阅读说明：本技术 一种自我主权身份系统及方法 (Self-ownership identity system and method ) 是由 居敏 徐丹梅 于 2021-07-28 设计创作，主要内容包括：本发明公开了一种自我主权身份系统及方法,包括身份协议接口,所述身份协议接口包括数据模块、定义模块、记录模块和索引模块；所述数据模块用于创建DID控制的数据流；所述定义模块用于根据数据流创建相应的定义ID并映射到索引模块中,所述定义ID包括与数据流对应的数据结构；所述记录模块用于存储定义模块指定的数据流并形成对应的记录ID映射到索引模块中；所述索引模块用于根据DID和定义ID查询或取回记录ID对应的数据流。本发明解决现有自我主权身份现阶段面临的各种问题。(The invention discloses a self-ownership identity system and a self-ownership identity method, which comprise an identity protocol interface, wherein the identity protocol interface comprises a data module, a definition module, a recording module and an index module; the data module is used for creating a DID controlled data stream; the definition module is used for creating a corresponding definition ID according to the data stream and mapping the definition ID to the index module, wherein the definition ID comprises a data structure corresponding to the data stream; the recording module is used for storing the data stream specified by the definition module and forming a corresponding recording ID to be mapped into the index module; the index module is used for inquiring or retrieving the data stream corresponding to the record ID according to the DID and the definition ID. The invention solves various problems faced by the current autoownership identity at the present stage.)

1. An autonomous identity system, comprising: the system comprises an identity protocol interface, wherein the identity protocol interface comprises a data module, a definition module, a recording module and an index module;

the data module is used for creating a DID controlled data stream;

the definition module is used for creating a corresponding definition ID according to the data stream and mapping the definition ID to the index module, wherein the definition ID comprises a data structure corresponding to the data stream;

the recording module is used for storing the data stream specified by the definition module and forming a corresponding recording ID to be mapped into the index module;

the index module is used for inquiring or retrieving the data stream corresponding to the record ID according to the DID and the definition ID.

2. The system of claim 1, wherein: and storing the data of the data stream into a recording module by adopting plaintext storage or encryption.

3. The system of claim 1, wherein: when the data module creates a new data stream, the data stream is automatically registered in the index module through the definition module and the recording module.

4. The system of claim 1, wherein: the definition module creates a key string definition when the data module creates a DID-controlled data stream that stores encrypted authentication secrets that allow for the authentication of DID using various blockchain wallets.

5. The system of claim 1, wherein: when the data module creates a DID-controlled data stream that stores a list of Web2 accounts controlled by the same user that owns the DID, and a verifiable statement to prove this ownership, the definition module creates an AKA definition.

6. The system of claim 1, wherein: the definition module creates an encrypted account definition when the data module creates a DID-controlled data stream that stores a list of user account data stream IDs that publicly prove that the owner of this DID also owns various accounts on the Web3 or blockchain platform.

7. The system of claim 1, wherein: the data structure includes a URL identification.

8. The system of claim 1, wherein: the identity protocol interface is further configured to interface the blockchains using the same data according to the data structure and the metadata.

9. An autonomous identity system as claimed in any one of claims 1 to 8 wherein: the identity protocol interface supports DID linking to each blockchain account for identity verification.

10. A data docking method for self-ownership identity is characterized in that: using an autonomy identity system according to any one of claims 1 to 9, the docking method comprising the steps of:

s1: the data module creates DID controlled data stream;

s2: the definition module creates a corresponding definition ID according to the data stream and maps the definition ID to the index module, wherein the definition ID comprises a data structure corresponding to the data stream;

s3: the recording module stores the data stream specified by the definition module and forms a corresponding recording ID to be mapped to the index module;

s4: and the indexing module inquires or retrieves the data stream corresponding to the record ID according to the DID and the definition ID.

Technical Field

The invention relates to the technical field of block chains, in particular to a system and a method for self-ownership identity.

Background

The main purpose of the self-ownership identity is to make the user become a master for controlling own data, and the personal data of the user can be shared with others only under the condition of self-approval. Although the concept of autonomous identity has long been known, until the block chain technology has matured, there has been no very effective solution. Even though the international world wide web consortium (w3c) is now setting up a series of technical standards for autonomy, the actual solutions in use are flexible and countable on a global scale, since the technical standards are not fully developed.

The existing autonomous identity service has the following disadvantages: 1) the operation threshold is high: today, the mainstream autonomous identity service (such as Sovrin) or technical framework (such as superhedger) is mostly based on a federation chain (federation) which is a relatively closed ecosystem, and there is a threshold for general enterprises to apply for joining. Even if autonomy identity organizations like Sovrin Foundation are added, enterprises still face technical subjects such as building and maintaining block chain environments, and the like, so that the operation cost of the enterprises is undoubtedly and greatly increased; 2) the development difficulty is large: if a general enterprise wants to introduce a solution of the self-ownership identity, enterprise technicians are required to fully know the block chain technology and have a series of related knowledge of building a framework, developing mobile phone applications and the like, which can be called as a high requirement for developers; 3) data issuer and verifier resources are difficult to integrate: the current data distribution and verification of autonomy is limited to very limited fields worldwide, such as new crown vaccination in europe. In addition, services that accept and provide autonomy authentication are also subject to acceptance. As an enterprise, it is very difficult to find an ideal data issuer and data verifier so as to realize the whole business application scenario. This is partly due to the fact that the industry standards for autonomous identities are still in an immature stage, resulting in no interoperability between the solutions for autonomous identities; 4) data interaction cannot be realized: although various solutions for autonomy exist in the industry at present, no mature technology for realizing data interaction exists among the solutions. This has resulted in the fact that to date there has not been a widely recognized and applied solution. Although the popularity of W3C has accelerated the standard of autonomy, in the present situation, individual autonomy is in the confusion of the "social tie"; 5) applications to individual users are quite limited: at present, the application and development of the autonomy are mainly promoted by governments, organizations and large internet companies, the application scene is often limited to public services (such as the above-mentioned new crown vaccination certification) and enterprise services (such as the autonomy Network oriented to job hunting), and the like, and at the present, the community oriented to developers like an App store is not available, so that the application of the autonomy-based identity oriented to individual users is very limited.

Disclosure of Invention

The present invention provides a system and method for self-ownership status, which solves the above-mentioned problems encountered in the current self-ownership status.

In order to solve the technical problem, the invention provides a self-ownership identity system, which comprises an identity protocol interface, wherein the identity protocol interface comprises a data module, a definition module, a recording module and an index module;

the data module is used for creating a DID controlled data stream;

the definition module is used for creating a corresponding definition ID according to the data stream and mapping the definition ID to the index module, wherein the definition ID comprises a data structure corresponding to the data stream;

the recording module is used for storing the data stream specified by the definition module and forming a corresponding recording ID to be mapped into the index module;

the index module is used for inquiring or retrieving the data stream corresponding to the record ID according to the DID and the definition ID.

As a further improvement of the invention, the data of the data stream is stored in the recording module in a plaintext mode or in an encrypted mode.

As a further improvement of the present invention, when the data module creates a new data stream, the data stream is automatically registered in the index module through the definition module and the recording module.

As a further refinement of the present invention, the definition module creates a key string definition when the data module creates a DID-controlled data stream that stores encrypted authentication secrets that allow for the authentication of DID using various blockchain wallets.

As a further refinement of the invention, the definition module creates the AKA definition when the data module creates a DID-controlled data stream that stores a list of Web2 accounts controlled by the same user that owns the DID, and a verifiable statement to prove this ownership.

As a further refinement of the present invention, the definition module creates the encrypted account definition when the data module creates a DID-controlled data stream that stores a list of user account data stream IDs that publicly prove that the owner of this DID also owns various accounts on the Web3 or blockchain platform.

As a further refinement of the invention, the data structure includes a URL identification.

As a further refinement of the invention, the identity protocol interface is further adapted to interface the blockchains using the same data according to the data structure and the metadata.

As a further improvement of the present invention, the identity protocol interface supports DID linking to each blockchain account for identity verification.

The data docking method for the self-ownership identity adopts the self-ownership identity system, and comprises the following steps:

s1: the data module creates DID controlled data stream;

s2: the definition module creates a corresponding definition ID according to the data stream and maps the definition ID to the index module, wherein the definition ID comprises a data structure corresponding to the data stream;

s3: the recording module stores the data stream specified by the definition module and forms a corresponding recording ID to be mapped to the index module;

s4: and the indexing module inquires or retrieves the data stream corresponding to the record ID according to the DID and the definition ID.

The invention has the beneficial effects that: the invention can enable developers to easily construct an application program with user control flow to store data and discover and utilize user data created on a third-party application program; the use of an identity protocol interface can be constructed to allow users to control their identity and data independently of any single application, while allowing developers to construct data rich applications without the need to keep user data on a central server, and through the sharing of user identity and data; the identity protocol interface solves the problem that when a user logs in different applications, an account needs to be established for each application, so that brand new and smooth user experience is provided while account safety is guaranteed.

Drawings

FIG. 1 is a schematic diagram of the system of the present invention.

Detailed Description

The present invention is further described below in conjunction with the following figures and specific examples so that those skilled in the art may better understand the present invention and practice it, but the examples are not intended to limit the present invention.

Example one

Referring to fig. 1, an embodiment of the present invention provides an autonomous identity system, including an identity protocol interface, where the identity protocol interface includes a data module, a definition module, a recording module, and an index module;

the data module is used for creating a DID controlled data stream;

the definition module is used for creating a corresponding definition ID according to the data stream and mapping the definition ID to the index module, wherein the definition ID comprises a data structure corresponding to the data stream;

the recording module is used for storing the data stream specified by the definition module and forming a corresponding recording ID to be mapped into the index module;

the index module is used for inquiring or retrieving the data stream corresponding to the record ID according to the DID and the definition ID.

Specifically, the identity protocol interface includes: indexing: the index is a key-value stream (key value stream) that stores a mapping list of definition IDs to record IDs; definition (Definition): the definition is a stream describing the record, including definition ID identification; data format (Schema): the data format is a stream containing a JSON schema, specifies the data format in the record, and is identified by the schema url contained in the definition; a record is a stream containing data specified by a definition, identified by a record ID. Writing a record process by utilizing an autonomous identity system: a developer creates a data structure (schema); creating a Definition (Definition) and containing the schema URL; the user creates a Record (Record) that conforms to the definition; users add definitioniD and recordID to their Index (Index). And (3) reading and recording processes: the developer queries the index using DID and definitionsID or alias; the record corresponding to the definitionID is retrieved.

The application has the following characteristics: 1) DID compatibility: the identity protocol interface does not provide DID itself, but relies on them to obtain decentralized, platform independent identifiers. Any DID method that the identity protocol interface can support so that the identity protocol interface can link to and authenticate different blockchain accounts, which allows the DID to be a universal, cross-chain, and platform-independent identifier for the user. 2) Stream-based storage (Stream): the identity protocol interface stores user or application data in a user-controlled data stream. The data in the data stream may be stored in the clear or encrypted. The data stream created by the identity protocol interface has all the characteristics of variability, durability, reproducibility and availability provided by the self-ownership identity platform network. 3) An identity center: whenever a user stores data in a new data stream through the identity protocol interface, their data stream ID will automatically register in their index, which keeps all the user's data associations in the same data store, which in turn enables any application to discover all the data about the user by simply querying the user's index. 4) Common semantic data description: all data stored through the identity protocol interface are semantically described and organized in a user index, allowing multiple applications to use the same data according to a data structure (Schema) and Metadata (Metadata); 5) cross-application data (Cross-application) portability: through the combination of DID, data flow, identity centric and semantic data descriptions, the identity protocol interface allows user data to be stored in an application-independent manner and can be used across different applications or interfaces, with no application maintaining "special permissions" because the user is in full control.

The present application implements an IPOA (Identity Protocol for Open Applications-Open application) interface that provides a decentralized Index (Index) that allows structured data to be associated with a blockchain platform Decentralized Identifier (DID). The data may be defined (Definition) and stored in a Record (Record). The identity protocol interface is a decentralized identity protocol and JavaScript SDK that provides an API that allows developers to easily build applications with user control flow to store data and discover and utilize user data created on third party applications. The identity protocol interface can be used for constructing an application program which allows a user to control the identity and data of the user in a mode independent of any single application program, and simultaneously allows developers to construct the application program with rich data without storing the user data on a central server.

Example two

Referring to fig. 1, an embodiment of the present invention provides a data docking method for an owner identity, which employs an owner identity system as described in the first embodiment, and the docking method includes the following steps:

s1: the data module creates DID controlled data stream;

s2: the definition module creates a corresponding definition ID according to the data stream and maps the definition ID to the index module, wherein the definition ID comprises a data structure corresponding to the data stream;

s3: the recording module stores the data stream specified by the definition module and forms a corresponding recording ID to be mapped to the index module;

s4: and the indexing module inquires or retrieves the data stream corresponding to the record ID according to the DID and the definition ID.

The identity protocol interface may be used for (but is not limited to) the following use cases:

1) authentication secret (Astra Auth): the Astra Auth uses the identity protocol interface to create a DID-controlled data stream that stores encrypted authentication secrets that allow authentication of the DID using various blockchain wallets. To accomplish this, Astra Auth creates a docking application or platform key string definition (Keychain definition).

2) Web2 social account link (Astra Self Identity): the Astra Self Identity creates a DID controlled data stream using the Identity protocol interface, which stores a list of Web2 accounts controlled by the same user that owns the DID, and a verifiable claim to prove this ownership. To accomplish this, Astra Self Identity creates the AKA (Also Known As) definition.

3) Web3 encrypted account link (aster Connect) aster Connect creates a DID controlled data stream using the identity protocol interface that stores a list of user account data stream IDs that publicly proves that the owner of this DID also owns various accounts on the Web 3/blockchain platform. To achieve this goal, AstraConnect creates a cryptographic account definition.

EXAMPLE III

Referring to fig. 1, an embodiment of the present invention provides an autonomous identity system, and on the basis of the first embodiment, an ecosystem for autonomous identity applications is provided, which is intended to solve the problems encountered in the prior art mentioned above:

1) the development difficulty is large: the development process of the application of the self-ownership identity can be greatly simplified through the identity protocol interface, namely, simple interface codes are provided, so that a developer can concentrate on developing the business process without needing to spend much time to know the working principle and the knowledge related to the block chain in the self-ownership identity. In addition, the interface provides richer functions for a mobile phone application developer, so that the developer can develop an application based on the self-ownership identity like a general mobile phone application and can submit the application to a special App store for downloading by other users;

2) personal user oriented applications: the self-ownership identity is an App platform ecosystem dominated by a developer, the developer can develop MONiD mobile phone applications like general iOS and Android applications, the MONiD mobile phone applications can be submitted to an iOS or Android application store, and a self-owned personal application store is provided, all personal applications can perform data interaction through a self-ownership identity port (on the premise that the consent of a data holder needs to be obtained), so that the self-ownership identity system can become a platform for sharing various self-ownership identity data among apps. The data keeper can obtain certain incentive from the platform and the party needing the data by sharing the data of the data keeper (certainly, the data keeper can completely choose not to share the information to achieve the purpose of protecting personal data, which is also a great characteristic of self-ownership identity). Just because the autonomy identity system is a technical architecture based on a public chain without permission, developers can submit various applications of autonomy identities without any threshold, and therefore application scenes of the autonomy identities are greatly enriched.

3) The operation threshold is high: an enterprise or individual developer joining the self-ownership identity system can realize a series of operations through a management interface of the system, wherein the operations comprise issuing verification, requesting verification, viewing records, requesting data sharing with other users and the like. The system does not require enterprises and developers to participate in the building and maintenance of the nodes of the blockchain, and therefore the system can provide a very understandable user experience even for users who are not experienced enough with the blockchain.

4) Data issuer (issuers) and verifier (verifier) resources are difficult to integrate: the user joining the system can set visible state, at the same time, it can search the data issuer and verifier meeting the condition in the platform and send cooperation request by means of the system platform, the other party can process the request by the operation interface after receiving the cooperation request, if the two parties agree to cooperate, the system can provide the key of data interaction between the two parties. As the scale of system platforms expands, it is anticipated that more and more qualified data providers and verifiers will join the platform and provide data services for a variety of different applications.

The above-mentioned embodiments are merely preferred embodiments for fully illustrating the present invention, and the scope of the present invention is not limited thereto. The equivalent substitution or change made by the technical personnel in the technical field on the basis of the invention is all within the protection scope of the invention. The protection scope of the invention is subject to the claims.