CN118940313A - A distributed digital identity authentication method for supply chain finance based on blockchain - Google Patents

Abstract

The invention discloses a supply chain finance distributed digital identity authentication method based on a block chain, which comprises the following steps of S100: the participants register unique distributed digital identities DIDs respectively; step S200: the authority certificate issuer registers as a digital certificate authority, registers and provides a digital certificate declaration template; step S300: the financing enterprise applies for an authority certificate issuer to apply for enterprise qualification digital certificates, and the authority certificate issuer verifies the distributed digital identity DID of the financing enterprise applicant; step S400: the financing enterprise applicant signs the electronic transaction contract and uses the private key to sign, and the authority certificate issuer issues the digital certificate and the concurrent certificate are uplink; step S500: the financial service provider verifies the DID of the financing enterprise applicant by using a dynamic consensus mechanism and checks the enterprise qualification digital certificate and the electronic contract digital certificate of the financing enterprise applicant.

Description

Supply chain finance distributed digital identity authentication method based on block chain

Technical Field

The invention relates to the technical field of supply chain financial data security, in particular to a credible identification authentication method for distributed digital identities of a plurality of participants facing supply chain finance, and specifically relates to a block chain-based supply chain finance distributed digital identity authentication method.

Background

The existing supply chain finance relates to a plurality of participants, and the participants in each link need to provide a large amount of paper files and manually stamp to prove the identity information and transaction information, so that the identity proving mode is complex, the counterfeiting and falsification conditions are easy to occur, and the authenticity and the credibility of the information are difficult to guarantee; the identity data of a plurality of links of the supply chain participants are managed and controlled by a single authority, so that the information security problem exists; the identity privacy data of the user is stored in the central identity authentication server, and the centralized identity authentication server is easily subject to risks caused by external attack, internal malicious behaviors and misoperation, so that illegal access of sensitive data is caused, and the identity authentication information and the privacy information data of the user are revealed.

Disclosure of Invention

The invention aims to provide a supply chain financial distributed digital identity authentication method based on a blockchain so as to solve the problems in the background technology.

In order to solve the technical problems, the invention provides the following technical scheme: a supply chain finance distributed digital identity authentication method based on block chain includes:

Step S100: the financing enterprise applicant, the authority certificate issuer and the financial service provider register unique distributed digital identities DIDs respectively and generate a key pair through an encryption algorithm, and the distributed digital identities DIDs are stored on a blockchain;

step S200: the authority certificate issuer registers to become a digital certificate authority, and the digital certificate authority is used for registering and providing a digital certificate declaration template;

step S300: the financing enterprise applies for an authority certificate issuer to apply for enterprise qualification digital certificates, and the authority certificate issuer verifies the identity holder relation of the distributed digital identity DID of the financing enterprise applicant;

Step S400: the financing enterprise applicant signs the electronic transaction contract online, the private key of the financing enterprise applicant DID is used for signing the electronic contract data, and the authority certificate issuer issues the electronic contract digital certificate and the concurrent certificate for linking;

Step S500: the financial service provider verifies the DID identity holder relationship of the financing enterprise applicant by using a dynamic consensus mechanism, and checks the enterprise qualification digital certificate and the electronic contract digital certificate of the financing enterprise applicant.

Further, step S100 includes:

step S101: the financial service provider and the authority certificate issuer together form a blockchain alliance network, blockchain node equipment in the alliance chain network is maintained by all participants and becomes a consensus node, the consensus node participates in transaction consensus of the whole alliance chain, and all member nodes deploy DID intelligent contracts;

Step S102: any party of supply chain finance initiates a DID registration application by using a DID digital identity wallet to become an application party, a DID service center receives a request of the application party, generates a key pair by using an ECDSA elliptic curve digital signature algorithm on the basis of a specific elliptic curve parameter set secp k1, wherein the key pair comprises a public key and a private key, the private key cannot be calculated by the public key, the DID service center writes the public key into a DID document and stores the public key in a blockchain, the private key is sent back to the application party, the application party stores the private key into the DID digital identity wallet, the DID service center generates hexadecimal character strings according to the public key and splices the hexadecimal character strings with a specific DID identifier prefix of the application party to form a complete and unique application party DID, and all the DIDs are stored on the blockchain to ensure that identity information is globally visible and cannot be forged;

Step S103: the method comprises the steps of creating a DID document, an authentication attribute unit and a DID service endpoint in a blockchain, wherein the DID document is used for storing identity verification information, the identity verification information comprises a DID of an identity holder, the DID document carries out Multicodec coding on a public key of the identity holder, the public key coded by Multicodec is formatted through Base58 coding and then added to the authentication attribute unit, and the DID service endpoint is a specific network address or interface pointing to verification service and is used for verifying the identity or requesting access permission of the DID holder;

Step S104: and requesting the DID service center to call the DID intelligent contract to store the created DID and the DID document metadata into the blockchain, and synchronously distributing the created DID and the DID document metadata to all nodes by the alliance chain network.

Further, step S200 includes:

step S201, an authority certificate issuer registers as a digital certificate authority, the digital certificate authority collects the certificate demands from all participants and defines the data structure and verification logic and rules of each type of certificate;

Step S202: the digital certificate authority registers the designed digital certificate declaration templates, deploys and publishes the templates into the blockchain, the templates include but are not limited to enterprise basic information, credit ratings, financial reports and transaction contracts, and the digital certificate authority monitors the use condition of the templates and updates and optimizes the templates according to feedback of each participant.

Further, step S300 includes:

Step S301: the financing enterprise applicant submits a request for applying enterprise qualification digital certificates to an authority certificate issuer by using the held distributed digital identity DID and providing related materials;

step S302: the DID verification party requests the DID service center to analyze the DID submitted by the financing enterprise applicant party, the DID identifier prefix is disassembled and separated, address strings in DID terminal data are extracted, a query request for querying the DID document metadata according to the DID is sent to the DID intelligent contract in the blockchain, and the DID intelligent contract analysis interface acquires the DID document metadata information from the blockchain storage and returns the DID document metadata information to the DID service center;

Step S303: an authority certificate issuer sends an identity verification challenge request to a financing enterprise applicant by a challenge-response mechanism through a service endpoint address in DID document metadata, the authority certificate issuer inquires a corresponding DID document on a blockchain to obtain a public key of a DID holder receiving the identity verification challenge through a distributed digital identity DID of the financing enterprise applicant, then generates a random character string and encrypts the random character string by using the public key, the obtained encrypted character string is sent to the financing enterprise applicant, the financing enterprise applicant decrypts the encrypted character string by using a held DID private key, restores the random character string and sends the random character string back to the authority certificate issuer for verification, the authority certificate issuer verifies whether the DID is consistent with the random character string in the time of picking, and if the DID is consistent, the identity of the DID holder of the financing enterprise applicant is confirmed to be safe and reliable, and identity authentication is completed;

Step S304: and the authority certificate issuer uses the DID of the authority certificate issuer to issue the enterprise qualification digital certificate to the financing enterprise applicant according to the digital certificate declaration template and the enterprise information, calculates the certificate data hash value and stores the hash value into the blockchain.

Further, step S400 includes:

Step S401: the participation of the electronic contract digital certificate in the supply chain finance sends an application to an authority certificate authority issuer, the authority issuer obtains a distributed digital identity DID of an application party and requests a DID service center to analyze, the DID service center inquires whether the DID of the application party exists through a DID intelligent contract, when the DID of the application party exists, a corresponding DID document is obtained and the DID document metadata information is sent back to the DID service center, further a public key coded in an identity authentication attribute is extracted to restore the public key, and after restoration is completed, a string of random character strings is encrypted by using the public key and encrypted random character string ciphertext is output;

Step S402: the authority certificate issuing party initiates a challenge request for identity verification of a DID holder through a service endpoint address in DID document metadata of the application party, sends ciphertext of the DID and the encrypted random character string of the application party to the application party, decrypts the ciphertext by using a DID private key held by the application party, and reverts the ciphertext to a random character string plaintext;

Step S403: the applicant sends the DID and the decrypted random string plaintext back to the authority certificate issuer for verification, and when the DID and the decrypted random string plaintext are consistent with the random string generated by the authority certificate issuer, the identity of the applicant DID holder is considered to be credible;

step S404: an authority certificate issuer serving as a digital certificate issuer generates digital certificate information according to the certificate declaration information content and the digital certificate declaration template of an applicant, wherein digital certificate information is written with digital certificate issuer DID and digital certificate issuer DID private key signature information of digital certificates;

Using Keccak256 cryptographic hash function, converting digital credential information data into a 256-bit fixed length message digest, generating a random large integer L (0 < L < n, n is elliptic curve order), by the formula:

Z＝L*G

Wherein G is a base point on the elliptic curve;

Calculating a point Z, extracting an x coordinate from the Z, wherein the x coordinate is r in the signature;

By the formula:

F＝k^(-1)*(H(m)+r*d)mod N

Wherein H (m) is a digital credential message digest, d is a digital credential issuer private key, and k-1 is the multiplicative inverse of k with respect to elliptic curve order modulus N;

generating an F value calculated by a private key of the digital certificate issuer;

Calculating a recovery identifier v, finally obtaining signature data (r, s, v), and writing the signature data after base64 encoding into information of a digital certificate issuer for verifying whether the digital certificate issuer is legal and credible and whether the data content is tampered;

Step S405: the generated complete digital voucher information is used for generating an information abstract by using a Keccak256 encryption hash function, the information abstract is a voucher hash, a voucher creation logic unit of a DID intelligent contract in a blockchain is called, the digital voucher information abstract is stored in the blockchain, information related to user privacy is not uplink but is stored in a digital voucher issuer, the privacy attribute of the applicant is proved by a statement issued by the digital voucher issuer, the digital voucher issuer sends the digital voucher information back to the applicant, and the DID digital identity wallet of the applicant is stored.

Further, step S500 includes:

step S501: in the supply chain financial background, a financial service provider is a digital certificate verifier, the digital certificate verifier utilizes a dynamic consensus mechanism to divide participants into different grades according to the business type and reputation scores of the participants, and sets different numbers and types of digital certificate verifiers according to the grades to perform dynamic consensus verification of the supply chain finance;

step S502: the method comprises the steps that a digital certificate holder in a supply chain finance is required to verify a digital certificate, a request for checking the digital certificate is sent to the digital certificate holder, the digital certificate verifier obtains a distributed digital identity DID of the digital certificate holder, a DID service center is required to analyze, whether a DID exists is inquired through a blockchain DID intelligent contract, and if the DID exists, a corresponding DID document is obtained and the DID document metadata information is sent back;

The digital certificate verification party extracts the coded public key in the identity authentication attribute, decodes and restores the public key, encrypts a string of random character strings by using the restored public key, outputs encrypted ciphertext, and initiates a challenge request for the identity verification of the DID holder through the service endpoint address in the DID document metadata of the digital certificate holder, and sends the DID of the digital certificate holder and the ciphertext of the encrypted random character strings to the digital certificate holder;

Decrypting the ciphertext by the digital certificate holder by using the private key corresponding to the DID, restoring the ciphertext into a random string plaintext, sending the DID and the decrypted random string plaintext back to the digital certificate verifier for verification, and considering the identity of the DID holder of the digital certificate holder as credible when the decrypted random string is consistent with the random string generated by the digital certificate verifier;

Step S503: the digital certificate holder submits digital certificate information to the verifier, the digital certificate verifier inquires whether the digital certificate issuer is legal and trusted according to the DID of an issuer in the digital certificate, and simultaneously signs and verifies the digital certificate by using a public key of the issuer, and the digital certificate is issued by a trusted authority issuer after the verification passes, so that a Keccak256 encryption hash function is used for generating an information abstract for the digital certificate information, a checking interface of a blockchain certificate storage intelligent contract is called according to a blockchain address of a digital certificate, and when the information abstract of the digital certificate is verified to be consistent, the digital certificate information is considered not tampered;

Step S504: the financial service provider DID account requests the enterprise qualification digital certificate from the financing enterprise application side DID account, the financing enterprise application side authorizes the financial service provider to access the enterprise qualification digital certificate, the financial service provider acquires the enterprise qualification digital certificate from the authentication center, verifies whether the DID of the issued enterprise qualification digital certificate is the DID of the authority issuer, and after verification is true, continuously verifies whether the certificate of the enterprise qualification digital certificate stored in the blockchain is consistent with the locally calculated hash, if so, the enterprise qualification digital certificate is not tampered, and checks the enterprise qualification digital certificate;

step S505: the financial service provider DID account requests the transaction contract digital certificate from the financing enterprise application party DID account, the financing enterprise application party authorizes the financial service provider to access the transaction contract digital certificate, the financial service provider acquires the transaction contract digital certificate from the authentication center, verifies whether the DID of the issuing transaction contract digital certificate is the DID of the authority issuer, and after verification is true, continues to verify whether the certificate hash stored in the blockchain of the transaction contract digital certificate is consistent with the locally calculated hash, if so, the transaction contract digital certificate is not tampered, and the transaction contract digital certificate is checked.

Further, the dynamic consensus mechanism includes:

Through reputation scoring formulas in the blockchain:

Wherein R _i is the reputation score of the participant i, alpha is the success rate adjustment factor given according to the actual scene, beta is the liveness adjustment factor given according to the actual scene, S _ij is the success score of the participant i in the j-th transaction, n is the total transaction number for evaluation, t _i is the time since the first transaction, lambda is the attenuation constant for adjusting the influence of time on reputation, and e is the base of natural logarithm;

defining a reputation score for the participant;

the reputation score is proportional to the weight of the participant in the consensus decision;

Through a consensus node weight formula:

Wherein Wi is the weight of the selected consensus node, m is the total number of candidate consensus nodes, and R _k is the sum of reputation scores of all candidate nodes;

defining weights of candidate consensus nodes;

When a financing enterprise applicant submits a digital certificate verification request, the DID service center selects a group of consensus nodes according to the transaction;

by the consensus decision threshold formula:

Wherein θ is a consensus decision threshold, V _i is a verification result of node i, if the verification result is true, V _i =1, if the verification result is not true, V _i =0, and p is the number of nodes participating in formula verification;

Determining a threshold value required by consensus decisions;

The selected consensus nodes independently verify the authenticity of the DID and the digital certificate of the financing enterprise applicant, each node submits the verified result to the blockchain, and when the result exceeds a threshold value required by a set consensus decision, the verification is considered to be valid;

The formula is set through the safety parameters:

q＝γ·m

wherein q is the minimum number of verification nodes, gamma is a coefficient between 0 and 1, and m is the total number of nodes participating in consensus;

The minimum number of consensus nodes for verification is dynamically adjusted.

Compared with the prior art, the invention has the following beneficial effects: the invention relates to a supply chain finance distributed digital identity authentication method based on a blockchain, which forms a alliance by a plurality of participants, establishes a decentralised blockchain trust network, can solve the problem of identity mutual trust among various participants such as a financing enterprise applicant and a financial service provider in supply chain finance, can put an end to financial risks such as information asymmetry, false identity, false transaction auditing difficulty and the like of various participants on a supply chain finance chain, improves the business auditing efficiency of a finance service side, reduces auditing cost, improves the flexibility and safety of identity and credential authentication by a dynamic consensus mechanism, and is particularly suitable for processing large-scale and complex supply chain finances.

Drawings

The accompanying drawings are included to provide a further understanding of the invention and are incorporated in and constitute a part of this specification, illustrate the invention and together with the embodiments of the invention, serve to explain the invention. In the drawings:

FIG. 1 is a schematic flow chart of a distributed digital identity DID registration and blockchain storage method based on a blockchain supply chain financial distributed digital identity authentication method of the present invention;

FIG. 2 is a schematic diagram of a DID holder authentication process of a blockchain-based supply chain financial distributed digital authentication method according to the present invention;

FIG. 3 is a schematic diagram of a block chain-based supply chain financial distributed digital identity authentication method for digital credential application and issuing in a distributed digital identity DID according to the present invention;

Fig. 4 is a digital certificate verification process based on distributed digital identity DID of a blockchain-based supply chain financial distributed digital identity authentication method of the present invention.

Detailed Description

The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.

Referring to fig. 1-4, the present invention provides the following technical solutions: a supply chain finance distributed digital identity authentication method based on block chain includes:

Step S100: the financing enterprise applicant, the authority certificate issuer and the financial service provider register unique distributed digital identities DIDs respectively and generate a key pair through an encryption algorithm, and the distributed digital identities DIDs are stored on a blockchain;

wherein, step S100 includes:

step S101: the financial service provider and the authority certificate issuer together form a blockchain alliance network, blockchain node equipment in the alliance chain network is maintained by all participants and becomes a consensus node, the consensus node participates in transaction consensus of the whole alliance chain, and all member nodes deploy DID intelligent contracts;

Step S102: any party of supply chain finance initiates a DID registration application by using a DID digital identity wallet to become an application party, after receiving a request of the application party, a DID service center generates a key pair by using an ECDSA elliptic curve digital signature algorithm on the basis of a specific elliptic curve parameter set secp k1, wherein the key pair comprises a public key and a private key, the public key cannot be deduced by the public key, the DID service center writes the public key into a DID document and stores the public key in a blockchain, the private key is sent back to the application party, the application party stores the private key into the DID digital identity wallet, and the DID service center generates hexadecimal character strings according to the public key and splices the hexadecimal character strings with a specific DID identifier prefix of the application party to form a complete and unique application party DID;

Step S103: the method comprises the steps of creating a DID document, an authentication attribute unit and a DID service endpoint in a blockchain, wherein the DID document is used for storing identity verification information, the identity verification information comprises a DID of an identity holder, the DID document carries out Multicodec coding on a public key of the identity holder, the public key coded by Multicodec is formatted through Base58 coding and then added to the authentication attribute unit, and the DID service endpoint is a specific network address or interface pointing to verification service and is used for verifying the identity or requesting access permission of the DID holder;

Step S104: requesting the DID service center to call the DID intelligent contract to store the created DID and DID document metadata into the blockchain, and synchronously distributing the created DID and DID document metadata to all nodes by the alliance chain network;

step S200: the authority certificate issuer registers to become a digital certificate authority, and the digital certificate authority is used for registering and providing a digital certificate declaration template;

Wherein, step S200 includes:

step S201, an authority certificate issuer registers as a digital certificate authority, the digital certificate authority collects the certificate demands from all participants and defines the data structure and verification logic and rules of each type of certificate;

step S202: the digital certificate authority registers the designed digital certificate declaration template, deploys and distributes the template into a blockchain, and the digital certificate authority monitors the use condition of the template and updates and optimizes the template according to the feedback of each participant;

step S300: the financing enterprise applies for an authority certificate issuer to apply for enterprise qualification digital certificates, and the authority certificate issuer verifies the identity holder relation of the distributed digital identity DID of the financing enterprise applicant;

wherein, step S300 includes:

Step S301: the financing enterprise applicant submits a request for applying enterprise qualification digital certificates to an authority certificate issuer by using the held distributed digital identity DID;

step S302: the DID verification party requests the DID service center to analyze the DID submitted by the financing enterprise applicant party, the DID identifier prefix is disassembled and separated, address strings in DID terminal data are extracted, a query request for querying the DID document metadata according to the DID is sent to the DID intelligent contract in the blockchain, and the DID intelligent contract analysis interface acquires the DID document metadata information from the blockchain storage and returns the DID document metadata information to the DID service center;

Step S303: an authority certificate issuer sends an identity verification challenge request to a financing enterprise applicant by a challenge-response mechanism through a service endpoint address in DID document metadata, the authority certificate issuer inquires a corresponding DID document on a blockchain to obtain a public key of a DID holder receiving the identity verification challenge through a distributed digital identity DID of the financing enterprise applicant, then generates a random character string and encrypts the random character string by using the public key, the obtained encrypted character string is sent to the financing enterprise applicant, the financing enterprise applicant decrypts the encrypted character string by using a held DID private key, restores the random character string and sends the random character string back to the authority certificate issuer for verification, the authority certificate issuer verifies whether the DID is consistent with the random character string in the time of picking, and if the DID is consistent, the identity of the DID holder of the financing enterprise applicant is confirmed to be safe and reliable, and identity authentication is completed;

Step S304: the authority certificate issuer uses the DID of the authority certificate issuer to issue the enterprise qualification digital certificate to the financing enterprise applicant according to the digital certificate declaration template and the enterprise information, calculates the certificate data hash value and stores the hash value into the blockchain;

Step S400: the financing enterprise applicant signs the electronic transaction contract online, the private key of the financing enterprise applicant DID is used for signing the electronic contract data, and the authority certificate issuer issues the electronic contract digital certificate and the concurrent certificate for linking;

wherein, step S400 includes:

Step S401: the participation of the electronic contract digital certificate in the supply chain finance sends an application to an authority certificate authority issuer, the authority issuer obtains a distributed digital identity DID of an application party and requests a DID service center to analyze, the DID service center inquires whether the DID of the application party exists through a DID intelligent contract, when the DID of the application party exists, a corresponding DID document is obtained and the DID document metadata information is sent back to the DID service center, further a public key coded in an identity authentication attribute is extracted to restore the public key, and after restoration is completed, a string of random character strings is encrypted by using the public key and encrypted random character string ciphertext is output;

Step S402: the authority certificate issuing party initiates a challenge request for identity verification of a DID holder through a service endpoint address in DID document metadata of the application party, sends ciphertext of the DID and the encrypted random character string of the application party to the application party, decrypts the ciphertext by using a DID private key held by the application party, and reverts the ciphertext to a random character string plaintext;

Step S403: the applicant sends the DID and the decrypted random string plaintext back to the authority certificate issuer for verification, and when the DID and the decrypted random string plaintext are consistent with the random string generated by the authority certificate issuer, the identity of the applicant DID holder is considered to be credible;

step S404: an authority certificate issuer serving as a digital certificate issuer generates digital certificate information according to the certificate declaration information content and the digital certificate declaration template of an applicant, wherein digital certificate information is written with digital certificate issuer DID and digital certificate issuer DID private key signature information of digital certificates;

Using Keccak256 cryptographic hash function, converting digital credential information data into a 256-bit fixed length message digest, generating a random large integer L (0 < L < n, n is elliptic curve order), by the formula:

Z＝L*G

Wherein G is a base point on the elliptic curve;

Calculating a point Z, extracting an x coordinate from the Z, wherein the x coordinate is r in the signature;

By the formula:

F＝k^(-1)*(H(m)+r*d)mod N

Wherein H (m) is a digital credential message digest, d is a digital credential issuer private key, and k-1 is the multiplicative inverse of k with respect to elliptic curve order modulus N;

generating an F value calculated by a private key of the digital certificate issuer;

Calculating a recovery identifier v, finally obtaining signature data (r, s, v), and writing the signature data after base64 encoding into information of a digital certificate issuer for verifying whether the digital certificate issuer is legal and credible and whether the data content is tampered;

step S405: generating an information abstract by using a Keccak256 encryption hash function on the generated complete digital voucher information, wherein the information abstract is a voucher hash, calling a voucher creation logic unit of a DID intelligent contract in a blockchain, storing the digital voucher information abstract into the blockchain, wherein information related to user privacy is not uplink but is stored in a digital voucher issuer, the privacy attribute of the applicant is proved by a statement issued by the digital voucher issuer, and the digital voucher issuer sends the digital voucher information back to the applicant and is stored by a DID digital identity wallet of the applicant;

step S500: the financial service provider verifies the DID identity holder relationship of the financing enterprise applicant by using a dynamic consensus mechanism, and checks the enterprise qualification digital certificate and the electronic contract digital certificate of the financing enterprise applicant;

wherein, step S500 includes:

step S501: in the supply chain financial background, a financial service provider is a digital certificate verifier, the digital certificate verifier utilizes a dynamic consensus mechanism to divide participants into different grades according to the business type and reputation scores of the participants, and sets different numbers and types of digital certificate verifiers according to the grades to perform dynamic consensus verification of the supply chain finance;

step S502: the method comprises the steps that a digital certificate holder in a supply chain finance is required to verify a digital certificate, a request for checking the digital certificate is sent to the digital certificate holder, the digital certificate verifier obtains a distributed digital identity DID of the digital certificate holder, a DID service center is required to analyze, whether a DID exists is inquired through a blockchain DID intelligent contract, and if the DID exists, a corresponding DID document is obtained and the DID document metadata information is sent back;

The digital certificate verification party extracts the coded public key in the identity authentication attribute, decodes and restores the public key, encrypts a string of random character strings by using the restored public key, outputs encrypted ciphertext, and initiates a challenge request for the identity verification of the DID holder through the service endpoint address in the DID document metadata of the digital certificate holder, and sends the DID of the digital certificate holder and the ciphertext of the encrypted random character strings to the digital certificate holder;

Decrypting the ciphertext by the digital certificate holder by using the private key corresponding to the DID, restoring the ciphertext into a random string plaintext, sending the DID and the decrypted random string plaintext back to the digital certificate verifier for verification, and considering the identity of the DID holder of the digital certificate holder as credible when the decrypted random string is consistent with the random string generated by the digital certificate verifier;

Step S503: the digital certificate holder submits digital certificate information to the verifier, the digital certificate verifier inquires whether the digital certificate issuer is legal and trusted according to the DID of an issuer in the digital certificate, and simultaneously signs and verifies the digital certificate by using a public key of the issuer, and the digital certificate is issued by a trusted authority issuer after the verification passes, so that a Keccak256 encryption hash function is used for generating an information abstract for the digital certificate information, a checking interface of a blockchain certificate storage intelligent contract is called according to a blockchain address of a digital certificate, and when the information abstract of the digital certificate is verified to be consistent, the digital certificate information is considered not tampered;

Step S504: the financial service provider DID account requests the enterprise qualification digital certificate from the financing enterprise application side DID account, the financing enterprise application side authorizes the financial service provider to access the enterprise qualification digital certificate, the financial service provider acquires the enterprise qualification digital certificate from the authentication center, verifies whether the DID of the issued enterprise qualification digital certificate is the DID of the authority issuer, and after verification is true, continuously verifies whether the certificate of the enterprise qualification digital certificate stored in the blockchain is consistent with the locally calculated hash, if so, the enterprise qualification digital certificate is not tampered, and checks the enterprise qualification digital certificate;

Step S505: the financial service provider DID account requests a transaction contract digital certificate from the financing enterprise application party DID account, the financing enterprise application party authorizes the financial service provider to access the transaction contract digital certificate, the financial service provider acquires the transaction contract digital certificate from the authentication center, verifies whether the DID of the issued transaction contract digital certificate is the DID of the authority issuer, and after verification is true, continues to verify whether the certificate hash stored in the blockchain of the transaction contract digital certificate is consistent with the locally calculated hash, if so, the transaction contract digital certificate is not tampered, and the transaction contract digital certificate is checked;

Wherein the dynamic consensus mechanism comprises:

Through reputation scoring formulas in the blockchain:

Wherein R _i is the reputation score of the participant i, alpha is the success rate adjustment factor given according to the actual scene, beta is the liveness adjustment factor given according to the actual scene, S _ij is the success score of the participant i in the j-th transaction, n is the total transaction number for evaluation, t _i is the time since the first transaction, lambda is the attenuation constant for adjusting the influence of time on reputation, and e is the base of natural logarithm;

defining a reputation score for the participant;

the reputation score is proportional to the weight of the participant in the consensus decision;

Through a consensus node weight formula:

Wherein Wi is the weight of the selected consensus node, m is the total number of candidate consensus nodes, and R _k is the sum of reputation scores of all candidate nodes;

defining weights of candidate consensus nodes;

When a financing enterprise applicant submits a digital certificate verification request, the DID service center selects a group of consensus nodes according to the transaction;

by the consensus decision threshold formula:

Wherein θ is a consensus decision threshold, V _i is a verification result of node i, if the verification result is true, V _i =1, if the verification result is not true, V _i =0, and p is the number of nodes participating in formula verification;

Determining a threshold value required by consensus decisions;

The selected consensus nodes independently verify the authenticity of the DID and the digital certificate of the financing enterprise applicant, each node submits the verified result to a blockchain, and when the result exceeds a threshold value required by a set consensus decision, the verification is considered to be valid;

The formula is set through the safety parameters:

q＝γ·m

wherein q is the minimum number of verification nodes, gamma is a coefficient between 0 and 1, and m is the total number of nodes participating in consensus;

The minimum number of consensus nodes for verification is dynamically adjusted.

It is noted that relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus.

Finally, it should be noted that: the foregoing description is only a preferred embodiment of the present invention, and the present invention is not limited thereto, but it is to be understood that modifications and equivalents of some of the technical features described in the foregoing embodiments may be made by those skilled in the art, although the present invention has been described in detail with reference to the foregoing embodiments. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present invention should be included in the protection scope of the present invention.

Claims (7)

1. A blockchain-based supply chain financial distributed digital identity authentication method, the method comprising:

Step S100: the method comprises the steps that a financing enterprise applicant, an authority certificate issuer and a financial service provider register unique distributed digital identities DIDs respectively and generate a key pair through an encryption algorithm, wherein the distributed digital identities DIDs are stored on a blockchain;

step S200: the authority certificate issuer registers to become a digital certificate authority, and the digital certificate authority is used for registering and providing a digital certificate declaration template;

step S300: the financing enterprise applies for an authority certificate issuer to apply for enterprise qualification digital certificates, and the authority certificate issuer verifies the identity holder relation of the distributed digital identity DID of the financing enterprise applicant;

Step S400: the financing enterprise applicant signs the electronic transaction contract online, the private key of the financing enterprise applicant DID is used for signing the electronic contract data, and the authority certificate issuer issues the electronic contract digital certificate and the concurrent certificate for linking;

Step S500: the financial service provider verifies the DID identity holder relationship of the financing enterprise applicant by using a dynamic consensus mechanism, and checks the enterprise qualification digital certificate and the electronic contract digital certificate of the financing enterprise applicant.

2. The blockchain-based supply chain financial distributed digital identity authentication method of claim 1, wherein the step S100 includes:

Step S101: the financial service provider and the authority certificate issuer together form a blockchain alliance network, blockchain node equipment in the alliance chain network is maintained by all participants and becomes a consensus node, the consensus node participates in transaction consensus of the whole alliance chain, and all member nodes deploy DID intelligent contracts;

step S102: any party of supply chain finance initiates a DID registration application by using a DID digital identity wallet to become an application party, a DID service center generates a key pair by using an ECDSA elliptic curve digital signature algorithm on the basis of a specific elliptic curve parameter set secp k1 after receiving a request of the application party, the key pair comprises a public key and a private key, the public key cannot be pushed out, the DID service center writes the public key into a DID document and stores the public key in a blockchain, the private key is sent back to the application party, the application party stores the private key into the DID digital identity wallet, and the DID service center generates hexadecimal character strings according to the public key and splices the hexadecimal character strings with a specific DID identifier prefix of the application party to form a complete and unique application party DID;

Step S103: creating a DID document, an authentication attribute unit and a DID service endpoint in a blockchain, wherein the DID document is used for storing identity verification information, the identity verification information comprises a DID of an identity holder, the DID document carries out Multicodec coding on a public key of the identity holder, the public key coded by Multicodec is formatted through Base58 coding and then added to the authentication attribute unit, and the DID service endpoint is a specific network address or interface pointing to verification service and is used for verifying the identity or requesting access permission of the DID holder;

Step S104: and requesting the DID service center to call the DID intelligent contract to store the created DID and the DID document metadata into the blockchain, and synchronously distributing the created DID and the DID document metadata to all nodes by the alliance chain network.

3. The blockchain-based supply chain financial distributed digital identity authentication method of claim 2, wherein the step S200 includes:

step S201, an authority certificate issuer registers as a digital certificate authority, the digital certificate authority collects the certificate demands from all participants and defines the data structure and verification logic and rules of each type of certificate;

step S202: the digital certificate authority registers the designed digital certificate declaration template, deploys and issues the template into the blockchain, and the digital certificate authority monitors the use condition of the template and updates and optimizes the template according to the feedback of each participant.

4. The method for blockchain-based supply chain financial distributed digital authentication of claim 3, wherein the step S300 includes:

Step S301: the financing enterprise applicant submits a request for applying enterprise qualification digital certificates to an authority certificate issuer by using the held distributed digital identity DID;

step S302: the DID verification party requests the DID service center to analyze the DID submitted by the financing enterprise applicant party, the DID identifier prefix is disassembled and separated, address strings in DID terminal data are extracted, a query request for querying the DID document metadata according to the DID is sent to the DID intelligent contract in the blockchain, and the DID intelligent contract analysis interface acquires the DID document metadata information from the blockchain storage and returns the DID document metadata information to the DID service center;

Step S303: an authority certificate issuing party sends an identity verification challenge request to a financing enterprise application party by adopting a challenge-response mechanism through a service endpoint address in DID document metadata, queries a corresponding DID document on a blockchain to obtain a public key of a DID holder receiving the identity verification challenge by the distributed digital identity DID of the financing enterprise application party, generates a random character string and encrypts by using the public key, and sends the obtained encrypted character string to the financing enterprise application party;

Decrypting the encrypted character string by the financing enterprise applicant by using the held DID private key, restoring the random character string, and sending the restored random character string back to the authority certificate issuer for verification, wherein the authority certificate issuer verifies whether the DID is consistent with the random character string when the decrypted content is in a fight or not, and if the result is consistent, the identity security and the credibility of the DID holder of the financing enterprise applicant are determined, so that the identity authentication is completed;

Step S304: and the authority certificate issuer uses the DID of the authority certificate issuer to issue the enterprise qualification digital certificate to the financing enterprise applicant according to the digital certificate declaration template and the enterprise information, calculates the certificate data hash value and stores the hash value into the blockchain.

5. The blockchain-based supply chain financial distributed digital identity authentication method of claim 4, wherein the step S400 includes:

Step S401: the participation of the electronic contract digital certificate in the supply chain finance sends an application to an authority certificate authority issuer, the authority issuer obtains a distributed digital identity DID of an application party and requests the DID service center to analyze, the DID service center inquires whether the DID of the application party exists through a DID intelligent contract, when the DID of the application party exists, a corresponding DID document is obtained and the DID document metadata information is sent back to the DID service center, further, a public key coded in an identity authentication attribute is extracted to restore the public key, and after restoration is completed, a string of random character strings is encrypted by the public key and encrypted random character string ciphertext is output;

Step S402: the authority certificate issuing party initiates a challenge request for identity verification of a DID holder through a service endpoint address in DID document metadata of the application party, sends ciphertext of the DID and the encrypted random character string of the application party to the application party, decrypts the ciphertext by using a DID private key held by the application party, and reverts the ciphertext to a random character string plaintext;

Step S403: the applicant sends the DID and the decrypted random string plaintext back to the authority certificate issuer for verification, and when the DID and the decrypted random string plaintext are consistent with the random string generated by the authority certificate issuer, the identity of the applicant DID holder is considered to be credible;

step S404: an authority certificate issuer serving as a digital certificate issuer generates digital certificate information according to the certificate declaration information content and the digital certificate declaration template of an applicant, wherein digital certificate information is written with digital certificate issuer DID and digital certificate issuer DID private key signature information of digital certificates;

Using Keccak256 cryptographic hash function, converting digital credential information data into a 256-bit fixed length message digest, generating a random large integer L (0 < L < n, n is elliptic curve order), by the formula:

Z＝L*G

Wherein G is a base point on the elliptic curve;

Calculating a point Z, extracting an x coordinate from the Z, wherein the x coordinate is r in the signature;

By the formula:

F＝k^(-1)*(H(m)+r*d)mod N

Wherein H (m) is a digital credential message digest, d is a digital credential issuer private key, and k-1 is the multiplicative inverse of k with respect to elliptic curve order modulus N;

generating an F value calculated by a private key of the digital certificate issuer;

Calculating a recovery identifier v, finally obtaining signature data (r, s, v), and writing the signature data after base64 encoding into information of a digital certificate issuer for verifying whether the digital certificate issuer is legal and credible and whether the data content is tampered;

Step S405: the generated complete digital voucher information is used for generating an information abstract by using a Keccak256 encryption hash function, the information abstract is a voucher hash, a voucher creation logic unit of a DID intelligent contract in a blockchain is called, the digital voucher information abstract is stored in the blockchain, information related to user privacy is not uplink but is stored in a digital voucher issuer, the privacy attribute of the applicant is proved by a statement issued by the digital voucher issuer, the digital voucher issuer sends the digital voucher information back to the applicant, and the DID digital identity wallet of the applicant is stored.

6. The blockchain-based supply chain financial distributed digital identity authentication method of claim 5, wherein the step S500 includes:

step S501: in the supply chain financial background, a financial service provider is a digital certificate verifier, the digital certificate verifier utilizes a dynamic consensus mechanism to divide participants into different grades according to the business type and reputation scores of the participants, and sets different numbers and types of digital certificate verifiers according to the grades to perform dynamic consensus verification of the supply chain finance;

step S502: the method comprises the steps that a digital certificate holder in a supply chain finance is required to verify a digital certificate, a request for checking the digital certificate is sent to the digital certificate holder, the digital certificate verifier obtains a distributed digital identity DID of the digital certificate holder, a DID service center is required to analyze, whether a DID exists is inquired through a blockchain DID intelligent contract, and if the DID exists, a corresponding DID document is obtained and the DID document metadata information is sent back;

The digital certificate verification party extracts the coded public key in the identity authentication attribute, decodes and restores the public key, encrypts a string of random character strings by using the restored public key, outputs encrypted ciphertext, and initiates a challenge request for the identity verification of the DID holder through the service endpoint address in the DID document metadata of the digital certificate holder, and sends the DID of the digital certificate holder and the ciphertext of the encrypted random character strings to the digital certificate holder;

Decrypting the ciphertext by the digital certificate holder by using the private key corresponding to the DID, restoring the ciphertext into a random string plaintext, sending the DID and the decrypted random string plaintext back to the digital certificate verifier for verification, and considering the identity of the DID holder of the digital certificate holder as credible when the decrypted random string is consistent with the random string generated by the digital certificate verifier;

Step S503: the digital certificate holder submits digital certificate information to the verifier, the digital certificate verifier inquires whether the digital certificate issuer is legal and trusted according to the DID of an issuer in the digital certificate, and simultaneously signs and verifies the digital certificate by using a public key of the issuer, and the digital certificate is issued by a trusted authority issuer after the verification passes, so that a Keccak256 encryption hash function is used for generating an information abstract for the digital certificate information, a checking interface of a blockchain certificate storage intelligent contract is called according to a blockchain address of a digital certificate, and when the information abstract of the digital certificate is verified to be consistent, the digital certificate information is considered not tampered;

Step S504: the financial service provider DID account requests the enterprise qualification digital certificate from the financing enterprise application side DID account, the financing enterprise application side authorizes the financial service provider to access the enterprise qualification digital certificate, the financial service provider acquires the enterprise qualification digital certificate from the authentication center, verifies whether the DID of the issued enterprise qualification digital certificate is the DID of the authority issuer, and after verification is true, continuously verifies whether the certificate of the enterprise qualification digital certificate stored in the blockchain is consistent with the locally calculated hash, if so, the enterprise qualification digital certificate is not tampered, and checks the enterprise qualification digital certificate;

step S505: the financial service provider DID account requests the transaction contract digital certificate from the financing enterprise application party DID account, the financing enterprise application party authorizes the financial service provider to access the transaction contract digital certificate, the financial service provider acquires the transaction contract digital certificate from the authentication center, verifies whether the DID of the issuing transaction contract digital certificate is the DID of the authority issuer, and after verification is true, continues to verify whether the certificate hash stored in the blockchain of the transaction contract digital certificate is consistent with the locally calculated hash, if so, the transaction contract digital certificate is not tampered, and the transaction contract digital certificate is checked.

7. The blockchain-based supply chain financial distributed digital identity authentication method of claim 6, wherein the dynamic consensus mechanism comprises:

Through reputation scoring formulas in the blockchain:

Wherein R _i is the reputation score of the participant i, alpha is the success rate adjustment factor given according to the actual scene, beta is the liveness adjustment factor given according to the actual scene, S _ij is the success score of the participant i in the j-th transaction, n is the total transaction number for evaluation, t _i is the time since the first transaction, lambda is the attenuation constant for adjusting the influence of time on reputation, and e is the base of natural logarithm;

defining a reputation score for the participant;

the reputation score is proportional to the weight of the participant in the consensus decision;

Through a consensus node weight formula:

Wherein Wi is the weight of the selected consensus node, m is the total number of candidate consensus nodes, and R _k is the sum of reputation scores of all candidate nodes;

defining weights of candidate consensus nodes;

When a financing enterprise applicant submits a digital certificate verification request, the DID service center selects a group of consensus nodes according to the transaction;

by the consensus decision threshold formula:

Wherein θ is a consensus decision threshold, V _i is a verification result of node i, if the verification result is true, V _i =1, if the verification result is not true, V _i =0, and p is the number of nodes participating in formula verification;

Determining a threshold value required by consensus decisions;

The selected consensus nodes independently verify the authenticity of the DID and the digital certificate of the financing enterprise applicant, each node submits the verified result to a blockchain, and when the result exceeds a threshold value required by a set consensus decision, the verification is considered to be valid;

The formula is set through the safety parameters:

q＝γ·m

wherein q is the minimum number of verification nodes, gamma is a coefficient between 0 and 1, and m is the total number of nodes participating in consensus;

The minimum number of consensus nodes for verification is dynamically adjusted.