[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

CN114844629A - Verification method, device, computer equipment and storage medium for blockchain account - Google Patents

Verification method, device, computer equipment and storage medium for blockchain account Download PDF

Info

Publication number
CN114844629A
CN114844629A CN202210344237.6A CN202210344237A CN114844629A CN 114844629 A CN114844629 A CN 114844629A CN 202210344237 A CN202210344237 A CN 202210344237A CN 114844629 A CN114844629 A CN 114844629A
Authority
CN
China
Prior art keywords
controller
account
target
verified
contract
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202210344237.6A
Other languages
Chinese (zh)
Other versions
CN114844629B (en
Inventor
王挺
曹崇瑞
胡志敏
李刚锐
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Netease Hangzhou Network Co Ltd
Original Assignee
Netease Hangzhou Network Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Netease Hangzhou Network Co Ltd filed Critical Netease Hangzhou Network Co Ltd
Priority to CN202210344237.6A priority Critical patent/CN114844629B/en
Publication of CN114844629A publication Critical patent/CN114844629A/en
Application granted granted Critical
Publication of CN114844629B publication Critical patent/CN114844629B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/088Usage controlling of secret information, e.g. techniques for restricting cryptographic keys to pre-authorized uses, different access levels, validity of crypto-period, different key- or password length, or different strong and weak cryptographic algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

The embodiment of the application discloses a verification method, a verification device, computer equipment and a storage medium for a block chain account, wherein the verification method comprises the following steps: receiving a transaction request initiated by a controller to be verified corresponding to a target user; acquiring controller public key information of a plurality of account controllers in a DID account contract corresponding to the target DID account to obtain a plurality of controller public key information; determining the public key information to be verified of the controller to be verified based on the signature information of the controller to be verified and the private key information of the controller to be verified; searching whether controller public key information matched with the public key information to be verified exists in the plurality of controller public keys, and determining a verification result; if the verification result is successful, determining that the transaction is effective, and performing the transaction in the block chain network based on the transaction body; by using the DID contract as the bottom layer system contract, the private key can be reset, the problem of private key loss is solved, and the reliability of the block chain is improved.

Description

区块链账户的验证方法、装置、计算机设备及存储介质Verification method, device, computer equipment and storage medium for blockchain account

技术领域technical field

本申请涉及计算机技术领域,具体涉及一种区块链账户的验证方法、装置、计算机设备及存储介质。The present application relates to the field of computer technology, and in particular to a method, device, computer equipment and storage medium for verifying a blockchain account.

背景技术Background technique

随着互联网的不断发展,区块链技术应运而生,具体地,区块链技术的本质是去中心化且寓于分布式结构的数据存储、传输和证明的方法,用数据区块取代目前互联网对中心服务器的依赖,使得所有数据的变更或者交易项目都被记录在一个云系统之上。区块链技术是一种互联网数据库技术,具有去中心化、公开透明的特点。例如,区块链领域出现的技术数字身份分布式身份标识(Decentralized Identifiers,DID)技术,具有分布式、自主可控、跨链复用等特点。With the continuous development of the Internet, blockchain technology has emerged as the times require. Specifically, the essence of blockchain technology is a decentralized and distributed data storage, transmission and proof method, replacing the current Internet with data blocks. The reliance on the central server enables all data changes or transaction items to be recorded on a cloud system. Blockchain technology is an Internet database technology with the characteristics of decentralization, openness and transparency. For example, the Decentralized Identifiers (DID) technology of technical digital identity in the field of blockchain has the characteristics of distributed, autonomous and controllable, and cross-chain reuse.

目前,在现有的区块链账号体系,通常采用一个公私钥对,基于算法由私钥推导出公钥,再由公钥推导出地址,区块链账号是唯一的私钥控制,私钥是账户验证的唯一证明。因此,当用户私钥丢失时,用户无法找回自身的区块链账号,从而会丢失当前账户下的所有权益,从而导致区块链使用时的可靠性低。At present, in the existing blockchain account system, a public-private key pair is usually used. Based on the algorithm, the public key is derived from the private key, and then the address is derived from the public key. The blockchain account is controlled only by the private key, and the private key is controlled by the private key. is the only proof of account verification. Therefore, when the user's private key is lost, the user cannot retrieve his own blockchain account, thus losing all rights and interests under the current account, resulting in low reliability when using the blockchain.

发明内容SUMMARY OF THE INVENTION

本申请实施例提供一种区块链账户的验证方法、装置、计算机设备及存储介质,可以通过将DID合约作为底层系统合约,用户将DID合约账号作为底层区块链账号,能够实现重置私钥,解决私钥丢失的问题,提高区块链的可靠性。The embodiments of the present application provide a method, device, computer equipment and storage medium for verifying a blockchain account. By using the DID contract as the underlying system contract and the user using the DID contract account as the underlying blockchain account, it is possible to reset the private key, solve the problem of private key loss, and improve the reliability of the blockchain.

本申请实施例提供了一种区块链账户的验证方法,该方法包括:The embodiment of the present application provides a method for verifying a blockchain account, and the method includes:

接收目标用户对应的待验证控制者发起的交易请求,其中,所述交易请求中携带有交易体,所述交易体包括交易数据、目标DID账号、待验证控制者的签名信息以及待验证控制者的私钥信息;Receive a transaction request initiated by the controller to be verified corresponding to the target user, wherein the transaction request carries a transaction body, and the transaction body includes transaction data, the target DID account number, the signature information of the controller to be verified, and the controller to be verified. private key information;

获取所述目标DID账号对应的DID账号合约中多个账号控制者的控制者公钥信息,得到多个控制者公钥信息;Obtain the controller public key information of multiple account controllers in the DID account contract corresponding to the target DID account, and obtain multiple controller public key information;

基于所述待验证控制者的签名信息和所述待验证控制者的私钥信息确定待验证控制者的待验证公钥信息;Determine the public key information to be verified of the controller to be verified based on the signature information of the controller to be verified and the private key information of the controller to be verified;

从所述多个控制者公钥中查找是否存与所述待验证公钥信息匹配的控制者公钥信息,确定验证结果;Find out whether there is controller public key information matching the to-be-verified public key information from the plurality of controller public keys, and determine the verification result;

若验证结果为验证成功,则确定交易有效,基于所述交易体在区块链网络中进行交易。If the verification result is that the verification is successful, it is determined that the transaction is valid, and the transaction is performed in the blockchain network based on the transaction body.

相应的,本申请实施例还提供了一种区块链账户的验证装置,所述装置包括:Correspondingly, an embodiment of the present application also provides a verification device for a blockchain account, the device comprising:

接收单元,用于接收目标用户对应的待验证控制者发起的交易请求,其中,所述交易请求中携带有交易体,所述交易体包括交易数据、目标DID账号、待验证控制者的签名信息以及待验证控制者的私钥信息;The receiving unit is configured to receive a transaction request initiated by the controller to be verified corresponding to the target user, wherein the transaction request carries a transaction body, and the transaction body includes transaction data, the target DID account number, and the signature information of the controller to be verified. And the private key information of the controller to be verified;

获取单元,用于获取所述目标DID账号对应的DID账号合约中多个账号控制者的控制者公钥信息,得到多个控制者公钥信息;an obtaining unit, configured to obtain the controller public key information of multiple account controllers in the DID account contract corresponding to the target DID account, and obtain multiple controller public key information;

第一确定单元,用于基于所述待验证控制者的签名信息和所述待验证控制者的私钥信息确定待验证控制者的待验证公钥信息;a first determining unit, configured to determine the public key information to be verified of the controller to be verified based on the signature information of the controller to be verified and the private key information of the controller to be verified;

第二确定单元,用于从所述多个控制者公钥中查找是否存与所述待验证公钥信息匹配的控制者公钥信息,确定验证结果;a second determining unit, configured to search whether there is controller public key information matching the public key information to be verified from the plurality of controller public keys, and determine the verification result;

第三确定单元,用于若验证结果为验证成功,则确定交易有效,基于所述交易体在区块链网络中进行交易。The third determining unit is configured to determine that the transaction is valid if the verification result is that the verification is successful, and perform the transaction in the blockchain network based on the transaction body.

在一些实施例中,该装置还包括:In some embodiments, the apparatus further includes:

第一接收子单元,用于接收所述目标用户对应的第一控制者发送的账号注册请求,所述账号注册请求携带有第一控制者属性信息,所述第一控制者属性信息包括第一控制者的第一私钥信息、第一控制者的第一公钥信息以及第一控制者的第一控制者地址;The first receiving subunit is configured to receive an account registration request sent by a first controller corresponding to the target user, where the account registration request carries attribute information of the first controller, and the attribute information of the first controller includes the first The first private key information of the controller, the first public key information of the first controller, and the first controller address of the first controller;

第一生成单元,用于基于所述第一控制者属性信息,在所述区块链网络已部署的账号系统合约中生成目标合约地址,其中,所述账号系统合约用于管理DID账号;a first generating unit, configured to generate a target contract address in the account system contract deployed by the blockchain network based on the attribute information of the first controller, wherein the account system contract is used to manage the DID account;

第二生成单元,用于基于所述目标合约地址和预设标识信息生成目标DID账号;A second generating unit, configured to generate a target DID account based on the target contract address and preset identification information;

第一处理单元,用于将所述目标DID账号保存在所述账号系统合约中,并向所述目标用户发送所述目标DID账号,以使所述目标用户对应的控制者获取所述目标DID账号的控制权限。The first processing unit is used to save the target DID account in the account system contract, and send the target DID account to the target user, so that the controller corresponding to the target user obtains the target DID Account control permissions.

在一些实施例中,该装置还包括:In some embodiments, the apparatus further includes:

创建单元,用于在所述账号系统合约中创建DID账号合约;A creation unit for creating a DID account contract in the account system contract;

第三生成单元,用于将所述第一控制者属性信息写入所述DID账号合约中,并基于所述第一控制者属性信息生成所述DID账号合约对应的目标合约地址。A third generating unit, configured to write the first controller attribute information into the DID account contract, and generate a target contract address corresponding to the DID account contract based on the first controller attribute information.

在一些实施例中,该装置还包括:In some embodiments, the apparatus further includes:

第四生成单元,用于将所述DID前缀、所述DID方法标识以及所述目标合约地址依次拼接,生成目标DID账号。The fourth generating unit is used for splicing the DID prefix, the DID method identifier and the target contract address in sequence to generate a target DID account.

在一些实施例中,该装置还包括:In some embodiments, the apparatus further includes:

第二接收子单元,用于接收所述目标用户的多个候选控制者中的发起控制者对待添加控制者的添加请求,其中,所述添加请求中携带有所述目标用户的目标DID账号以及待添加控制者的第二控制者属性信息,所述第二控制者属性信息包括待添加控制者的第二公钥信息以及待添加控制者的第二控制者地址;The second receiving subunit is configured to receive an adding request of a controller to be added from among the multiple candidate controllers of the target user, wherein the adding request carries the target DID account of the target user and second controller attribute information of the controller to be added, the second controller attribute information includes the second public key information of the controller to be added and the address of the second controller of the controller to be added;

添加单元,用于基于所述目标DID账号、以及所述第二控制者属性信息,将所述待添加控制者添加为所述目标DID账号的目标控制者,其中,所述目标控制者具有所述目标DID账号的控制权限。The adding unit is configured to add the controller to be added as the target controller of the target DID account based on the target DID account and the attribute information of the second controller, wherein the target controller has all Describe the control authority of the target DID account.

在一些实施例中,该装置还包括:In some embodiments, the apparatus further includes:

第二处理单元,用于将所述第二控制者属性信息保存至所述目标DID账号对应的DID账号合约中,以将所述待添加控制者添加为所述目标DID账号的目标控制者。The second processing unit is configured to save the attribute information of the second controller into the DID account contract corresponding to the target DID account, so as to add the controller to be added as the target controller of the target DID account.

在一些实施例中,该装置还包括:In some embodiments, the apparatus further includes:

判断单元,用于判断所述发起控制者是否为所述目标DID账号的控制者;a judging unit for judging whether the initiating controller is the controller of the target DID account;

第三处理单元,用于:A third processing unit for:

若是,将所述第二控制者属性信息保存至所述目标DID账号对应的DID账号合约中;If so, save the attribute information of the second controller into the DID account contract corresponding to the target DID account;

若否,则不将所述待添加控制者添加为所述DID账号的控制者。If not, the controller to be added is not added as the controller of the DID account.

在一些实施例中,该装置还包括:In some embodiments, the apparatus further includes:

第三接收子单元,用于接收所述目标用户的多个候选控制者中的发起控制者对待删除控制者的删除请求,其中,所述删除请求中携带有所述发起控制者对应的目标DID账号以及待删除控制者的控制者地址;The third receiving subunit is configured to receive a deletion request of the controller to be deleted from the initiating controller among the multiple candidate controllers of the target user, wherein the deletion request carries the target DID corresponding to the initiating controller Account number and the controller address of the controller to be deleted;

删除单元,用于将所述待删除控制者的控制者地址从所述目标DID账号对应的DID账号合约中删除,以解除所述待删除控制者对所述DID账号的控制权限。A deletion unit, configured to delete the controller address of the controller to be deleted from the DID account contract corresponding to the target DID account, so as to release the control authority of the controller to be deleted on the DID account.

在一些实施例中,该装置还包括:In some embodiments, the apparatus further includes:

第四接收子单元,用于接收所述目标用户发送的DID账号统计请求;The fourth receiving subunit is used to receive the DID account statistics request sent by the target user;

统计单元,用于基于所述DID账号统计请求,通过所述区块链网络已部署的账号系统合约统计所有DID账号的账号数量;A statistical unit, configured to count the number of accounts of all DID accounts through the deployed account system contract of the blockchain network based on the DID account statistics request;

返回单元,用于向所述目标用户返回所述账号数量。The returning unit is configured to return the account number to the target user.

相应的,本申请实施例还提供了一种计算机设备,包括处理器、存储器及存储在所述存储器上并能够在所述处理器上运行的计算机程序,所述计算机程序被所述处理器执行时实现如上所述的区块链账户的验证方法任一项的步骤。Correspondingly, an embodiment of the present application further provides a computer device, including a processor, a memory, and a computer program stored on the memory and capable of running on the processor, where the computer program is executed by the processor When implementing any of the steps of the verification method for the blockchain account as described above.

此外,本申请实施例还提供一种计算机可读存储介质,所述计算机可读存储介质上存储计算机程序,所述计算机程序被处理器执行时实现如上所述的区块链账户的验证方法任一项的步骤。In addition, the embodiments of the present application also provide a computer-readable storage medium, where a computer program is stored on the computer-readable storage medium, and when the computer program is executed by a processor, any method for verifying a blockchain account as described above is implemented. a step.

本申请实施例提供一种区块链账户的验证方法、装置、计算机设备及存储介质,接收目标用户对应的待验证控制者发起的交易请求;获取所述目标DID账号对应的DID账号合约中多个账号控制者的控制者公钥信息,得到多个控制者公钥信息;基于所述待验证控制者的签名信息和所述待验证控制者的私钥信息确定待验证控制者的待验证公钥信息;从所述多个控制者公钥中查找是否存与所述待验证公钥信息匹配的控制者公钥信息,确定验证结果;若验证结果为验证成功,则确定交易有效,基于所述交易体在区块链网络中进行交易。本申请实施例通过将DID合约作为底层系统合约,用户将DID合约账号作为底层区块链账号,能够实现重置私钥,解决私钥丢失的问题,提高区块链的可靠性。The embodiments of the present application provide a method, device, computer equipment and storage medium for verifying a blockchain account, receive a transaction request initiated by a controller to be verified corresponding to a target user; obtain the DID account contract corresponding to the target DID account. The controller public key information of each account controller is obtained, and multiple controller public key information is obtained; based on the signature information of the controller to be verified and the private key information of the controller to be verified, the public key information of the controller to be verified is determined. key information; find out whether there is controller public key information that matches the public key information to be verified from the plurality of controller public keys, and determine the verification result; if the verification result is successful, the transaction is determined to be valid. The transaction body conducts transactions in the blockchain network. By using the DID contract as the underlying system contract and the user using the DID contract account as the underlying blockchain account in the embodiment of this application, the private key can be reset, the problem of private key loss can be solved, and the reliability of the blockchain can be improved.

附图说明Description of drawings

为了更清楚地说明本申请实施例中的技术方案,下面将对实施例描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本申请的一些实施例,对于本领域技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。In order to illustrate the technical solutions in the embodiments of the present application more clearly, the following briefly introduces the drawings that are used in the description of the embodiments. Obviously, the drawings in the following description are only some embodiments of the present application. For those skilled in the art, other drawings can also be obtained from these drawings without creative effort.

图1是本申请实施例提供的分布式身份标识及可验证声明模型的流程示意图。FIG. 1 is a schematic flowchart of a distributed identity identification and verifiable claim model provided by an embodiment of the present application.

图2是本申请实施例提供的区块链账户的验证方法的一种流程示意图。FIG. 2 is a schematic flowchart of a method for verifying a blockchain account provided by an embodiment of the present application.

图3是本申请实施例提供的区块链账户的验证方法的一种场景示意图。FIG. 3 is a schematic diagram of a scenario of a method for verifying a blockchain account provided by an embodiment of the present application.

图4是本申请实施例提供的区块链账户的验证装置的结构示意图。FIG. 4 is a schematic structural diagram of a verification device for a blockchain account provided by an embodiment of the present application.

图5是本申请实施例提供的计算机设备的结构示意图。FIG. 5 is a schematic structural diagram of a computer device provided by an embodiment of the present application.

具体实施方式Detailed ways

下面将结合本申请实施例中的附图,对本申请实施例中的技术方案进行清楚、完整地描述。显然,所描述的实施例仅仅是本申请一部分实施例,而不是全部的实施例。基于本申请中的实施例,本领域技术人员在没有作出创造性劳动前提下所获得的所有其他实施例,都属于本申请保护的范围。The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present application. Obviously, the described embodiments are only a part of the embodiments of the present application, but not all of the embodiments. Based on the embodiments in the present application, all other embodiments obtained by those skilled in the art without creative work fall within the protection scope of the present application.

现有技术中,用户首先需要在平台上进行账户注册,首先,用户生成一对公钥和私钥,并根据公钥生成对应的地址账户,用户提交地址账户发起账户注册流程,区块链系统会自动生成一个随机账户,并和公钥对应的地址账户绑定,存储在区块链上。在账户注册流程中,私钥生成在链下完成,并由用户自己保管,注册过程只会将公钥上链,当用户私钥丢失时,用户无法找回自身的区块链账号,从而会丢失当前账户下的所有权益,从而导致区块链使用时的可靠性低。In the prior art, the user first needs to perform account registration on the platform. First, the user generates a pair of public key and private key, and generates a corresponding address account according to the public key, and the user submits the address account to initiate the account registration process. The blockchain system A random account will be automatically generated, bound to the address account corresponding to the public key, and stored on the blockchain. In the account registration process, the private key is generated off-chain and kept by the user himself. During the registration process, only the public key will be uploaded to the chain. When the user's private key is lost, the user cannot retrieve his own blockchain account. Lose all the rights and interests under the current account, resulting in low reliability when using the blockchain.

基于此,本申请实施例提供一种区块链账户的验证方法、装置、计算机设备及存储介质。具体地,本申请实施例提供适用于区块链账户的验证装置的区块链账户的验证方法,该区块链账户的验证装置可以集成在计算机设备中,本申请实施例的区块链账户的验证方法可以由计算机设备执行。其中,该计算机设备可以为终端或者服务器等设备。该终端可以为智能手机、平板电脑、笔记本电脑、触控屏幕、游戏机、个人计算机(PC,PersonalComputer)、个人数字助理(Personal Digital Assistant,PDA)等终端设备。该服务器可以是独立的物理服务器,也可以是多个物理服务器构成的服务器集群或者分布式系统,还可以是提供云服务、云数据库、云计算、云函数、云存储、网络服务、云通信、中间件服务、域名服务、安全服务、CDN、以及大数据和人工智能平台等基础云计算服务的云服务器,但并不局限于此。Based on this, embodiments of the present application provide a method, device, computer device, and storage medium for verifying a blockchain account. Specifically, the embodiments of the present application provide a method for verifying a blockchain account that is suitable for a verification device for a blockchain account. The verification device for a blockchain account can be integrated in computer equipment. The blockchain account in the embodiments of the present application The verification method can be performed by a computer device. Wherein, the computer device may be a terminal or a server and other devices. The terminal may be a smart phone, a tablet computer, a notebook computer, a touch screen, a game console, a personal computer (PC, Personal Computer), a personal digital assistant (Personal Digital Assistant, PDA) and other terminal devices. The server can be an independent physical server, a server cluster or a distributed system composed of multiple physical servers, or a cloud service, cloud database, cloud computing, cloud function, cloud storage, network service, cloud communication, Cloud servers for basic cloud computing services such as middleware services, domain name services, security services, CDN, and big data and artificial intelligence platforms, but not limited to this.

请参阅图1,图1为本申请实施例提供的分布式身份标识及可验证声明(Verifiable Credential,VC)模型的流程示意图。在本申请实施例所提供的分布式身份标识及可验证声明(Verifiable Credential,VC)模型中,包含有3种参与者:持有者、发行者和验证者。其中,持有者可以进行分布式身份标识注册、以及查询分布式身份标识,还可以通过注册分布式身份标识并成为发行者。持有者用户可以申请可验证声明,并将申请发送至发行者,发行者可以验证持有者的分布式身份标识后确定是否发行可验证声明。持有者用户向验证者提供可验证声明,验证者可以验证用户、发行者或签名信息等是否合法,验证者也可能调用发行者检查可验证声明的状态。Please refer to FIG. 1. FIG. 1 is a schematic flowchart of a distributed identity identification and a Verifiable Credential (VC) model provided by an embodiment of the present application. In the distributed identity and Verifiable Credential (VC) model provided by the embodiments of the present application, there are three types of participants: holder, issuer and verifier. Among them, the holder can register the distributed identity, and query the distributed identity, and can also become the issuer by registering the distributed identity. The holder user can apply for a verifiable claim and send the application to the issuer, and the issuer can verify the holder's distributed identity to determine whether to issue a verifiable claim. The holder user provides the verifiable statement to the verifier, and the verifier can verify whether the user, issuer or signature information is legal, and the verifier may also call the issuer to check the status of the verifiable statement.

具体的,可验证声明(Verifiable Credential)是提供了一种规范来描述实体所具有的某些属性,实现基于证据的信任。DID持有者,可以通过可验证声明,向其他实体(个人、组织、具体事物等)证明自己的某些属性是可信的。同时,结合数字签名和零知识证明等密码学技术,可以使得声明更加安全可信,并进一步保障用户隐私不被侵犯。Specifically, Verifiable Credential provides a specification to describe certain attributes of an entity and realizes evidence-based trust. DID holders can prove to other entities (individuals, organizations, specific things, etc.) that certain attributes of themselves are credible through verifiable claims. At the same time, combined with cryptographic technologies such as digital signatures and zero-knowledge proofs, the statement can be made more secure and credible, and user privacy can be further protected from being violated.

其中,本申请实施例可应用于可验证声明(VC)的可验证系统中,在可验证声明系统中,包括3种参与者:发行者(Issuer),拥有用户数据并能开具可验证声明的实体,如政府、银行、大学等机构和组织;持有者(Holder),持有者即用户,用户向发行者请求、收到以及持有可验证声明的实体,向验证者出示可验证声明,开具的可验证声明可以自我保存,方便以后再次使用,例如保存在钱包里,用户也可能将一个或多个VC转让给其他人;验证者(Verifier),接收可验证声明并进行验证,验证通过后,可以提供给出示可验证声明的用户某种类型的服务;标识符注册机构(Verifiable Data Registry),维护分布式身份标识(DID)的数据库,如某条区块链、分布式账本。在可验证声明系统中,验证者可以验证用户的可验证声明,也可以验证自签名后的可验证声明,也即可验证表述(VP),验证通过后,即可确定用户所持有的可验证声明的有效性。其中,发行者具有不同的类别,不同类别的发行者具有不同的权限级别。Among them, the embodiment of the present application can be applied to a verifiable claim (VC) verifiable system. In the verifiable claim system, there are three types of participants: an issuer (Issuer), which has user data and can issue a verifiable claim. Entity, such as government, bank, university and other institutions and organizations; Holder, the holder is the user, the entity that the user requests, receives and holds the verifiable statement from the issuer, and presents the verifiable statement to the verifier , the verifiable statement issued can be self-saved and used again later, for example, in the wallet, and the user may also transfer one or more VCs to others; verifier (Verifier), receive the verifiable statement and verify it, verify After passing, a certain type of service can be provided to users who present a verifiable claim; an identifier registry (Verifiable Data Registry) maintains a database of distributed identities (DIDs), such as a certain blockchain or a distributed ledger. In the verifiable claim system, the verifier can verify the user's verifiable claim, and can also verify the self-signed verifiable claim, that is, the verifiable representation (VP). Verify the validity of the claim. Among them, publishers have different categories, and different categories of publishers have different permission levels.

例如,以三级发行者架构为例,发行者可以分为根发行者、一级发行者以及普通发行者。根发行者可以直接增加一级发行者,并对一级发行者授权发行指定凭证,根发行者可以为联盟链内的联盟组织内的成员。一级发行者可直接增加普通发行者,并对普通发行者授权发行指定凭证,一级发行者可以为权威机构、权威协会、权威组织、联盟等各类广义上的一级机构(如教育局、公共区块链平台、工商机构、银监会、政府组织、通用一级机构等)。网络实体在经过一级发行者授权后,可以成为普通发行者,普通发行者具备发行指定凭证的权限,普通发行者可以为各类机构/协会/组织/联盟下属分支,如公司(工商认证机构)、各类大学(教育局颁发)、各类普通发行者(门票发行者)等。For example, taking the three-level issuer structure as an example, issuers can be divided into root issuers, first-level issuers, and common issuers. The root issuer can directly add a first-level issuer, and authorize the first-level issuer to issue specified certificates. The root issuer can be a member of the alliance organization in the alliance chain. The first-level issuer can directly add common issuers, and authorize the common issuers to issue designated certificates. , public blockchain platforms, industrial and commercial institutions, China Banking Regulatory Commission, government organizations, general first-level institutions, etc.). After being authorized by the first-level issuer, a network entity can become a common issuer. Common issuers have the authority to issue designated certificates. Common issuers can be subordinate branches of various institutions/associations/organizations/alliances, such as companies (industrial and commercial certification bodies). ), various universities (issued by the Education Bureau), various general issuers (ticket issuers), etc.

在本申请实施例中,分布式数字身份不止是人,还包括组织,甚至未来也包括物品。这些人或者组织、物品不简单依靠于原先中心化权威机构,无法被拿走或者删除,而且是终身携带的身份。本申请实施例中提到的分布式身份标识(DecentralizedIdentifiers,DID),是一种去中心化的可验证的数字标识符,具有分布式、自主可控、跨链复用等特点。实体可自主完成DID的注册、解析、更新或者撤销操作。DID具体解析为DIDDocument,DID Document包括DID的唯一标识码,公钥列表和公钥的详细信息(持有者、加密算法、密钥状态等),以及DID持有者的其他属性描述。In the embodiments of the present application, the distributed digital identities are not only people, but also organizations, and even objects in the future. These people, organizations, and items do not simply rely on the original centralized authority, and cannot be taken or deleted, but are identities that they carry for life. The distributed identities (Decentralized Identifiers, DID) mentioned in the embodiments of this application are decentralized and verifiable digital identifiers, and have the characteristics of being distributed, autonomously controllable, and reusable across chains. The entity can independently complete the registration, resolution, update or revocation of DID. DID is specifically parsed into DIDDocument. DID Document includes the unique identification code of DID, the public key list and the detailed information of the public key (holder, encryption algorithm, key state, etc.), and other attribute descriptions of the DID holder.

本申请实施例提供一种区块链账户的验证方法、装置、计算机设备及存储介质,以下分别进行详细说明。需说明的是,以下实施例的描述顺序不作为对实施例优选顺序的限定。The embodiments of the present application provide a method, device, computer equipment, and storage medium for verifying a blockchain account, which will be described in detail below. It should be noted that the description order of the following embodiments is not intended to limit the preferred order of the embodiments.

本申请实施例提供一种区块链账户的验证方法,本申请实施例将从区块链账户的验证装置的角度进行描述,该区块链账户的验证装置具体可以集成在计算机设备中。The embodiments of the present application provide a method for verifying a blockchain account. The embodiments of the present application will be described from the perspective of a verification device for a blockchain account. The verification device for a blockchain account may specifically be integrated in a computer device.

请一并参阅图2和图3,图2为本申请实施例提供的区块链账户的验证方法的一种流程示意图,具体流程可以如下步骤101至步骤105:Please refer to FIG. 2 and FIG. 3 together. FIG. 2 is a schematic flowchart of a method for verifying a blockchain account provided by an embodiment of the present application. The specific process may be as follows from step 101 to step 105:

101、接收目标用户对应的待验证控制者发起的交易请求,其中,所述交易请求中携带有交易体,所述交易体包括交易数据、目标DID账号、待验证控制者的签名信息以及待验证控制者的私钥信息。101. Receive a transaction request initiated by the controller to be verified corresponding to the target user, wherein the transaction request carries a transaction body, and the transaction body includes transaction data, the target DID account number, the signature information of the controller to be verified, and the signature information of the controller to be verified. The controller's private key information.

其中,交易数据可以为交易原始数据,目标DID账号可以为用户的DID(例如:did:future:0x8688f14154d2ab5E05229a7C3FB2393d02e68E06)。签名信息可以由签名算法计算得到。可选的,本申请实施例提供的签名算法可以是椭圆曲线签名算法(Secp256k1签名算法)。The transaction data may be the original transaction data, and the target DID account may be the user's DID (for example: did:future:0x8688f14154d2ab5E05229a7C3FB2393d02e68E06). The signature information can be calculated by the signature algorithm. Optionally, the signature algorithm provided in this embodiment of the present application may be an elliptic curve signature algorithm (Secp256k1 signature algorithm).

具体的,在进行DID账号注册前,可以在区块链底层部署支持DID账号控制器合约的账户系统合约,该账号系统合约的核心功能包括:DID账号创建、新增某个DID控制者、删除某个DID控制者、查询某个DID账号的所有控制者、查询DID的账号数量,以及其他DID账号需要有的功能,比如变更服务、变更授权等。其中,DID账号控制器合约的参考代码示例如下:Specifically, before registering a DID account, an account system contract that supports the DID account controller contract can be deployed at the bottom of the blockchain. The core functions of the account system contract include: DID account creation, adding a DID controller, deleting A DID controller, query all controllers of a DID account, query the number of DID accounts, and other functions that DID accounts need, such as changing services, changing authorization, etc. Among them, the reference code example of the DID account controller contract is as follows:

Figure BDA0003575796350000081
Figure BDA0003575796350000081

Figure BDA0003575796350000091
Figure BDA0003575796350000091

Figure BDA0003575796350000101
Figure BDA0003575796350000101

进一步的,DID账号合约的参考代码示例如下:Further, the reference code example of the DID account contract is as follows:

Figure BDA0003575796350000102
Figure BDA0003575796350000102

Figure BDA0003575796350000111
Figure BDA0003575796350000111

在一实施例中,在步骤“接收目标用户对应的待验证控制者发起的交易请求”之前,方法可以包括:In one embodiment, before the step "receive the transaction request initiated by the controller to be verified corresponding to the target user", the method may include:

接收所述目标用户对应的第一控制者发送的账号注册请求,所述账号注册请求携带有第一控制者属性信息,所述第一控制者属性信息包括第一控制者的第一私钥信息、第一控制者的第一公钥信息以及第一控制者的第一控制者地址;Receive an account registration request sent by the first controller corresponding to the target user, where the account registration request carries attribute information of the first controller, and the attribute information of the first controller includes the first private key information of the first controller , the first public key information of the first controller, and the first controller address of the first controller;

基于所述第一控制者属性信息,在所述区块链网络已部署的账号系统合约中生成目标合约地址,其中,所述账号系统合约用于管理DID账号;Based on the attribute information of the first controller, a target contract address is generated in the account system contract deployed by the blockchain network, wherein the account system contract is used to manage the DID account;

基于所述目标合约地址和预设标识信息生成目标DID账号;Generate a target DID account based on the target contract address and preset identification information;

将所述目标DID账号保存在所述账号系统合约中,并向所述目标用户发送所述目标DID账号,以使所述目标用户对应的控制者获取所述目标DID账号的控制权限。The target DID account is saved in the account system contract, and the target DID account is sent to the target user, so that the controller corresponding to the target user obtains the control authority of the target DID account.

例如,用户可以链下生成一个初始私钥,并使用该私钥在区块链上发起账号创建交易,以创建一个DID合约账号(创建账号的交易和现有的以太坊交易格式一致),其中,区块链将创建合约账号即可作为用户的DID账号。例如:初始私钥可以为:For example, a user can generate an initial private key off-chain, and use the private key to initiate an account creation transaction on the blockchain to create a DID contract account (the account creation transaction is in the same format as the existing Ethereum transaction), where , the blockchain will create a contract account that can be used as the user's DID account. For example: the initial private key can be:

4c0883a69102937d6231471b5dbb6204fe5129617082792ae468d01a3f362318;4c0883a69102937d6231471b5dbb6204fe5129617082792ae468d01a3f362318;

公钥可以为:The public key can be:

(4e3b81af9c2234cad09d679ce6035ed1392347ce64ce405f5dcd36228a25de6e47fd35c4215d1edf53e6f83de344615ce719bdb0fd878f6ed76f06dd277956de);(4e3b81af9c2234cad09d679ce6035ed1392347ce64ce405f5dcd36228a25de6e47fd35c4215d1edf53e6f83de344615ce719bdb0fd878f6ed76f06dd277956de);

控制者地址可以为:The controller address can be:

0x2c7536e3605d9c16a7a3d7b1898e529396a65c23;0x2c7536e3605d9c16a7a3d7b1898e529396a65c23;

用户可以采用初始的私钥发起交易,输入默认控制者地址、默认控制者公钥、otherParams等其他DID相关参数,调用DID账号控制器合约创建DID账号。Users can initiate transactions with the initial private key, enter the default controller address, default controller public key, otherParams and other DID-related parameters, and call the DID account controller contract to create a DID account.

其中,用户侧创建DID账号的参考代码示例如下:Among them, the reference code example for creating a DID account on the user side is as follows:

Figure BDA0003575796350000121
Figure BDA0003575796350000121

其中,区块链网络创建DID账号的参考代码示例如下:Among them, the reference code example for creating a DID account by the blockchain network is as follows:

Figure BDA0003575796350000122
Figure BDA0003575796350000122

在一具体实施例中,步骤“基于所述第一控制者属性信息,在所述区块链网络已部署的账号系统合约中生成目标合约地址”,方法可以包括:In a specific embodiment, the step of "generating a target contract address in the account system contract deployed by the blockchain network based on the attribute information of the first controller", the method may include:

在所述账号系统合约中创建DID账号合约;Create a DID account contract in the account system contract;

将所述第一控制者属性信息写入所述DID账号合约中,并基于所述第一控制者属性信息生成所述DID账号合约对应的目标合约地址。Write the first controller attribute information into the DID account contract, and generate a target contract address corresponding to the DID account contract based on the first controller attribute information.

具体的,预设标识信息可以包括DID前缀和DID方法标识。步骤“基于所述目标合约地址和预设标识信息生成目标DID账号”,方法可以包括:Specifically, the preset identification information may include a DID prefix and a DID method identification. The step "generate a target DID account number based on the target contract address and preset identification information", the method may include:

将所述DID前缀、所述DID方法标识以及所述目标合约地址依次拼接,生成目标DID账号。The DID prefix, the DID method identifier and the target contract address are sequentially spliced to generate a target DID account.

其中,DID前缀是固定的,表示这个字符串是一个DID标识字符串;DID方法标识代表DID方法,用于表示这个DID标识是用什么方法进行定义和操作的。Among them, the DID prefix is fixed, indicating that the string is a DID identification string; the DID method identification represents the DID method, which is used to indicate the method by which the DID identification is defined and operated.

例如,DidAccount合约地址可以为:For example, the DidAccount contract address can be:

0x8688f14154d2ab5E05229a7C3FB2393d02e68E060x8688f14154d2ab5E05229a7C3FB2393d02e68E06

最终did账号则为:The final did account is:

did:future:0x8688f14154d2ab5E05229a7C3FB2393d02e68E06。did:future:0x8688f14154d2ab5E05229a7C3FB2393d02e68E06.

可选的,在创建DID账号后,可以向用户发送DID变更事件,返回用户did账号、控制者公钥、创建时间等信息。Optionally, after the DID account is created, a DID change event may be sent to the user, and information such as the user's did account, the controller's public key, and the creation time may be returned.

在一实施例中,在步骤“将所述目标DID账号保存在所述账号系统合约中,并向所述目标用户发送所述目标DID账号”之后,方法可以包括:In one embodiment, after the step "save the target DID account number in the account system contract, and send the target DID account number to the target user", the method may include:

接收所述目标用户的多个候选控制者中的发起控制者对待添加控制者的添加请求,其中,所述添加请求中携带有所述目标用户的目标DID账号以及待添加控制者的第二控制者属性信息,所述第二控制者属性信息包括待添加控制者的第二公钥信息以及待添加控制者的第二控制者地址;Receive an addition request of the controller to be added from among the multiple candidate controllers of the target user, wherein the addition request carries the target DID account of the target user and the second control of the controller to be added. attribute information of the controller, the attribute information of the second controller includes the second public key information of the controller to be added and the address of the second controller of the controller to be added;

基于所述目标DID账号、以及所述第二控制者属性信息,将所述待添加控制者添加为所述目标DID账号的目标控制者,其中,所述目标控制者具有所述目标DID账号的控制权限。Based on the target DID account and the attribute information of the second controller, the controller to be added is added as the target controller of the target DID account, wherein the target controller has the property of the target DID account Control permissions.

具体的,步骤“基于所述目标DID账号、以及所述第二控制者属性信息,将所述待添加控制者添加为所述目标DID账号的目标控制者”,方法可以包括:Specifically, the step of "adding the controller to be added as the target controller of the target DID account based on the target DID account and the attribute information of the second controller", the method may include:

将所述第二控制者属性信息保存至所述目标DID账号对应的DID账号合约中,以将所述待添加控制者添加为所述目标DID账号的目标控制者。The attribute information of the second controller is saved in the DID account contract corresponding to the target DID account, so that the controller to be added is added as the target controller of the target DID account.

进一步的,在步骤“将所述第二控制者属性信息保存至所述目标DID账号对应的DID账号合约中”之前,方法可以包括:Further, before the step "save the attribute information of the second controller in the DID account contract corresponding to the target DID account", the method may include:

判断所述发起控制者是否为所述目标DID账号的控制者;Determine whether the initiating controller is the controller of the target DID account;

若是,则将所述第二控制者属性信息保存至所述目标DID账号对应的DID账号合约中;If so, save the attribute information of the second controller into the DID account contract corresponding to the target DID account;

若否,则不将所述待添加控制者添加为所述DID账号的控制者。If not, the controller to be added is not added as the controller of the DID account.

其中,用户侧新增DID账号的控制者的参考代码示例如下:Among them, the reference code example of the controller of the newly added DID account on the user side is as follows:

//某个did账号新增控制者//Add a controller to a did account

//did目标did;newController新控制者地址;newControllerPublicKey新控制者公钥//did target did; newController new controller address; newControllerPublicKey new controller public key

function addController(string did,address newController,stringnewControllerPublicKey)public{function addController(string did,address newController,stringnewControllerPublicKey)public{

DIDAccount(did).addController(did);DIDAccount(did).addController(did);

}}

其中,区块链网络新增DID账号的控制者的参考代码示例如下:Among them, the reference code example of the controller of the newly added DID account in the blockchain network is as follows:

Figure BDA0003575796350000141
Figure BDA0003575796350000141

为了管理DID账号对应的控制者,在步骤“基于所述目标DID账号、以及所述第二控制者属性信息,将所述待添加控制者添加为所述目标DID账号的目标控制者”之后,方法可以包括:In order to manage the controller corresponding to the DID account, after the step "add the controller to be added as the target controller of the target DID account based on the target DID account and the attribute information of the second controller", Methods can include:

接收所述目标用户的多个候选控制者中的发起控制者对待删除控制者的删除请求,其中,所述删除请求中携带有所述发起控制者对应的目标DID账号以及待删除控制者的控制者地址;Receive the deletion request of the controller to be deleted from the initiating controller among the multiple candidate controllers of the target user, wherein the deletion request carries the target DID account corresponding to the initiating controller and the control of the controller to be deleted. address;

将所述待删除控制者的控制者地址从所述目标DID账号对应的DID账号合约中删除,以解除所述待删除控制者对所述DID账号的控制权限。The controller address of the controller to be deleted is deleted from the DID account contract corresponding to the target DID account, so as to release the control authority of the controller to be deleted on the DID account.

其中,用户侧删除DID账号的控制者的参考代码示例如下:Among them, the reference code example for deleting the controller of the DID account on the user side is as follows:

//某个did账号删除控制者//Delete the controller for a did account

//did目标did;controller控制者地址//did target did; controller controller address

function delController(string did,address controller)public{function delController(string did,address controller)public{

DIDAccount(did).delController(did);DIDAccount(did).delController(did);

}}

其中,区块链删除DID账号的控制者的参考代码示例如下:Among them, the reference code example for the controller of the blockchain to delete the DID account is as follows:

Figure BDA0003575796350000151
Figure BDA0003575796350000151

为了统计区块链网络中的账户数目,方法可以包括:To count the number of accounts in the blockchain network, methods can include:

接收所述目标用户发送的DID账号统计请求;Receive the DID account statistics request sent by the target user;

基于所述DID账号统计请求,通过所述区块链网络已部署的账号系统合约统计所有DID账号的账号数量;Based on the DID account statistics request, count the number of accounts of all DID accounts through the account system contract deployed by the blockchain network;

向所述目标用户返回所述账号数量。Return the account number to the target user.

其中,区块链查询所有DID账号的参考代码示例如下:Among them, the reference code example for the blockchain to query all DID accounts is as follows:

Figure BDA0003575796350000152
Figure BDA0003575796350000152

102、获取所述目标DID账号对应的DID账号合约中多个账号控制者的控制者公钥信息,得到多个控制者公钥信息。102. Obtain controller public key information of multiple account controllers in the DID account contract corresponding to the target DID account, and obtain multiple controller public key information.

103、基于所述待验证控制者的签名信息和所述待验证控制者的私钥信息确定待验证控制者的待验证公钥信息。103. Determine the public key information to be verified of the controller to be verified based on the signature information of the controller to be verified and the private key information of the controller to be verified.

104、从所述多个控制者公钥中查找是否存与所述待验证公钥信息匹配的控制者公钥信息,确定验证结果。104. Find out whether there is controller public key information matching the public key information to be verified from the plurality of controller public keys, and determine a verification result.

105、若验证结果为验证成功,则确定交易有效,基于所述交易体在区块链网络中进行交易。105. If the verification result is that the verification is successful, it is determined that the transaction is valid, and the transaction is performed in the blockchain network based on the transaction body.

综上所述,本申请实施例提供一种区块链账户的验证方法,通过接收目标用户对应的待验证控制者发起的交易请求;获取所述目标DID账号对应的DID账号合约中多个账号控制者的控制者公钥信息,得到多个控制者公钥信息;基于所述待验证控制者的签名信息和所述待验证控制者的私钥信息确定待验证控制者的待验证公钥信息;从所述多个控制者公钥中查找是否存与所述待验证公钥信息匹配的控制者公钥信息,确定验证结果;若验证结果为验证成功,则确定交易有效,基于所述交易体在区块链网络中进行交易。本申请实施例可以通过将DID合约作为底层系统合约,用户将DID合约账号作为底层区块链账号,能够实现重置私钥,解决私钥丢失的问题,提高区块链的可靠性。To sum up, the embodiments of the present application provide a method for verifying a blockchain account, by receiving a transaction request initiated by a controller to be verified corresponding to a target user; obtaining multiple accounts in the DID account contract corresponding to the target DID account The controller public key information of the controller is obtained, and multiple controller public key information is obtained; based on the signature information of the controller to be verified and the private key information of the controller to be verified, the public key information to be verified of the controller to be verified is determined ; Find out whether there is controller public key information matching the public key information to be verified from the plurality of controller public keys, and determine the verification result; if the verification result is that the verification is successful, then determine that the transaction is valid, based on the transaction The entity conducts transactions in the blockchain network. In the embodiment of the present application, by using the DID contract as the underlying system contract and the user using the DID contract account as the underlying blockchain account, the private key can be reset, the problem of private key loss can be solved, and the reliability of the blockchain can be improved.

根据上述介绍的内容,下面将举例来进一步说明本申请的区块链账户的验证方法。请参阅图3,本申请再一实施例提供的区块链账户的验证方法,具体方法如下所述:According to the above-mentioned content, the following examples will be used to further illustrate the verification method of the blockchain account of the present application. Referring to FIG. 3, a verification method for a blockchain account provided by another embodiment of the present application, the specific method is as follows:

(1)通过在区块链底层部署一个DID账号系统合约,该DID账号系统合约包括创建DID账号、重置DID账号私钥、DID账号查询、统计账号数等功能。(1) By deploying a DID account system contract at the bottom of the blockchain, the DID account system contract includes functions such as creating a DID account, resetting the private key of the DID account, querying the DID account, and counting the number of accounts.

(2)用户可以在链下生成一个初始私钥,并使用该私钥向区块链上发起创建一个DID合约账号的交易,区块链将根据该交易创建一个合约账号即用户DID账号。具体的,向DID账号系统合约写入默认控制者地址、默认控制者公钥、otherParams其他DID相关参数(服务等),调用DID账号控制器合约创建DID账号。(2) The user can generate an initial private key off-chain, and use the private key to initiate a transaction to create a DID contract account on the blockchain, and the blockchain will create a contract account based on the transaction, that is, the user's DID account. Specifically, write the default controller address, default controller public key, otherParams and other DID-related parameters (services, etc.) into the DID account system contract, and call the DID account controller contract to create a DID account.

(3)用户可对该DID账号,设置一到多个控制者(其中每个控制者有一把对应的私钥),每个控制者均可控制该DID账号,因此用户不用担心私钥丢失,均可通过重置控制者解决问题。(3) The user can set one or more controllers for the DID account (each controller has a corresponding private key), and each controller can control the DID account, so the user does not need to worry about the loss of the private key, Either can be resolved by resetting the controller.

(4)另外,用户发起区块链交易的时候,可以在原先交易体末尾添加DID账号地址,通过采用DID账号中的其中一个控制者的私钥对交易体进行签名,即可发送交易到区块链;区块链接收交易入队前,首先从交易体末尾获取DID账号,并通过DID账号地址查询合约中的控制者公钥;同时恢复出交易体签名者的公钥,区块链验证交易体的签名;区块链同时验证交易的控制者公钥是否是DID账号的其中一个控制者,若是则交易真实有效,可入队进行交易。(4) In addition, when a user initiates a blockchain transaction, the DID account address can be added at the end of the original transaction body, and the transaction can be sent to the blockchain by signing the transaction body with the private key of one of the controllers in the DID account. Blockchain: Before the blockchain receives the transaction and enters the queue, it first obtains the DID account from the end of the transaction body, and queries the public key of the controller in the contract through the DID account address; at the same time, the public key of the signer of the transaction body is recovered, and the blockchain verifies The signature of the transaction body; the blockchain also verifies whether the public key of the controller of the transaction is one of the controllers of the DID account.

(5)区块链还可以通过DID账号系统合约统计出区块链账号的具体注册用户数。具体的,区块链可以查询did的账号数量,从而统计出区块链账号的具体注册用户数。(5) The blockchain can also count the specific number of registered users of the blockchain account through the DID account system contract. Specifically, the blockchain can query the number of accounts of did, so as to count the specific number of registered users of the blockchain account.

为便于更好的实施本申请实施例提供的区块链账户的验证方法,本申请实施例还提供一种基于上述区块链账户的验证装置。其中名词的含义与上述区块链账户的验证方法中相同,具体实现细节可以参考方法实施例中的说明。In order to facilitate better implementation of the verification method for the blockchain account provided by the embodiment of the present application, the embodiment of the present application further provides a verification device based on the above-mentioned blockchain account. The meanings of the nouns are the same as those in the verification method of the blockchain account above, and the specific implementation details can refer to the description in the method embodiment.

请参阅图4,图4为本申请实施例提供的一种区块链账户的验证装置的结构示意图,该装置包括:Please refer to FIG. 4. FIG. 4 is a schematic structural diagram of a verification device for a blockchain account provided by an embodiment of the present application. The device includes:

接收单元201,用于接收目标用户对应的待验证控制者发起的交易请求,其中,所述交易请求中携带有交易体,所述交易体包括交易数据、目标DID账号、待验证控制者的签名信息以及待验证控制者的私钥信息;The receiving unit 201 is configured to receive a transaction request initiated by a controller to be verified corresponding to a target user, wherein the transaction request carries a transaction body, and the transaction body includes transaction data, the target DID account number, and the signature of the controller to be verified. information and the private key information of the controller to be verified;

获取单元202,用于获取所述目标DID账号对应的DID账号合约中多个账号控制者的控制者公钥信息,得到多个控制者公钥信息;The obtaining unit 202 is configured to obtain the controller public key information of multiple account controllers in the DID account contract corresponding to the target DID account, and obtain multiple controller public key information;

第一确定单元203,用于基于所述待验证控制者的签名信息和所述待验证控制者的私钥信息确定待验证控制者的待验证公钥信息;a first determining unit 203, configured to determine the public key information to be verified of the controller to be verified based on the signature information of the controller to be verified and the private key information of the controller to be verified;

第二确定单元204,用于从所述多个控制者公钥中查找是否存与所述待验证公钥信息匹配的控制者公钥信息,确定验证结果;The second determining unit 204 is configured to search from the plurality of controller public keys whether there is controller public key information matching the to-be-verified public key information, and determine the verification result;

第三确定单元205,用于若验证结果为验证成功,则确定交易有效,基于所述交易体在区块链网络中进行交易。The third determining unit 205 is configured to determine that the transaction is valid if the verification result is that the verification is successful, and conduct the transaction in the blockchain network based on the transaction body.

在一些实施例中,该装置还包括:In some embodiments, the apparatus further includes:

第一接收子单元,用于接收所述目标用户对应的第一控制者发送的账号注册请求,所述账号注册请求携带有第一控制者属性信息,所述第一控制者属性信息包括第一控制者的第一私钥信息、第一控制者的第一公钥信息以及第一控制者的第一控制者地址;The first receiving subunit is configured to receive an account registration request sent by a first controller corresponding to the target user, where the account registration request carries attribute information of the first controller, and the attribute information of the first controller includes the first The first private key information of the controller, the first public key information of the first controller, and the first controller address of the first controller;

第一生成单元,用于基于所述第一控制者属性信息,在所述区块链网络已部署的账号系统合约中生成目标合约地址,其中,所述账号系统合约用于管理DID账号;a first generating unit, configured to generate a target contract address in the account system contract deployed by the blockchain network based on the attribute information of the first controller, wherein the account system contract is used to manage the DID account;

第二生成单元,用于基于所述目标合约地址和预设标识信息生成目标DID账号;A second generating unit, configured to generate a target DID account based on the target contract address and preset identification information;

第一处理单元,用于将所述目标DID账号保存在所述账号系统合约中,并向所述目标用户发送所述目标DID账号,以使所述目标用户对应的控制者获取所述目标DID账号的控制权限。The first processing unit is used to save the target DID account in the account system contract, and send the target DID account to the target user, so that the controller corresponding to the target user obtains the target DID Account control permissions.

在一些实施例中,该装置还包括:In some embodiments, the apparatus further includes:

创建单元,用于在所述账号系统合约中创建DID账号合约;A creation unit for creating a DID account contract in the account system contract;

第三生成单元,用于将所述第一控制者属性信息写入所述DID账号合约中,并基于所述第一控制者属性信息生成所述DID账号合约对应的目标合约地址。A third generating unit, configured to write the first controller attribute information into the DID account contract, and generate a target contract address corresponding to the DID account contract based on the first controller attribute information.

在一些实施例中,该装置还包括:In some embodiments, the apparatus further includes:

第四生成单元,用于将所述DID前缀、所述DID方法标识以及所述目标合约地址依次拼接,生成目标DID账号。The fourth generating unit is used for splicing the DID prefix, the DID method identifier and the target contract address in sequence to generate a target DID account.

在一些实施例中,该装置还包括:In some embodiments, the apparatus further includes:

第二接收子单元,用于接收所述目标用户的多个候选控制者中的发起控制者对待添加控制者的添加请求,其中,所述添加请求中携带有所述目标用户的目标DID账号以及待添加控制者的第二控制者属性信息,所述第二控制者属性信息包括待添加控制者的第二公钥信息以及待添加控制者的第二控制者地址;The second receiving subunit is configured to receive an adding request of a controller to be added from among the multiple candidate controllers of the target user, wherein the adding request carries the target DID account of the target user and second controller attribute information of the controller to be added, the second controller attribute information includes the second public key information of the controller to be added and the address of the second controller of the controller to be added;

添加单元,用于基于所述目标DID账号、以及所述第二控制者属性信息,将所述待添加控制者添加为所述目标DID账号的目标控制者,其中,所述目标控制者具有所述目标DID账号的控制权限。The adding unit is configured to add the controller to be added as the target controller of the target DID account based on the target DID account and the attribute information of the second controller, wherein the target controller has all Describe the control authority of the target DID account.

在一些实施例中,该装置还包括:In some embodiments, the apparatus further includes:

第二处理单元,用于将所述第二控制者属性信息保存至所述目标DID账号对应的DID账号合约中,以将所述待添加控制者添加为所述目标DID账号的目标控制者。The second processing unit is configured to save the attribute information of the second controller into the DID account contract corresponding to the target DID account, so as to add the controller to be added as the target controller of the target DID account.

在一些实施例中,该装置还包括:In some embodiments, the apparatus further includes:

判断单元,用于判断所述发起控制者是否为所述目标DID账号的控制者;a judging unit for judging whether the initiating controller is the controller of the target DID account;

第三处理单元,用于:A third processing unit for:

若是,将所述第二控制者属性信息保存至所述目标DID账号对应的DID账号合约中;If so, save the attribute information of the second controller into the DID account contract corresponding to the target DID account;

若否,则不将所述待添加控制者添加为所述DID账号的控制者。If not, the controller to be added is not added as the controller of the DID account.

在一些实施例中,该装置还包括:In some embodiments, the apparatus further includes:

第三接收子单元,用于接收所述目标用户的多个候选控制者中的发起控制者对待删除控制者的删除请求,其中,所述删除请求中携带有所述发起控制者对应的目标DID账号以及待删除控制者的控制者地址;The third receiving subunit is configured to receive a deletion request of the controller to be deleted from the initiating controller among the multiple candidate controllers of the target user, wherein the deletion request carries the target DID corresponding to the initiating controller Account number and the controller address of the controller to be deleted;

删除单元,用于将所述待删除控制者的控制者地址从所述目标DID账号对应的DID账号合约中删除,以解除所述待删除控制者对所述DID账号的控制权限。A deletion unit, configured to delete the controller address of the controller to be deleted from the DID account contract corresponding to the target DID account, so as to release the control authority of the controller to be deleted on the DID account.

在一些实施例中,该装置还包括:In some embodiments, the apparatus further includes:

第四接收子单元,用于接收所述目标用户发送的DID账号统计请求;The fourth receiving subunit is used to receive the DID account statistics request sent by the target user;

统计单元,用于基于所述DID账号统计请求,通过所述区块链网络已部署的账号系统合约统计所有DID账号的账号数量;A statistical unit, configured to count the number of accounts of all DID accounts through the deployed account system contract of the blockchain network based on the DID account statistics request;

返回单元,用于向所述目标用户返回所述账号数量。The returning unit is configured to return the account number to the target user.

本申请实施例提供一种区块链账户的验证装置,通过接收单元201接收目标用户对应的待验证控制者发起的交易请求,其中,所述交易请求中携带有交易体,所述交易体包括交易数据、目标DID账号、待验证控制者的签名信息以及待验证控制者的私钥信息;获取单元202获取所述目标DID账号对应的DID账号合约中多个账号控制者的控制者公钥信息,得到多个控制者公钥信息;第一确定单元203基于所述待验证控制者的签名信息和所述待验证控制者的私钥信息确定待验证控制者的待验证公钥信息;第二确定单元204从所述多个控制者公钥中查找是否存与所述待验证公钥信息匹配的控制者公钥信息,确定验证结果;第三确定单元205若验证结果为验证成功,则确定交易有效,基于所述交易体在区块链网络中进行交易。本申请实施例可以通过将DID合约作为底层系统合约,用户将DID合约账号作为底层区块链账号,能够实现重置私钥,解决私钥丢失的问题,提高区块链的可靠性。The embodiment of the present application provides a verification device for a blockchain account. The receiving unit 201 receives a transaction request initiated by a controller to be verified corresponding to a target user, wherein the transaction request carries a transaction body, and the transaction body includes transaction data, target DID account number, signature information of the controller to be verified, and private key information of the controller to be verified; acquisition unit 202 acquires the controller public key information of multiple account controllers in the DID account contract corresponding to the target DID account , to obtain a plurality of controller public key information; the first determining unit 203 determines the to-be-verified public key information of the to-be-verified controller based on the to-be-verified controller's signature information and the to-be-verified controller's private key information; the second The determining unit 204 searches the plurality of controller public keys for whether there is controller public key information that matches the public key information to be verified, and determines the verification result; the third determining unit 205 determines if the verification result is that the verification is successful. The transaction is valid, and the transaction is carried out in the blockchain network based on the transaction body. In the embodiment of the present application, by using the DID contract as the underlying system contract and the user using the DID contract account as the underlying blockchain account, the private key can be reset, the problem of private key loss can be solved, and the reliability of the blockchain can be improved.

相应的,本申请实施例还提供一种计算机设备,该计算机设备可以为终端或者服务器,该终端可以为智能手机、平板电脑、笔记本电脑、触控屏幕、游戏机、个人计算机(PC,Personal Computer)、个人数字助理(Personal Digital Assistant,PDA)等终端设备。如图5所示,图5为本申请实施例提供的计算机设备的结构示意图。该计算机设备300包括有一个或者一个以上处理核心的处理器301、有一个或一个以上计算机可读存储介质的存储器302及存储在存储器302上并可在处理器上运行的计算机程序。其中,处理器301与存储器302电性连接。本领域技术人员可以理解,图中示出的计算机设备结构并不构成对计算机设备的限定,可以包括比图示更多或更少的部件,或者组合某些部件,或者不同的部件布置。Correspondingly, an embodiment of the present application further provides a computer device, where the computer device may be a terminal or a server, and the terminal may be a smart phone, a tablet computer, a notebook computer, a touch screen, a game console, a personal computer (PC, Personal Computer) ), personal digital assistant (Personal Digital Assistant, PDA) and other terminal equipment. As shown in FIG. 5 , FIG. 5 is a schematic structural diagram of a computer device provided by an embodiment of the present application. The computer device 300 includes a processor 301 having one or more processing cores, a memory 302 having one or more computer-readable storage media, and a computer program stored on the memory 302 and executable on the processor. The processor 301 is electrically connected to the memory 302 . Those skilled in the art can understand that the computer device structure shown in the figures does not constitute a limitation on the computer device, and may include more or less components than the one shown, or combine some components, or arrange different components.

处理器301是计算机设备300的控制中心,利用各种接口和线路连接整个计算机设备300的各个部分,通过运行或加载存储在存储器302内的软件程序和/或模块,以及调用存储在存储器302内的数据,执行计算机设备300的各种功能和处理数据,从而对计算机设备300进行整体监控。The processor 301 is the control center of the computer device 300, and uses various interfaces and lines to connect various parts of the entire computer device 300, by running or loading the software programs and/or modules stored in the memory 302, and calling the software programs and/or modules stored in the memory 302. to perform various functions of the computer device 300 and process data, so as to monitor the computer device 300 as a whole.

在本申请实施例中,计算机设备300中的处理器301会按照如下的步骤,将一个或一个以上的应用程序的进程对应的指令加载到存储器302中,并由处理器301来运行存储在存储器302中的应用程序,从而实现各种功能:In this embodiment of the present application, the processor 301 in the computer device 300 loads the instructions corresponding to the processes of one or more application programs into the memory 302 according to the following steps, and the processor 301 executes the instructions stored in the memory. 302 application in order to achieve various functions:

接收目标用户对应的待验证控制者发起的交易请求,其中,所述交易请求中携带有交易体,所述交易体包括交易数据、目标DID账号、待验证控制者的签名信息以及待验证控制者的私钥信息;Receive a transaction request initiated by the controller to be verified corresponding to the target user, wherein the transaction request carries a transaction body, and the transaction body includes transaction data, the target DID account number, the signature information of the controller to be verified, and the controller to be verified. private key information;

获取所述目标DID账号对应的DID账号合约中多个账号控制者的控制者公钥信息,得到多个控制者公钥信息;Obtain the controller public key information of multiple account controllers in the DID account contract corresponding to the target DID account, and obtain multiple controller public key information;

基于所述待验证控制者的签名信息和所述待验证控制者的私钥信息确定待验证控制者的待验证公钥信息;Determine the public key information to be verified of the controller to be verified based on the signature information of the controller to be verified and the private key information of the controller to be verified;

从所述多个控制者公钥中查找是否存与所述待验证公钥信息匹配的控制者公钥信息,确定验证结果;Find out whether there is controller public key information matching the to-be-verified public key information from the plurality of controller public keys, and determine the verification result;

若验证结果为验证成功,则确定交易有效,基于所述交易体在区块链网络中进行交易。If the verification result is that the verification is successful, it is determined that the transaction is valid, and the transaction is performed in the blockchain network based on the transaction body.

以上各个操作的具体实施可参见前面的实施例,在此不再赘述。For the specific implementation of the above operations, reference may be made to the foregoing embodiments, and details are not described herein again.

可选的,如图5所示,计算机设备300还包括:触控显示屏303、射频电路304、音频电路305、输入单元306以及电源307。其中,处理器301分别与触控显示屏303、射频电路304、音频电路305、输入单元306以及电源307电性连接。本领域技术人员可以理解,图5中示出的计算机设备结构并不构成对计算机设备的限定,可以包括比图示更多或更少的部件,或者组合某些部件,或者不同的部件布置。Optionally, as shown in FIG. 5 , the computer device 300 further includes: a touch display screen 303 , a radio frequency circuit 304 , an audio circuit 305 , an input unit 306 and a power supply 307 . The processor 301 is electrically connected to the touch display screen 303 , the radio frequency circuit 304 , the audio circuit 305 , the input unit 306 and the power supply 307 respectively. Those skilled in the art can understand that the computer device structure shown in FIG. 5 does not constitute a limitation on the computer device, and may include more or less components than the one shown, or combine some components, or arrange different components.

触控显示屏303可用于显示图形用户界面以及接收用户作用于图形用户界面产生的操作指令。触控显示屏303可以包括显示面板和触控面板。其中,显示面板可用于显示由用户输入的信息或提供给用户的信息以及计算机设备的各种图形用户接口,这些图形用户接口可以由图形、文本、图标、视频和其任意组合来构成。可选的,可以采用液晶显示器(LCD,Liquid Crystal Display)、有机发光二极管(OLED,Organic Light-EmittingDiode)等形式来配置显示面板。触控面板可用于收集用户在其上或附近的触摸操作(比如用户使用手指、触笔等任何适合的物体或附件在触控面板上或在触控面板附近的操作),并生成相应的操作指令,且操作指令执行对应程序。可选的,触控面板可包括触摸检测装置和触摸控制器两个部分。其中,触摸检测装置检测用户的触摸方位,并检测触摸操作带来的信号,将信号传送给触摸控制器;触摸控制器从触摸检测装置上接收触摸信息,并将它转换成触点坐标,再送给处理器301,并能接收处理器301发来的命令并加以执行。触控面板可覆盖显示面板,当触控面板检测到在其上或附近的触摸操作后,传送给处理器301以确定触摸事件的类型,随后处理器301根据触摸事件的类型在显示面板上提供相应的视觉输出。在本申请实施例中,可以将触控面板与显示面板集成到触控显示屏303而实现输入和输出功能。但是在某些实施例中,触控面板与触控面板可以作为两个独立的部件来实现输入和输出功能。即触控显示屏303也可以作为输入单元306的一部分实现输入功能。The touch screen 303 can be used to display a graphical user interface and receive operation instructions generated by the user acting on the graphical user interface. The touch display 303 may include a display panel and a touch panel. Among them, the display panel can be used to display the information input by the user or the information provided to the user and various graphical user interfaces of the computer equipment, and these graphical user interfaces can be composed of graphics, text, icons, videos and any combination thereof. Optionally, the display panel may be configured in the form of a liquid crystal display (LCD, Liquid Crystal Display), an organic light-emitting diode (OLED, Organic Light-Emitting Diode), and the like. The touch panel can be used to collect the user's touch operations on or near it (such as the user's operations on or near the touch panel using a finger, stylus, etc., any suitable object or accessory), and generate corresponding operations instruction, and the operation instruction executes the corresponding program. Optionally, the touch panel may include two parts, a touch detection device and a touch controller. Among them, the touch detection device detects the user's touch orientation, detects the signal brought by the touch operation, and transmits the signal to the touch controller; the touch controller receives the touch information from the touch detection device, converts it into contact coordinates, and then sends it to the touch controller. To the processor 301, and can receive the command sent by the processor 301 and execute it. The touch panel can cover the display panel, and when the touch panel detects a touch operation on or near it, it is transmitted to the processor 301 to determine the type of the touch event, and then the processor 301 provides the display panel according to the type of the touch event. Corresponding visual output. In this embodiment of the present application, the touch panel and the display panel may be integrated into the touch display screen 303 to implement input and output functions. However, in some embodiments, the touch panel and the touch panel may be used as two independent components to implement input and output functions. That is, the touch display screen 303 can also be used as a part of the input unit 306 to realize the input function.

射频电路304可用于收发射频信号,以通过无线通信与网络设备或其他计算机设备建立无线通讯,与网络设备或其他计算机设备之间收发信号。The radio frequency circuit 304 can be used for transmitting and receiving radio frequency signals, so as to establish wireless communication with network equipment or other computer equipment through wireless communication, and send and receive signals with network equipment or other computer equipment.

音频电路305可以用于通过扬声器、传声器提供用户与计算机设备之间的音频接口。音频电路305可将接收到的音频数据转换后的电信号,传输到扬声器,由扬声器转换为声音信号输出;另一方面,传声器将收集的声音信号转换为电信号,由音频电路305接收后转换为音频数据,再将音频数据输出处理器301处理后,经射频电路304以发送给比如另一计算机设备,或者将音频数据输出至存储器302以便进一步处理。音频电路305还可能包括耳塞插孔,以提供外设耳机与计算机设备的通信。Audio circuitry 305 may be used to provide an audio interface between the user and computer equipment through speakers, microphones. The audio circuit 305 can transmit the electrical signal converted from the received audio data to the speaker, and the speaker converts it into a sound signal for output; on the other hand, the microphone converts the collected sound signal into an electrical signal, which is converted after being received by the audio circuit 305 In the form of audio data, the audio data is output to the processor 301 for processing, and then sent to, for example, another computer device via the radio frequency circuit 304, or the audio data is output to the memory 302 for further processing. Audio circuitry 305 may also include an ear jack to provide for communication of peripheral headphones with computer equipment.

输入单元306可用于接收输入的数字、字符信息或用户特征信息(例如指纹、虹膜、面部信息等),以及产生与用户设置以及功能控制有关的键盘、鼠标、操作杆、光学或者轨迹球信号输入。The input unit 306 can be used to receive input numbers, character information or user characteristic information (such as fingerprint, iris, facial information, etc.), and generate keyboard, mouse, joystick, optical or trackball signal input related to user settings and function control .

电源307用于给计算机设备300的各个部件供电。可选的,电源307可以通过电源管理系统与处理器301逻辑相连,从而通过电源管理系统实现管理充电、放电、以及功耗管理等功能。电源307还可以包括一个或一个以上的直流或交流电源、再充电系统、电源故障检测电路、电源转换器或者逆变器、电源状态指示器等任意组件。Power supply 307 is used to power various components of computer device 300 . Optionally, the power supply 307 may be logically connected to the processor 301 through a power management system, so that functions such as charging, discharging, and power consumption management are implemented through the power management system. The power source 307 may also include one or more DC or AC power sources, recharging systems, power failure detection circuits, power converters or inverters, power status indicators, and any other components.

尽管图5中未示出,计算机设备300还可以包括摄像头、传感器、无线保真模块、蓝牙模块等,在此不再赘述。Although not shown in FIG. 5 , the computer device 300 may further include a camera, a sensor, a Wi-Fi module, a Bluetooth module, and the like, which will not be repeated here.

在上述实施例中,对各个实施例的描述都各有侧重,某个实施例中没有详述的部分,可以参见其他实施例的相关描述。In the above-mentioned embodiments, the description of each embodiment has its own emphasis. For parts that are not described in detail in a certain embodiment, reference may be made to the relevant descriptions of other embodiments.

由上可知,本实施例提供的计算机设备,可以将DID合约作为底层系统合约,用户将DID合约账号作为底层区块链账号,能够实现重置私钥,解决私钥丢失的问题,提高区块链的可靠性。It can be seen from the above that the computer equipment provided in this embodiment can use the DID contract as the underlying system contract, and the user can use the DID contract account as the underlying blockchain account, which can reset the private key, solve the problem of private key loss, and improve the block chain. chain reliability.

本领域普通技术人员可以理解,上述实施例的各种方法中的全部或部分步骤可以通过指令来完成,或通过指令控制相关的硬件来完成,该指令可以存储于一计算机可读存储介质中,并由处理器进行加载和执行。Those of ordinary skill in the art can understand that all or part of the steps in the various methods of the above-mentioned embodiments can be completed by instructions, or by instructions that control relevant hardware, and the instructions can be stored in a computer-readable storage medium, and loaded and executed by the processor.

为此,本申请实施例提供一种计算机可读存储介质,其中存储有多条计算机程序,该计算机程序能够被处理器进行加载,以执行本申请实施例所提供的任一种区块链账户的验证方法中的步骤。例如,该计算机程序可以执行如下步骤:To this end, the embodiments of the present application provide a computer-readable storage medium, in which a plurality of computer programs are stored, and the computer programs can be loaded by a processor to execute any blockchain account provided by the embodiments of the present application. steps in the verification method. For example, the computer program may perform the following steps:

接收目标用户对应的待验证控制者发起的交易请求,其中,所述交易请求中携带有交易体,所述交易体包括交易数据、目标DID账号、待验证控制者的签名信息以及待验证控制者的私钥信息;Receive a transaction request initiated by the controller to be verified corresponding to the target user, wherein the transaction request carries a transaction body, and the transaction body includes transaction data, the target DID account number, the signature information of the controller to be verified, and the controller to be verified. private key information;

获取所述目标DID账号对应的DID账号合约中多个账号控制者的控制者公钥信息,得到多个控制者公钥信息;Obtain the controller public key information of multiple account controllers in the DID account contract corresponding to the target DID account, and obtain multiple controller public key information;

基于所述待验证控制者的签名信息和所述待验证控制者的私钥信息确定待验证控制者的待验证公钥信息;Determine the public key information to be verified of the controller to be verified based on the signature information of the controller to be verified and the private key information of the controller to be verified;

从所述多个控制者公钥中查找是否存与所述待验证公钥信息匹配的控制者公钥信息,确定验证结果;Find out whether there is controller public key information matching the to-be-verified public key information from the plurality of controller public keys, and determine the verification result;

若验证结果为验证成功,则确定交易有效,基于所述交易体在区块链网络中进行交易。If the verification result is that the verification is successful, it is determined that the transaction is valid, and the transaction is performed in the blockchain network based on the transaction body.

以上各个操作的具体实施可参见前面的实施例,在此不再赘述。For the specific implementation of the above operations, reference may be made to the foregoing embodiments, and details are not described herein again.

其中,该存储介质可以包括:只读存储器(ROM,Read Only Memory)、随机存取记忆体(RAM,Random Access Memory)、磁盘或光盘等。Wherein, the storage medium may include: a read only memory (ROM, Read Only Memory), a random access memory (RAM, Random Access Memory), a magnetic disk or an optical disk, and the like.

由于该存储介质中所存储的计算机程序,可以执行本申请实施例所提供的任一种区块链账户的验证方法中的步骤,因此,可以实现本申请实施例所提供的任一种区块链账户的验证方法所能实现的有益效果,详见前面的实施例,在此不再赘述。Since the computer program stored in the storage medium can execute the steps in any blockchain account verification method provided by the embodiments of the present application, any block chain account provided by the embodiments of the present application can be implemented. The beneficial effects that can be achieved by the verification method of the chain account can be seen in the previous embodiments, which will not be repeated here.

在上述实施例中,对各个实施例的描述都各有侧重,某个实施例中没有详述的部分,可以参见其他实施例的相关描述。In the above-mentioned embodiments, the description of each embodiment has its own emphasis. For parts that are not described in detail in a certain embodiment, reference may be made to the relevant descriptions of other embodiments.

以上对本申请实施例所提供的一种区块链账户的验证方法、装置、计算机设备及存储介质进行了详细介绍,本文中应用了具体个例对本申请的原理及实施方式进行了阐述,以上实施例的说明只是用于帮助理解本申请的技术方案及其核心思想;本领域的普通技术人员应当理解:其依然可以对前述各实施例所记载的技术方案进行修改,或者对其中部分技术特征进行等同替换;而这些修改或者替换,并不使相应技术方案的本质脱离本申请各实施例的技术方案的范围。The verification method, device, computer equipment and storage medium for a blockchain account provided by the embodiments of the present application have been described above in detail. The principles and implementations of the present application are described with specific examples in this article. The descriptions of the examples are only used to help understand the technical solutions of the present application and their core ideas; those of ordinary skill in the art should understand that they can still modify the technical solutions described in the foregoing embodiments, or modify some of the technical features. Equivalent replacement; and these modifications or replacements do not make the essence of the corresponding technical solutions deviate from the scope of the technical solutions of the embodiments of the present application.

Claims (12)

1. A method for verifying a blockchain account, comprising:
receiving a transaction request initiated by a controller to be verified corresponding to a target user, wherein the transaction request carries a transaction body, and the transaction body comprises transaction data, a target DID account number, signature information of the controller to be verified and private key information of the controller to be verified;
acquiring controller public key information of a plurality of account controllers in a DID account contract corresponding to the target DID account to obtain a plurality of controller public key information;
determining the public key information to be verified of the controller to be verified based on the signature information of the controller to be verified and the private key information of the controller to be verified;
searching whether controller public key information matched with the public key information to be verified exists in the plurality of controller public keys, and determining a verification result;
and if the verification result is successful, determining that the transaction is effective, and performing the transaction in the block chain network based on the transaction body.
2. The method for verifying the blockchain account according to claim 1, before receiving the transaction request initiated by the controller to be verified corresponding to the target user, further comprising:
receiving an account registration request sent by a first controller corresponding to the target user, wherein the account registration request carries first controller attribute information, and the first controller attribute information comprises first private key information of the first controller, first public key information of the first controller and a first controller address of the first controller;
Generating a target contract address in an account system contract deployed in the block chain network based on the first controller attribute information, wherein the account system contract is used for managing a DID account;
generating a target DID account based on the target contract address and preset identification information;
and storing the target DID account in the account system contract, and sending the target DID account to the target user so that a controller corresponding to the target user can acquire the control authority of the target DID account.
3. The method for validating a blockchain account according to claim 2, wherein the generating a target contract address in the account system contract deployed in the blockchain network based on the first controller attribute information comprises:
creating a DID account contract in the account system contract;
and writing the first controller attribute information into the DID account contract, and generating a target contract address corresponding to the DID account contract based on the first controller attribute information.
4. The method of claim 3, wherein the predetermined identification information comprises a DID prefix and a DID method identification;
Generating a target DID account based on the target contract address and preset identification information comprises the following steps:
and sequentially splicing the DID prefix, the DID method identification and the target contract address to generate a target DID account.
5. The method for validating a blockchain account according to claim 3, further comprising, after saving the target DID account in the account system contract and sending the target DID account to the target user:
receiving an addition request of an initiating controller to a controller to be added from a plurality of candidate controllers of the target user, wherein the addition request carries a target DID account of the target user and second controller attribute information of the controller to be added, and the second controller attribute information comprises second public key information of the controller to be added and a second controller address of the controller to be added;
and adding the controller to be added as a target controller of the target DID account based on the target DID account and the second controller attribute information, wherein the target controller has the control authority of the target DID account.
6. The method for verifying the blockchain account according to claim 5, wherein the adding the to-be-added controller as the target controller of the target DID account based on the target DID account and the second controller attribute information includes:
And storing the second controller attribute information into a DID account contract corresponding to the target DID account so as to add the controller to be added as a target controller of the target DID account.
7. The method for validating a blockchain account according to claim 6, before saving the second controller attribute information to the DID account contract corresponding to the target DID account, further comprising:
judging whether the initiating controller is a controller of the target DID account;
if yes, the second controller attribute information is stored in a DID account contract corresponding to the target DID account;
and if not, not adding the controller to be added as the controller of the DID account.
8. The method of verifying a blockchain account according to claim 5, further comprising, after adding the to-be-added controller as a target controller of the target DID account based on the target DID account and the second controller attribute information:
receiving a deletion request of an initiating controller to a controller to be deleted from a plurality of candidate controllers of the target user, wherein the deletion request carries a target DID account corresponding to the initiating controller and a controller address of the controller to be deleted;
And deleting the controller address of the controller to be deleted from the DID account contract corresponding to the target DID account so as to release the control authority of the controller to be deleted on the DID account.
9. The method of validating a blockchain account of claim 2, further comprising:
receiving a DID account number counting request sent by the target user;
counting the account number of all DID accounts through the deployed account system contract of the block chain network based on the DID account counting request;
and returning the account number to the target user.
10. An apparatus for validating blockchain accounts, the apparatus comprising:
the system comprises a receiving unit, a verification unit and a verification unit, wherein the receiving unit is used for receiving a transaction request initiated by a controller to be verified corresponding to a target user, the transaction request carries a transaction body, and the transaction body comprises transaction data, a target DID account number, signature information of the controller to be verified and private key information of the controller to be verified;
the acquisition unit is used for acquiring controller public key information of a plurality of account controllers in a DID account contract corresponding to the target DID account to obtain a plurality of controller public key information;
the first determining unit is used for determining the public key information to be verified of the controller to be verified based on the signature information of the controller to be verified and the private key information of the controller to be verified;
The second determining unit is used for searching whether the controller public key information matched with the public key information to be verified exists in the plurality of controller public keys and determining a verification result;
and the third determining unit is used for determining that the transaction is effective if the verification result is successful, and performing the transaction in the block chain network based on the transaction body.
11. A computer device comprising a processor, a memory and a computer program stored on the memory and executable on the processor, the computer program when executed by the processor implementing the steps of the method of authentication of blockchain accounts according to any one of claims 1 to 9.
12. A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the steps of the method of authentication of blockchain accounts according to any one of claims 1 to 9.
CN202210344237.6A 2022-03-31 2022-03-31 Blockchain account verification method, device, computer equipment and storage medium Active CN114844629B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210344237.6A CN114844629B (en) 2022-03-31 2022-03-31 Blockchain account verification method, device, computer equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210344237.6A CN114844629B (en) 2022-03-31 2022-03-31 Blockchain account verification method, device, computer equipment and storage medium

Publications (2)

Publication Number Publication Date
CN114844629A true CN114844629A (en) 2022-08-02
CN114844629B CN114844629B (en) 2024-12-03

Family

ID=82563729

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210344237.6A Active CN114844629B (en) 2022-03-31 2022-03-31 Blockchain account verification method, device, computer equipment and storage medium

Country Status (1)

Country Link
CN (1) CN114844629B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116074126A (en) * 2023-03-31 2023-05-05 天聚地合(苏州)科技股份有限公司 Identity management method and device based on intelligent contract
CN117952605A (en) * 2022-10-28 2024-04-30 花瓣云科技有限公司 Verifiable claim processing method and processing device

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110688679A (en) * 2019-09-30 2020-01-14 湖南天河国云科技有限公司 Account locking/unlocking method and device based on block chain
CN111213350A (en) * 2019-07-02 2020-05-29 阿里巴巴集团控股有限公司 System and method for creating decentralized identity
CN111241533A (en) * 2020-01-08 2020-06-05 深圳壹账通智能科技有限公司 Block chain-based password management method and device and computer-readable storage medium
CN111277577A (en) * 2020-01-14 2020-06-12 北京百度网讯科技有限公司 Digital identity verification method, device, equipment and storage medium
CN112702346A (en) * 2020-12-24 2021-04-23 国网浙江省电力有限公司电力科学研究院 Distributed identity authentication method and system based on alliance chain
EP3822894A1 (en) * 2019-11-13 2021-05-19 Telefonica Digital España, S.L.U. Secure electronic messaging guaranteeing integrity and non-repudation
CN113452516A (en) * 2020-03-27 2021-09-28 山东浪潮质量链科技有限公司 Block chain-based asymmetric key generation and distribution method, equipment and medium
CN113610528A (en) * 2021-08-24 2021-11-05 上海点融信息科技有限责任公司 Block chain-based management system, method, device and storage medium

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111213350A (en) * 2019-07-02 2020-05-29 阿里巴巴集团控股有限公司 System and method for creating decentralized identity
CN110688679A (en) * 2019-09-30 2020-01-14 湖南天河国云科技有限公司 Account locking/unlocking method and device based on block chain
EP3822894A1 (en) * 2019-11-13 2021-05-19 Telefonica Digital España, S.L.U. Secure electronic messaging guaranteeing integrity and non-repudation
CN111241533A (en) * 2020-01-08 2020-06-05 深圳壹账通智能科技有限公司 Block chain-based password management method and device and computer-readable storage medium
CN111277577A (en) * 2020-01-14 2020-06-12 北京百度网讯科技有限公司 Digital identity verification method, device, equipment and storage medium
US20210218574A1 (en) * 2020-01-14 2021-07-15 Beijing Baidu Netcom Science And Technology Co., Ltd. Method and apparatus for verifying digital identity, device and storage medium
CN113452516A (en) * 2020-03-27 2021-09-28 山东浪潮质量链科技有限公司 Block chain-based asymmetric key generation and distribution method, equipment and medium
CN112702346A (en) * 2020-12-24 2021-04-23 国网浙江省电力有限公司电力科学研究院 Distributed identity authentication method and system based on alliance chain
CN113610528A (en) * 2021-08-24 2021-11-05 上海点融信息科技有限责任公司 Block chain-based management system, method, device and storage medium

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117952605A (en) * 2022-10-28 2024-04-30 花瓣云科技有限公司 Verifiable claim processing method and processing device
CN117952605B (en) * 2022-10-28 2025-01-28 花瓣云科技有限公司 Verifiable claim processing method and processing device
CN116074126A (en) * 2023-03-31 2023-05-05 天聚地合(苏州)科技股份有限公司 Identity management method and device based on intelligent contract

Also Published As

Publication number Publication date
CN114844629B (en) 2024-12-03

Similar Documents

Publication Publication Date Title
US11689366B2 (en) Cryptoasset custodial system with vault-specific rules governing different actions allowed for different vaults
TWI713855B (en) Certificate management method and system
CN110598482B (en) Digital certificate management method, device, equipment and storage medium based on blockchain
US11301845B2 (en) Cryptoasset custodial system with proof-of-stake blockchain support
CN110163004B (en) A block chain generation method, related equipment and system
CN111475841B (en) Access control method, related device, equipment, system and storage medium
US11494763B2 (en) Cryptoasset custodial system with custom logic
CN115396114A (en) Authorization method, device, equipment and system based on verifiable statement
CN109691057A (en) Exchangeable retrieval of sensitive content via private content distribution network
CN113343208A (en) Certificate authorization method, device, terminal and storage medium
CN108769230A (en) Transaction data storage method, device, server and storage medium
CN114600143A (en) Risk Mitigation of Crypto Asset Custody Systems Using Hardware Security Keys
CN113474804A (en) Transaction and account verification method, device and storage medium of digital currency
CN110601858A (en) Certificate management method and device
US20210021577A1 (en) Systems and methods for sending user data from a trusted party to a third party using a distributed registry
CN114844629B (en) Blockchain account verification method, device, computer equipment and storage medium
CN113746640B (en) Digital certificate using method, device, computer equipment and storage medium
CN113506108B (en) Account management method, device, terminal and storage medium
WO2025016301A1 (en) Security authentication
CN110532324A (en) Notice information methods of exhibiting, device, equipment and storage medium based on block chain
WO2023134259A1 (en) Point-to-point-based data processing method and system, computing device, and storage medium
CN113343216A (en) Management method and device of issuer, storage medium and server
JP2013020643A (en) Personal information providing device and personal information providing method
CN113890753A (en) Digital identity management method, device, system, computer equipment and storage medium
CN114282270B (en) Method, device, terminal and storage medium for managing certificates in block chain

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant