Domestic chain reform case sharing-electronic certificate deposit based on blockchain

At present, the domestic electronic license management platform mainly relies on third-party certification agencies to establish a central database to store data, and uses a centralized database to complete the production, storage, information query, and exchange and sharing of licenses. Data access and update rights belong to state agencies and are shared by various departments. Can not effectively solve the problem of information barriers and information exchange between different documents.

Background and status

The decentralized way of the blockchain can solve the security and trust issues of data in the storage and sharing process.

In the data sharing process, the data is confirmed, the storage is tamper-proof, the circulation process can be traced, and the data management can be audited. The data is guaranteed to be safe during storage, sharing, and auditing. It promotes data sharing and enhances data. Trust in circulation, eliminating single points of failure and defending against cyber attacks.

These are the main advantages of the blockchain DLT (distributed Ledger Technology) technology. Problems such as multiple certificates, difficulty in applying for certificates, troublesome use of certificates, and slow verification are common in the current identity authentication market. Multi-level data centers need to be set up to produce certificates and certificates. Information barriers between different certificate and identity systems cannot fully share information. The realization of the certificate and certificate storage chain based on the blockchain technology no longer requires the construction of a multi-level data center. It only needs to establish a point-to-point node network and adopts a main-side chain multi-chain structure. The main chain mainly performs identity authentication and the side chain authenticates various certificates (marriage Certificate, real estate certificate, degree certificate, business license certificate, health license), side chain and main chain are anchored to achieve the free flow of certificate information.

Business design

Registration–Issue — Receipt — Check

Entity registration-digital identity verification-digital identity on-chain

After completing the real-name registration in the designated business department, an individual can handle the daily business of opening, cancelling, and changing the electronic certificate. The certification authority reviews the information of the certificate holder to generate the digital identity of the certificate holder; the certificate issuing agency signs the digital identity of the certificate holder with its private key, sends it to the certificate holder, and submits it to the grid information center for review / recording. The certificate holder uses his own private key to encrypt the digital identity received by the issuing authority and submit the digital identity blockchain. The digital identity blockchain completes the verification and consensus process to achieve digital identity bookkeeping.

check

The verification operation is performed through the mobile client and PC work end. The verification operation record is stored in the unified management center. The certificate holder presents the digital identity code on the client for scanning by the verification witness; the verification officer uses the public key of the issuing authority to verify the digital identity Whether it is issued by a license-issuing agency; the checker checks the digital identity information of the holder.

Overall architecture

Adopt Ethereum as the underlying technology platform

Data layer: ETH block encapsulation

Service layer: account system, blockchain service, electronic certificate

User layer: license user app, license issuing agency

Data encapsulation

Main chain-side chain two-way anchoring

Different certificates correspond to their respective side chains. The two-way anchoring technology of the side chains allows trust to be passed between different networks and establishes a personal credit system.

Interactive Design

1. Identity authentication phase

It mainly involves the interaction of the blockchain platform, user apps and background management systems. The user logs in to the system ID, and the background management system performs identity authentication. If passed, the user identity information is written to the identity management database. Register the blockchain ID. From the user information (name, unit, city, country, and other information representing the identity of the user), generate a unique identity across the network. Based on this identity, you need to determine whether the user is a new user.

2. Issuing and receiving stages

3. Renewal phase

4. Inspection

Witness Client, Holder Client, Blockchain Platform Interaction

Features and API

The process of registration, certificate issuance, and inspection of the trusted electronic certificate application includes 5 main functional modules and 5 APIs.

The five main functional modules are the citizen user app, the front-end of the certification authority, the blockchain platform, the government business database, and the background identity management database; the five APIs include registering blockchain users, sending certification information, checking electronic license information, and query User public key and query electronic certification information.

registered user

Ordinary users, users of certificate authorities, users of inspection agencies

Enter account name and output blockchain address

Output: account address (registered user's address on the blockchain, used to transfer information between users) and account public and private keys

Send certification information

Input: Blockchain address of the user who applies for certification (send certification information to the user of the address after issuing the certificate), organization code of the issuing agency (the unique identification of the issuing agency), and the certificate information of the user (Requires user public key encryption).

Output: Hash value (the unique identifier of the transaction information address) of the transaction, and the block number (the unique identifier of the transaction information address) of the recorded document information.

check

Input: Check the user's blockchain address (the electronic license information of ordinary users), the organization code of the issuing authority (the unique identification of the issuing authority), and the information of the verified ordinary user's credentials (the public key of the verified user needs to be encrypted). Output: Hash value (the unique identifier of the transaction information address) of the transaction, and the block number (the unique identifier of the transaction information address) of the recorded document information.

Public key query

Input: Address information. Output: Public key information.

Query e-licenses

Query e-license information based on the number of blocks and transaction hash, used for ordinary users to update

E-license information

Input: The user's blockchain transaction address (specified search address), the number of blocks that record transaction information (specified search blocks), and the transaction hash of the electronic certificate (specified search transactions). Output: the organization code of the certificate-making institution (obtaining the information of the certificate-issuing institution), and the information of the electronic certificate (acquiring the specific information of the electronic certificate).

Blockchain-based data sharing

Data security sharing

The shared data will not be stored directly on the blockchain, but will be anchored as a digital asset on the blockchain through smart contracts.

After synchronizing a copy of the data shared in the government business database to the ODS of its front-end machine, and then encrypting the access information of this part of the shared data in the ODS as the metadata of digital assets; The data that can be shared in the government business library is encrypted and written to the ODS file system to form a shared data file, and then the integrity hash value of the shared data file is stored on the blockchain as metadata of digital assets The shared data file itself is still stored in the ODS of the front-end of the government business database.

Digital assets include header information and metadata

Digital assets for structured data are: version number + data type + digital asset metadata; digital assets for unstructured data are: version number + data type + hash algorithm + digital asset metadata.

When the data sharing party issues digital assets through the blockchain client, the digital assets are recorded in the transaction load and submitted to the preset smart contract to realize the release of digital assets.

Text data with a small footprint is directly stored on-chain. For data or files with a larger footprint, metadata information accessing such data is stored on-chain, and the file itself is stored off-chain. Off-chain storage can be any network file system, file link, point-to-point distributed file system, etc., such as IPFS.

2. Registration and release of shared data

The blockchain converts shared data into digital assets, and then uses smart contracts to register and publish shared data, that is, digital assets, on the blockchain. Smart contracts for publishing digital assets are provided by government business systems and deployed by government business systems on the blockchain through their front-end terminals. After the deployment of the smart contract is completed, the content of the contract can be shared and viewed by all participants in the blockchain, but there is only one owner of the smart contract, which is the deployer of the smart contract, which is the government business system.

Each trigger execution of a smart contract will perform a user permission check on the sender of the trigger message. Only the digital asset owner, that is, the owner of the smart contract, has the right to change the sharing rules of the smart contract.

Digital asset owners can pre-set a list of authorized digital identities in smart contracts, list demanders with access to shared digital assets, and maintain the list. When the smart contract is executed, it will match the identity of the requester. Only the digital identity in the list can request shared data through the smart contract.

3. Global shared data resource directory

The smart contract guarantees that only the inspectors who are authorized and meet the permission triggering rules can trigger the execution of the data sharing process. The smart contract plays the role of access control here.

business model

The method of cooperation with the government and third-party agencies will provide them with license business data and issue certificates on the electronic license platform; provide free certificate storage services for public users; for commercial institutions and social organizations that require inspection, the Charges for the number of times or traffic, provide paid certificate services.

Application

1. E-licenses solve the problem of “multi-run permits” caused by lack of paper materials

The electronic certificate is stored in a mobile phone in the form of a two-dimensional code, which is convenient to carry and use. It can realize the paperless approval of the certificate, reduce the use of paper certificates, reduce social costs and waste of resources, and reduce the number of certificates. , Use the card trouble and other photos to chaos.

Smart government

The traditional certificate verification work is cumbersome, and administrative staff must invest a lot of effort in manual inspection, which is time-consuming and labor-intensive. The electronic certificate can implement automatic machine inspection on the certificate materials included in the electronic certificate service catalogue, reducing manual inspection, which reduces administrative costs and improves the efficiency of administrative services of the government's original system.