Disclosure of Invention
The embodiment of the invention provides a method and a device for generating a distributed digital identity certificate and electronic equipment, which at least solve the technical problems that in the related art, a unique digital identity certificate cannot be effectively generated under the scene of many-to-one authorization or multi-level authorization, so that the process of identity verification is complicated and the efficiency is low.
According to one aspect of the embodiment of the invention, a method for generating a distributed digital identity certificate is provided, which comprises the steps of controlling a preset proxy server to receive a proxy certificate issuing request, wherein the proxy certificate issuing request is at least from one preset certificate issuing server, the proxy certificate issuing request at least carries proxy data, the proxy data at least comprises an encrypted digital signature of the preset certificate issuing server, determining an aggregate signature based on the encrypted digital signature sent by each preset certificate issuing server, and generating the digital identity certificate based on the aggregate signature.
Further, before the preset proxy server receives the proxy certification request, the method comprises the steps of controlling each preset certification server to send a key generation request to the preset proxy server, and controlling the preset proxy server to generate a preset public key and a private key set based on the key generation request, wherein the private key set at least comprises a private key generated for each preset certification server.
Further, the step of controlling the preset proxy server to generate a preset public key and a private key set based on the key generation request comprises the steps of determining a modulus based on a first preset prime number and a second preset prime number, determining a preset function value based on the modulus, determining the preset public key based on the preset value and the preset function value, determining the private key of each preset certification server based on the preset public key and the preset function value, and adding the private key of each preset certification server to the private key set.
Further, before the preset proxy server receives the proxy certification request, the method further comprises the steps of controlling the preset proxy server to disclose preset public keys and respectively send each private key in a private key set to the corresponding preset certification server, and controlling each preset certification server to encrypt certificate data by using the private key to obtain the encrypted digital signature, wherein the certificate data are determined by the preset certification server based on application data sent by a target terminal, and the application data are data sent by the target terminal to the preset certification server when the digital identity certificate is applied.
Further, the step of controlling each preset issuing service end to encrypt the certificate data by adopting the private key to obtain the encrypted digital signature comprises the steps of determining the hash digest value of the certificate data, and signing the hash digest value of the certificate data by using the private key based on modulus to obtain the encrypted digital signature.
Further, the step of determining an aggregate signature based on the encrypted digital signature sent by each preset certification server comprises the step of aggregating the encrypted digital signature sent by each preset certification server based on a modulus to obtain the aggregate signature.
Further, after generating the digital identity certificate based on the aggregate signature, the method comprises the steps of controlling a preset verification server to decrypt the aggregate signature based on a public preset public key and the modulus under the condition that the digital identity certificate is detected to be used on a target terminal, obtaining the decrypted digital identity certificate, judging whether certificate data on the decrypted digital identity certificate and each preset certification server are identical, and determining that the generated digital identity certificate is verified under the condition that the decrypted digital identity certificate and the certificate data on each preset certification server are identical, wherein the certificate data on each preset certification server is identical.
According to another aspect of the embodiment of the invention, the distributed digital identity generating device further provides a distributed digital identity generating device, which comprises a control unit and a processing unit, wherein the control unit is used for controlling a preset proxy server to receive proxy certification requests, the proxy certification requests are at least from one preset certification server, the proxy certification requests at least carry proxy data, the proxy data at least comprise encrypted digital signatures of the preset certification server, the processing unit is used for determining an aggregate signature based on the encrypted digital signatures sent by each preset certification server, and generating a digital identity certificate based on the aggregate signature.
The generation device further comprises a first control module and a second control module, wherein the first control module is used for controlling each preset certification server to send a key generation request to the preset proxy server before controlling the preset proxy server to receive a proxy certification request, and the second control module is used for controlling the preset proxy server to generate a preset public key and a private key set based on the key generation request, wherein the private key set at least comprises a private key generated for each preset certification server.
Further, the second control module comprises a first determination submodule, a second determination submodule and a third determination submodule, wherein the first determination submodule is used for determining a modulus based on a first preset prime number and a second preset prime number and determining a preset function value based on the modulus, the second determination submodule is used for determining the preset public key based on the preset value and the preset function value, the third determination submodule is used for determining the private key of each preset certification server based on the preset public key and the preset function value, and the first addition submodule is used for adding the private key of each preset certification server to the private key set.
The generation device further comprises a first processing module used for controlling the preset proxy server to disclose preset public keys and respectively sending each private key in a private key set to the corresponding preset issuing server before controlling the preset proxy server to receive a proxy issuing request, and a first encryption module used for encrypting certificate data by adopting the private keys and obtaining the encrypted digital signature, wherein the certificate data are determined by the preset issuing server based on application data sent by a target terminal, and the application data are data sent by the target terminal to the preset issuing server when applying for the digital identity certificate.
Further, the first encryption module comprises a fourth determination submodule and a first signature module, wherein the fourth determination submodule is used for determining the hash digest value of the certificate data, and the first signature module is used for signing the hash digest value of the certificate data by using the private key based on modulus to obtain the encrypted digital signature.
Further, the generating device further comprises a first aggregation module, which is used for aggregating the encrypted digital signatures sent by each preset certification server based on the modulus to obtain the aggregated signature.
Further, the processing unit comprises a first decryption module, a first determination module and a second determination module, wherein the first decryption module is used for controlling a preset verification server to decrypt the aggregate signature based on a public preset public key and the modulus to obtain the decrypted digital identity certificate under the condition that the digital identity certificate is detected to be used on a target terminal, and the first determination module is used for judging whether the decrypted digital identity certificate is identical to certificate data on each preset certification server or not and determining that the generated digital identity certificate is verified under the condition that the decrypted digital identity certificate is identical to certificate data on each preset certification server, wherein the certificate data on each preset certification server is identical.
According to another aspect of the embodiments of the present invention, there is also provided a computer program product, including a non-volatile computer readable storage medium storing a computer program, which when executed by a processor implements the method for generating a distributed digital identity certificate according to any one of the above.
According to another aspect of the embodiments of the present invention, there is further provided an electronic device, including one or more processors and a memory, where the memory is configured to store one or more programs, and when the one or more programs are executed by the one or more processors, the one or more processors are caused to implement a method for generating a distributed digital identity certificate of any one of the above.
In the invention, the preset proxy server can be controlled to receive the proxy certification request, the aggregation signature is determined based on the encrypted digital signature sent by each preset certification server, and the digital identity certificate is generated based on the aggregation signature, so that the technical problems of complicated process and lower efficiency of identity verification caused by the fact that the unique digital identity certificate cannot be effectively generated under the condition of multiple-to-one authorization or multi-stage authorization in the related technology are solved.
In the invention, the preset proxy server side is controlled to receive the proxy certificate issuing request of each preset certificate issuing server side, and the encrypted digital signature carried by the proxy certificate issuing request sent by each preset certificate issuing server side is aggregated to obtain the aggregated signature, and then the aggregated signature can be attached to the digital certificate to generate the digital identity certificate, so that a plurality of signatures can be effectively integrated to generate a more efficient and safe unique digital identity certificate, and the plurality of digital signatures can be verified at one time under the condition that the digital identity certificate is required to be verified, thereby improving the verification efficiency, and further achieving the technical effects of efficiently verifying the identity of a user and improving the system performance.
Detailed Description
In order that those skilled in the art will better understand the present invention, a technical solution in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in which it is apparent that the described embodiments are only some embodiments of the present invention, not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the present invention without making any inventive effort, shall fall within the scope of the present invention.
It should be noted that the terms "first," "second," and the like in the description and the claims of the present invention and the above figures are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used may be interchanged where appropriate such that the embodiments of the invention described herein may be implemented in sequences other than those illustrated or otherwise described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
It should be noted that, the relevant information (including but not limited to user equipment information, user personal information, etc.) and data (including but not limited to data for analysis, stored data, displayed data, etc.) collected and related by the present invention are information and data authorized by the user or fully authorized by each party, and the relevant data are collected, stored, used, processed, transmitted, provided, disclosed, applied, etc. in compliance with relevant laws and regulations and standards of relevant areas, necessary security measures are taken, no prejudice to the public order is made, and corresponding operation entries are provided for the user to select authorization or rejection. For example, an interface is provided between the system and the relevant user or institution, before acquiring the relevant information, the system needs to send an acquisition request to the user or institution through the interface, and acquire the relevant information after receiving the consent information fed back by the user or institution.
Aiming at the problems that when a plurality of authorization requirements exist, a plurality of issuing parties (namely a preset issuing server) are required to issue a plurality of certificates, and digital signatures on all certificates are required to be verified respectively in each verification, the invention can generate a plurality of private keys and Shan Gong keys corresponding to the plurality of issuing parties through a key generation module of an agent party (namely the preset agent server), each issuing party encrypts certificate data according to the corresponding private keys to obtain an encrypted digital signature, the agent party can receive the encrypted digital signature sent by the plurality of issuing parties and aggregate the encrypted digital signature to obtain an aggregate signature, a digital identity certificate can be generated according to the aggregate signature, and the digital signature verification can be performed on the digital certificate through the verification party (namely the preset verification server), so that the verification of the plurality of digital signatures can be completed at one time, and the verification efficiency is improved.
The present invention will be described in detail with reference to the following examples.
Example 1
According to an embodiment of the present invention, there is provided an embodiment of a method of generating a distributed digital identity certificate, it being noted that the steps illustrated in the flowchart of the figures may be performed in a computer system, such as a set of computer executable instructions, and that although a logical order is illustrated in the flowchart, in some cases the steps illustrated or described may be performed in an order other than that illustrated herein.
FIG. 1 is a flow chart of an alternative method of generating a distributed digital identity certificate, as shown in FIG. 1, according to an embodiment of the present invention, the method comprising the steps of:
Step S101, a preset proxy server is controlled to receive a proxy certificate issuing request, wherein the proxy certificate issuing request is at least from one preset certificate issuing server, and at least carries proxy data, and the proxy data at least comprises an encrypted digital signature of the preset certificate issuing server.
Optionally, the verification platform system may be used to transmit and process data of the target terminal and each server, where the preset issuing service (i.e. the entity responsible for issuing the digital certificate (Verifiable CREDENT IALS, VC)) may verify the identity on the verification platform system (i.e. verify whether the preset issuing service has issuing authority), and the preset proxy service (i.e. the entity receiving one or more issuing parties for proxy authorization) may also verify the identity on the verification platform system (i.e. verify whether the preset proxy service can proxy issue the digital certificate).
In this embodiment, the plurality of preset issuing service ends (i.e. issuing parties) may authorize the preset proxy service end (i.e. proxy party) to issue the digital certificate, and the preset proxy service end may receive any number of proxy issuing requests of the preset issuing service end, where the proxy issuing requests at least carry proxy data, and the proxy data at least includes an encrypted digital signature of the preset issuing service end.
Illustratively, in a financial transaction system, a preset issuing service (e.g., a financial institution) may authorize a preset proxy service (e.g., a third party paymate) to process a loan certification transaction, and a proxy issuing request may be sent to the preset proxy service.
Step S102, an aggregate signature is determined based on the encrypted digital signature sent by each preset issuing server, and a digital identity certificate is generated based on the aggregate signature.
Optionally, each preset issuing service may use a private key to sign data (such as certificate application information) to generate an encrypted digital signature, where the encrypted digital signature proves the source and integrity of the data, and only the preset issuing service with the corresponding private key can generate a valid encrypted digital signature.
In this embodiment, the digital signatures of multiple preset issuing service ends may be aggregated into a single signature, and multiple signatures may be combined to represent common authentication of all preset issuing service ends, where the generation of the aggregated signature may enhance the trust level, represent a set of multiple independent authentications, and attach the aggregated signature to the digital certificate to generate the digital identity certificate.
In summary, by controlling the preset proxy server to receive the proxy certificate issuing request and according to the encrypted digital signature sent by each preset certificate issuing server, an aggregate signature can be determined, and according to the aggregate signature, a digital identity certificate can be generated, so that the technical problems of complicated process and low efficiency of identity verification caused by the fact that a unique digital identity certificate cannot be effectively generated under the condition of multiple-to-one authorization or multi-level authorization in the related technology are solved.
In order to accurately generate the preset public key and the private key set, in the method for generating the distributed digital identity certificate provided by the embodiment of the application, each preset issuing server is controlled to send a key generation request to the preset proxy server, and the preset proxy server is controlled to generate the preset public key and the private key set based on the key generation request, wherein the private key set at least comprises the private key generated for each preset issuing server.
Optionally, the preset proxy server may generate a private key of each preset issuing server and preset public keys (i.e. Shan Gongyao) of all preset issuing servers, and may distribute the private key to each corresponding preset issuing server, and publish the generated preset public keys.
In this embodiment, each preset issuing server may be controlled to send a key generation request to a preset proxy server, and according to the key generation request, a preset public key and a private key set (i.e. multiple private keys) may be generated in a key generation module of the preset proxy server (i.e. proxy side), and the private keys may be distributed to the corresponding preset issuing server, where the preset public key may be disclosed by the preset proxy server.
In order to improve accuracy of determining a preset public key and a private key of each preset certification service side, in the method for generating the distributed digital identity certificate provided by the embodiment of the application, a modulus is determined based on a first preset prime number and a second preset prime number, a preset function value is determined based on the modulus, the preset public key is determined based on the preset value and the preset function value, the private key of each preset certification service side is determined based on the preset public key and the preset function value, and the private key of each preset certification service side is added to a private key set.
Alternatively, the modulus (e.g., n=p×q) may be calculated from a first preset prime number (e.g., a larger prime number p) and a second preset prime number (e.g., a larger prime number q), and the preset function value (e.g., Φ (n) = (p-1) × (q-1)) may be determined from the modulus, and the preset public key (e.g., e) may be determined from the preset value (e.g., 1) and the preset function value Φ (n).
Illustratively, an integer e (i.e., a predetermined public key) may be selected between (1, Φ (n)), which predetermined convention needs to satisfy (e, Φ (n))=1 (i.e., e and Φ (n) are mutually prime).
In this embodiment, the private key (e.g. dx) of each preset certification service end may be determined according to the preset public key (e) and the preset function value (Φ (n)), where the private key of each preset certification service end needs to satisfy (e·dx) mod Φ (n) =1. Then, the private key of each preset certification server can be added to the private key set.
In order to accurately obtain an encrypted digital signature, in the method for generating a distributed digital identity certificate provided by the first embodiment of the application, a preset proxy server is controlled to disclose a preset public key and send each private key in a private key set to a corresponding preset issuing server respectively, and each preset issuing server is controlled to encrypt certificate data by using the private key to obtain the encrypted digital signature, wherein the certificate data is determined by the preset issuing server based on application data sent by a target terminal, and the application data is data sent by the target terminal to the preset issuing server in the application of the digital identity certificate.
Optionally, the issuing party can send application data including identity information of the issuing party to each preset issuing service end through a target terminal (such as a mobile phone, a computer and the like) according to digital signatures of different preset issuing service ends required by the application certificate, and the preset issuing service ends can obtain certificate data according to the application data.
In this embodiment, after the key generation module of the preset proxy server generates the preset public key and the private key set, the preset public key may be disclosed, each private key in the private key set may be sent to the corresponding preset certification server, and each preset certification server may encrypt the certificate data by using the private key sent by the preset proxy server, so as to obtain an encrypted digital signature.
In order to improve the accuracy of determining the encrypted digital signature, in the method for generating the distributed digital identity certificate provided by the embodiment of the application, the hash digest value of the certificate data is determined, and the hash digest value of the certificate data is signed by using a private key based on modulus to obtain the encrypted digital signature.
Optionally, hash calculation can be performed on the certificate data, the certificate data with any length is converted into a hash digest value with a fixed length, and the preset certification server uses the private key held by the preset certification server to sign the hash digest value of the certificate data, so as to generate the encrypted digital signature.
In this embodiment, the message m (i.e., the credential data) may be signed with a private key (e.g., dx) according to a modulus (e.g., n), generating an encrypted digital signature sx (e.g., dx))。
In order to accurately obtain an aggregate signature, in the method for generating a distributed digital identity certificate provided in the first embodiment of the present application, an encrypted digital signature sent by each preset certification server is aggregated based on a modulus to obtain an aggregate signature.
In this embodiment, it is assumed that there are k preset issuing service ends, each preset issuing service end generates an encrypted digital signature (S1,s2,...,sk) by using a private key (d1,……,dk, for example), and all the encrypted digital signatures can be sent to an aggregation node of the preset proxy service end, and the aggregation node aggregates all the signatures to generate an aggregated signature S (s= (S1×s2×…×sk) mod n, for example).
In order to accurately verify the generated digital identity certificate, in the method for generating the distributed digital identity certificate provided by the first embodiment of the application, under the condition that the digital identity certificate is detected to be used on the target terminal, the preset verification server is controlled to decrypt the aggregated signature based on the public preset public key and the modulus to obtain the decrypted digital identity certificate, whether the decrypted digital identity certificate is identical to the certificate data on each preset certification server or not is judged, and under the condition that the decrypted digital identity certificate is identical to the certificate data on each preset certification server, the verification of the generated digital identity certificate is determined to pass, wherein the certificate data on each preset certification server is identical.
Optionally, the licensee (e.g., user) may register an identity (i.e., may be used to distinguish different users) on the verification platform system through the target terminal, and the preset verification server (i.e., an entity that accepts and verifies digital certificates, such as an enterprise organization, school, etc.) may also verify the identity (i.e., verify whether the preset verification server has verification rights) on the verification platform system.
In this embodiment, when it is detected that the licensor uses the digital identity certificate on the target terminal (e.g., the licensor performs operations (e.g., job-in authentication, loan authentication, etc.) on the target terminal, the preset verification server may decrypt (e.g., m ' =se mod) the aggregate signature (i.e., S) according to the preset public key (i.e., e) and the modulus (i.e., n) disclosed by the preset proxy server, to obtain a decrypted digital identity certificate (i.e., decrypted certificate data m '), and may determine whether the decrypted digital identity certificate is identical to the certificate data (i.e., m) on each preset certification server, and determine that the verification of the generated digital identity certificate passes when the decrypted digital identity certificate is identical to the certificate data (i.e., m ' =m) on each preset certification server.
Fig. 2 is a schematic diagram of an alternative multi-private key, shan Gong key-based distributed digital identity authorization system structure according to an embodiment of the present invention, as shown in fig. 2, a multi-private key, shan Gong key-based distributed digital identity authorization system may include different issuers (i.e., preset issuing servers, such as issuer 1, a. The issuer, the agent, and the verifier need to verify the identity on the verification platform to indicate that they have the corresponding rights. The user initiates a certificate application request to a certificate issuing party on a verification platform through a target terminal, the certificate issuing party initiates a key generation request to an agent party (namely, the agent party of a certificate issuing party authorization agency) according to the certificate application request, a key generation module of the agent party can generate multiple private keys (namely, a private key set) and Shan Gongyao (namely, a preset public key) and respectively send the private keys to the corresponding certificate issuing party, the certificate issuing party signs certificate data by adopting the private keys and initiates the agent certificate issuing request to the agent party, the agent party can issue a verifiable certificate (namely, a digital identity certificate) on the verification platform after generating the digital identity certificate, and the verification party verifies the digital identity certificate according to the preset public key under the condition that the user needs to use the verifiable certificate is monitored.
In the embodiment of the invention, through the verification platform system, a user can use a target terminal to send application certificate requests to a plurality of preset certificate issuing service terminals, for each preset certificate issuing service terminal, certificate data can be generated according to the application certificate requests, and key generation requests are initiated to the preset proxy service terminals, a key generation module of the preset proxy service terminal can generate a preset public key and a private key set, and the private key is distributed to the corresponding preset certificate issuing service terminal, the preset public key can be disclosed, then the preset certificate issuing service terminal signs the certificate data according to the private key, an encrypted digital signature is generated, the encrypted digital signature sent to the preset proxy service terminal, the preset proxy service terminal aggregates the encrypted digital signature sent by each preset certificate issuing service terminal to obtain an aggregate signature, and the aggregate signature is attached to the digital identity certificate.
The following describes in detail another embodiment.
Example two
The apparatus for generating a distributed digital identity provided in this embodiment includes a plurality of implementation units, each implementation unit corresponding to each implementation step in the first embodiment.
Fig. 3 is a schematic diagram of an alternative distributed digital identity generation apparatus according to an embodiment of the present invention, and as shown in fig. 3, the distributed digital identity generation apparatus may include a control unit 30 and a processing unit 31.
The control unit 30 is configured to control the preset proxy server to receive a proxy certification request, where the proxy certification request is at least from one preset certification server, and the proxy certification request at least carries proxy data, and the proxy data at least includes an encrypted digital signature of the preset certification server;
the processing unit 31 is configured to determine an aggregate signature based on the encrypted digital signature sent by each preset issuing server, and generate a digital identity certificate based on the aggregate signature.
The distributed digital identity generation device can control the preset proxy server to receive the proxy certificate issuing request through the control unit 30, determine an aggregate signature based on the encrypted digital signature sent by each preset certificate issuing server through the processing unit 31, and generate a digital identity certificate based on the aggregate signature.
Optionally, the generating device comprises a first control module and a second control module, wherein the first control module is used for controlling each preset certification server to send a key generation request to the preset proxy server before controlling the preset proxy server to receive the proxy certification request, and the second control module is used for controlling the preset proxy server to generate a preset public key and a private key set based on the key generation request, wherein the private key set at least comprises a private key generated for each preset certification server.
Optionally, the second control module comprises a first determination submodule, a second determination submodule and a third determination submodule, wherein the first determination submodule is used for determining a modulus based on a first preset prime number and a second preset prime number and determining a preset function value based on the modulus, the second determination submodule is used for determining a preset public key based on the preset value and the preset function value, the third determination submodule is used for determining a private key of each preset certification server based on the preset public key and the preset function value, and the first addition submodule is used for adding the private key of each preset certification server to the private key set.
Optionally, the generating device further comprises a first processing module, a first encryption module and a second encryption module, wherein the first processing module is used for controlling the preset proxy server to disclose preset public keys before the preset proxy server receives the proxy certificate issuing request, and respectively sending each private key in the private key set to the corresponding preset certificate issuing server, and the first encryption module is used for encrypting certificate data by adopting the private keys at each preset certificate issuing server to obtain an encrypted digital signature, wherein the certificate data is determined by the preset certificate issuing server based on application data sent by the target terminal, and the application data is data sent by the target terminal to the preset certificate issuing server at the application digital identity certificate.
Optionally, the first encryption module comprises a fourth determination submodule for determining the hash digest value of the certificate data, and a first signature module for signing the hash digest value of the certificate data by using a private key based on modulus to obtain an encrypted digital signature.
Optionally, the generating device further comprises a first aggregation module, which is used for aggregating the encrypted digital signature sent by each preset certification server based on the modulus to obtain an aggregated signature.
Optionally, the processing unit comprises a first decryption module, a first determination module and a second determination module, wherein the first decryption module is used for controlling the preset verification server to decrypt the aggregated signature based on the public preset public key and the modulus to obtain a decrypted digital identity certificate under the condition that the digital identity certificate is detected to be used on the target terminal, and the first determination module is used for judging whether the decrypted digital identity certificate is identical to certificate data on each preset certification server or not and determining that the generated digital identity certificate passes verification under the condition that the decrypted digital identity certificate is identical to certificate data on each preset certification server, wherein the certificate data on each preset certification server is identical.
The distributed digital identity generating apparatus may further include a processor and a memory, where the control unit 30, the processing unit 31, and the like are stored as program units, and the processor executes the program units stored in the memory to implement corresponding functions.
The processor includes a kernel, and the kernel fetches a corresponding program unit from the memory. The kernel may set one or more kernel parameters to generate digital identity certificates based on the aggregate signature.
The memory may include volatile memory in a computer-readable medium, random Access Memory (RAM) and/or nonvolatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM), which includes at least one memory chip.
According to another aspect of the embodiments of the present invention, there is also provided a computer program product, including a non-volatile computer readable storage medium storing a computer program, which when executed by a processor, implements a method for generating a distributed digital identity certificate according to any one of the above.
When the computer program product is executed on the data processing device, it is adapted to perform a program for initializing the method steps of controlling the preset proxy server to receive proxy certification requests, determining an aggregate signature based on the encrypted digital signature sent by each preset certification server, and generating a digital identity certificate based on the aggregate signature.
According to another aspect of the embodiment of the present invention, there is also provided an electronic device, including one or more processors and a memory, where the memory is configured to store one or more programs, and the one or more programs, when executed by the one or more processors, cause the one or more processors to implement the method for generating a distributed digital identity certificate described above.
Fig. 4 is a block diagram of a hardware structure of an electronic device (or mobile device) for a method of generating a distributed digital identity certificate according to an embodiment of the present invention. As shown in fig. 4, the electronic device may include one or more processors (e.g., processor 402a, processor 402b, etc., of fig. 4, processor 402n, etc., which may include, but are not limited to, a processing means such as a microprocessor MCU or a programmable logic device FPGA), memory 404 for storing data. Among other things, a display, an input/output interface (I/O interface), a Universal Serial Bus (USB) port (which may be included as one of the ports of the I/O interface), a network interface, a keyboard, a power supply, and/or a camera may be included. It will be appreciated by those of ordinary skill in the art that the configuration shown in fig. 4 is merely illustrative and is not intended to limit the configuration of the electronic device described above. For example, the electronic device may also include more or fewer components than shown in FIG. 4, or have a different configuration than shown in FIG. 4.
The foregoing embodiment numbers of the present invention are merely for the purpose of description, and do not represent the advantages or disadvantages of the embodiments.
The embodiments or examples of the present disclosure are not intended to be exhaustive, but rather are merely illustrative of some of the embodiments or examples, and are not intended to limit the scope of the disclosure in any way. Each step in a certain implementation manner or embodiment may be implemented as an independent embodiment, and the steps may be arbitrarily combined, for example, a scheme after removing part of the steps in a certain implementation manner or embodiment may be implemented as an independent embodiment, and the sequence of the steps in a certain implementation manner or embodiment may be arbitrarily exchanged, further, an optional manner or optional embodiment in a certain implementation manner or embodiment may be arbitrarily combined, further, the implementation manner or embodiment may be arbitrarily combined, for example, part or all of the steps of different implementation manners or embodiments may be arbitrarily combined, and a certain implementation manner or embodiment may be arbitrarily combined with an optional manner or optional embodiment of other implementation manners or embodiments.
In the foregoing embodiments of the present invention, the descriptions of the embodiments are emphasized, and for a portion of this disclosure that is not described in detail in this embodiment, reference is made to the related descriptions of other embodiments.
In the several embodiments provided in the present invention, it should be understood that the disclosed technology may be implemented in other manners. The above-described embodiments of the apparatus are merely exemplary, and the division of the units, for example, may be a logic function division, and may be implemented in another manner, for example, a plurality of units or components may be combined or may be integrated into another system, or some features may be omitted, or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be through some interfaces, units or modules, or may be in electrical or other forms.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
In addition, each functional unit in the embodiments of the present invention may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit. The integrated units may be implemented in hardware or in software functional units.
The integrated units, if implemented in the form of software functional units and sold or used as stand-alone products, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention may be embodied essentially or in part or all of the technical solution or in part in the form of a software product stored in a storage medium, including instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to perform all or part of the steps of the method according to the embodiments of the present invention. The storage medium includes a U disk, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), a removable hard disk, a magnetic disk, or an optical disk, etc. which can store the program code.
The foregoing is merely a preferred embodiment of the present invention and it should be noted that modifications and adaptations to those skilled in the art may be made without departing from the principles of the present invention, which are intended to be comprehended within the scope of the present invention.