021-02-23 | 中国银联股份有限公司 | Digital resource account binding method, device, equipment and medium |
| CN113918984A (en) * | 2020-12-11 | 2022-01-11 | 京东科技信息技术有限公司 | Application access method and system based on block chain, storage medium and electronic equipment |
| CN112653557A (en) * | 2020-12-25 | 2021-04-13 | 北京天融信网络安全技术有限公司 | Digital identity processing method and device, electronic equipment and readable storage medium |
| CN112653557B (en) * | 2020-12-25 | 2023-10-13 | 北京天融信网络安全技术有限公司 | Digital identity processing method, digital identity processing device, electronic equipment and readable storage medium |
| CN113570373A (en) * | 2021-09-23 | 2021-10-29 | 北京理工大学 | Responsibility pursuing transaction method and system based on block chain |
| CN114971607A (en) * | 2022-05-31 | 2022-08-30 | 上海盛付通电子支付服务有限公司 | Method, apparatus, medium, and program product for issuing resources instead |
| CN115564438A (en) * | 2022-12-06 | 2023-01-03 | 北京百度网讯科技有限公司 | Block chain-based digital resource processing method, device, equipment and storage medium |
| CN115564438B (en) * | 2022-12-06 | 2023-03-24 | 北京百度网讯科技有限公司 | Block chain-based digital resource processing method, device, equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111881483B (en) | 2024-02-23 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11533164B2 (en) | System and method for blockchain-based cross-entity authentication | |
| US11025435B2 (en) | System and method for blockchain-based cross-entity authentication | |
| CN110581860B (en) | Identity authentication method, device, storage medium and equipment based on block chain | |
| CN110268678B (en) | PKI-based login method for authentication agent user and server using same | |
| CN111881483B (en) | Resource account binding method, device, equipment and medium based on blockchain | |
| US10915552B2 (en) | Delegating credentials with a blockchain member service | |
| WO2021000420A1 (en) | System and method for blockchain-based cross-entity authentication | |
| DE102016206916B4 (en) | Electronic method for cryptographically secured transfer of an amount of a cryptocurrency | |
| CN110599137B (en) | Electronic bill data processing method and device and computer equipment | |
| JP7083892B2 (en) | Mobile authentication interoperability of digital certificates | |
| CN110633963B (en) | Electronic bill processing method, electronic bill processing device, computer readable storage medium and computer readable storage device | |
| EP3788523A1 (en) | System and method for blockchain-based cross-entity authentication | |
| CN110493273B (en) | Identity authentication data processing method and device, computer equipment and storage medium | |
| Liu et al. | Enabling secure and privacy preserving identity management via smart contract | |
| CN109150547B (en) | System and method for real-name registration of digital assets based on block chain | |
| CN111368340A (en) | Block chain-based evidence-based security verification method and device and hardware equipment | |
| CN111292174A (en) | Tax payment information processing method and device and computer readable storage medium | |
| CN111901359B (en) | Resource account authorization method, device, system, computer equipment and medium | |
| CN114666168B (en) | Decentralized identity certificate verification method and device, and electronic equipment | |
| CN110942382A (en) | Electronic contract generating method and device, computer equipment and storage medium | |
| Abraham et al. | Qualified eID derivation into a distributed ledger based IdM system | |
| US20170104748A1 (en) | System and method for managing network access with a certificate having soft expiration | |
| CN117280346A (en) | Method and apparatus for generating, providing and forwarding trusted electronic data sets or certificates based on electronic files associated with a user | |
| CN111566647A (en) | Identity recognition system based on block chain | |
| Durán et al. | An architecture for easy onboarding and key life-cycle management in blockchain applications |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |