A transaction monitoring method, system and related devices
By establishing DID connections and SSI agents in the instant payment system, real-time transaction monitoring was achieved, solving the problems of lag and false alarms in traditional compliance checks, reducing compliance costs, and improving the efficiency of transaction supervision and data security.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Patents(China)
- Current Assignee / Owner
- ZHONGCHAO CREDIT CARD IND DEV
- Filing Date
- 2022-09-29
- Publication Date
- 2026-06-12
AI Technical Summary
Traditional compliance checks are lagging in instant payment systems, making risk control difficult. Furthermore, rule-based compliance checks are prone to false alarms or omissions, data exchange with third-party cloud service providers is difficult, and compliance costs are high.
By establishing a DID connection and using an SSI agent for real-time monitoring and access, a two-way authentication and data encryption connection is established between the regulator and the business party. Transaction business data is collected and monitored in real time, and automated verification is performed using verifiable credential templates.
It enables real-time compliance checks, reduces false alarms, lowers compliance costs, improves transaction supervision efficiency and data security, and adapts to dynamic regulatory environments.
Smart Images

Figure CN115511492B_ABST
Abstract
Description
Technical Field
[0001] This application relates to the field of blockchain, and in particular to a transaction monitoring method, system and related device. Background Technology
[0002] Currently, online banking and instant payments are popular with customers. Speed and irreversibility are the main characteristics of instant payments, which have raised concerns among banks about uncontrolled risks—many banks have little control over compliance in real-time transaction processing.
[0003] Institutional compliance checks primarily involve batch categorizing transactions at the end of each business day and conducting compliance screenings using compliance software. This method allows for verification of known types of violations by clients and is a typical post-event review mechanism. In the context of instant payments, based on online services and instant transfer systems, clients can complete a series of operations—opening an account, transferring funds, and closing an account—within a few hours. Traditional compliance checks are insufficient to perform these operations and provide timely risk warnings.
[0004] Rule-based compliance checks, being one-dimensional screening criteria, often lead to a large number of false alarms. At the same time, deleting any check rule may bring huge risks.
[0005] To access real-time transaction data, traditional data users (businesses) establish data centers at their company premises, purchase and maintain physical hardware, and manage the connections between system vendors and their own data centers. As regulatory requirements change, compliance inspection rules expand, and compliance software needs continuous iteration and upgrades, all of which impose high compliance costs and pressures on businesses.
[0006] Individual business entities, due to insufficient data coverage, cannot provide effective risk identification based on big data analytics. While third-party cloud service providers can offer the technical architecture for data aggregation, concerns about data monopolies and data security make it difficult to acquire business data, and data exchange between different vendor systems remains challenging. Summary of the Invention
[0007] The purpose of this application is to provide a transaction monitoring method, a transaction monitoring system, a computer-readable storage medium, and an electronic device that enable regulators and business operators to implement data monitoring and avoid transaction risks caused by delayed compliance checks.
[0008] To address the aforementioned technical problems, this application provides a transaction monitoring method, comprising:
[0009] Identify the business entities to be regulated and establish DID (Distributed Information Management) connections;
[0010] An SSI proxy connection is established based on the DID connection relationship. After the business party confirms the identity of the supervisor of the connection requester, a real-time monitoring access request to the business party is initiated based on the SSI proxy connection.
[0011] The SSI agent collects and monitors the transaction data of the business party.
[0012] Optionally, before determining the business entity to be regulated, the process further includes:
[0013] The regulator obtains a distributed digital identity wallet;
[0014] Create a regulator's distributed digital identity (DID) information based on the distributed digital identity wallet, and submit the regulator's distributed digital identity (DID) information to the regulatory authority.
[0015] After the regulatory authority confirms the identity of the requester corresponding to the regulator's distributed digital identity (DID) information, it registers the regulator's DID information on the blockchain to the distributed digital identity ledger. The distributed digital identity ledger is managed by the regulatory authority and is accessible to both the regulator and the business party.
[0016] Optionally, after registering the regulator's distributed digital identity (DID) information on the blockchain to the distributed digital identity ledger, the process further includes:
[0017] The business party installs the distributed digital identity wallet and identity agent application locally to determine the business party's identity DID information;
[0018] The business party initiates a business filing request based on DID registration with the regulator, and establishes a DID connection based on the relationship DID between the two parties through the identity proxy application and the regulator's identity proxy;
[0019] The business entity submits its identity DID information to the regulator through the DID connection.
[0020] After the business party's identity is verified, the regulatory authority approves the business party's business filing request, signs and submits a request to register the business party's DID on the blockchain, so as to store the business party's identity DID in the distributed digital identity ledger.
[0021] Optionally, after identifying the business entity to be regulated, the following may also be included:
[0022] The regulator receives the registration and filing request from the business party and sends a connection invitation to the business party as the first response to the registration and filing request; the connection invitation includes the regulator's DID, connection ID, random number, and URL address for receiving the connection request from the DID;
[0023] After the business party receives the connection invitation and creates a business party relationship DID using its local digital identity wallet, it initiates a DID connection request to the URL address in the connection invitation from the regulator.
[0024] The regulator receives the DID connection request from the business party. The DID connection request includes: the business party relationship DID, and a signature of the connection invitation information using the private key corresponding to the business party relationship DID.
[0025] The business party relationship DID information and the decrypted invitation information in the connection request are verified. After successful verification, the business party relationship DID is stored locally by the regulator, and the regulator relationship DID is created using the identity wallet and fed back to the business party.
[0026] Upon receiving the DID connection request response from the regulator, the business party verifies the relationship DID of the regulator. After successful verification, the business party stores the relationship DID locally, thus completing the creation of the DID relationship between the business party and the regulator.
[0027] Optionally, initiating a real-time monitoring access request to the business party based on the SSI proxy connection to obtain access authorization to the business party includes:
[0028] The regulator's SSI proxy request establishes a DID connection with the business party's SSI proxy;
[0029] The business party confirms whether the relationship DID corresponding to the regulatory party exists in the business party's relationship record through the relationship record;
[0030] If so, the business party confirms that the connection requester is the regulatory party through a challenge response authentication based on the relationship DID. If the authentication is successful, a DID connection is established between the business party and the regulatory party.
[0031] The service provider receives and processes data access requests from the DID connection channel.
[0032] Optionally, before collecting and monitoring the transaction data of the business party through the SSI agent, the method further includes:
[0033] The business party's SSI agent receives the business access request sent by the regulatory party's SSI agent and forwards the business access request to the business party's system;
[0034] The business entity's system responds to the business access request and returns the corresponding business data. The business entity's SSI agent encrypts the business data using the relationship DID key with the regulator and returns it to the regulator's SSI agent so as to execute the step of collecting and monitoring the business entity's transaction business data through the SSI agent.
[0035] Optionally, before collecting and monitoring the transaction data of the business party through the SSI agent, the method further includes:
[0036] Establish a credential template that includes the data structure standard for the regulatory transaction business, and publish the credential template on a distributed digital identity ledger; the business party organizes the transaction business data into corresponding verifiable credentials based on the credential template on the ledger and returns them to the regulator to support the regulator in performing automated verification.
[0037] This application also provides a transaction monitoring system, including:
[0038] The relationship creation module is used to identify the business entities being regulated and establish DID connection relationships;
[0039] The connection access module is used to establish an SSI proxy connection based on the DID connection relationship. After the business party confirms the identity of the supervisor of the connection requester, it initiates a real-time monitoring access request to the business party based on the SSI proxy connection.
[0040] The business monitoring module is used to collect and monitor the transaction business data of the business party through the SSI agent.
[0041] This application also provides a computer-readable storage medium having a computer program stored thereon, which, when executed by a processor, implements the steps of the method described above.
[0042] This application also provides an electronic device, including a memory and a processor, wherein the memory stores a computer program, and the processor implements the steps of the method described above when it invokes the computer program in the memory.
[0043] This application provides a transaction monitoring method, comprising: identifying the regulated business party and establishing a DID connection relationship; establishing an SSI access connection based on the DID connection relationship; after the business party confirms the identity of the regulator of the connection requester, initiating a real-time monitoring access request to the business party based on the SSI proxy connection; and collecting and monitoring the transaction business data of the business party through the SSI proxy.
[0044] When monitoring transactions, this application requires connecting a secure, private, and licensed SSI agent to the business party's system. By introducing real-time monitoring in the transaction process, compliance checks are shifted from post-event to in-event, solving the problem of checks not keeping up with payments and ensuring that transactions are both monitorable and easy to monitor.
[0045] This application also provides a transaction monitoring method, a transaction monitoring system, a computer-readable storage medium, and an electronic device, which have the aforementioned beneficial effects, and will not be elaborated here. Attached Figure Description
[0046] To more clearly illustrate the technical solutions in the embodiments of this application or the prior art, the drawings used in the description of the embodiments or the prior art will be briefly introduced below. Obviously, the drawings described below are only embodiments of this application. For those skilled in the art, other drawings can be obtained based on the provided drawings without creative effort.
[0047] Figure 1 A flowchart illustrating a transaction monitoring method provided in an embodiment of this application;
[0048] Figure 2 This is a schematic diagram illustrating the specific application structure of a real-time transaction monitoring method.
[0049] Figure 3 This is a schematic diagram of a transaction monitoring system provided in an embodiment of this application. Detailed Implementation
[0050] To make the objectives, technical solutions, and advantages of the embodiments of this application clearer, the technical solutions of the embodiments of this application will be clearly and completely described below with reference to the accompanying drawings. Obviously, the described embodiments are only some embodiments of this application, not all embodiments. Based on the embodiments of this application, all other embodiments obtained by those skilled in the art without creative effort are within the scope of protection of this application.
[0051] Please refer to Figure 1 , Figure 1 A flowchart of a transaction monitoring method provided in this application embodiment, the method including:
[0052] S101: Identify the business entities to be regulated and establish DID connection relationships;
[0053] S102: Establish an SSI access connection based on the DID connection relationship. After the business party confirms the identity of the supervisor of the connection requester, initiate a real-time monitoring access request to the business party based on the SSI proxy connection.
[0054] S103: Collect and monitor the transaction data of the business party through the SSI agent.
[0055] The following section will first explain the authentication process for both the regulator and the business party before they conduct transaction monitoring:
[0056] First, the regulator's identity is verified:
[0057] Before identifying the business entities to be regulated, the following steps may be included:
[0058] The first step is for the regulator to obtain a distributed digital identity wallet;
[0059] The second step is to create a regulator's distributed digital identity (DID) information based on the distributed digital identity wallet, and submit the regulator's distributed digital identity (DID) information to the regulatory authority.
[0060] The third step is to register the regulatory authority's distributed digital identity (DID) information on the blockchain to the distributed digital identity ledger after the regulatory authority confirms the identity of the requester.
[0061] This distributed digital identity ledger is managed by the regulatory authority and accessible to both the regulator and the business entity.
[0062] Before deploying real-time monitoring from regulators to business entities, it is necessary to first ensure the authenticity of the regulators. This typically requires endorsement and certification from regulatory authorities, as well as the provision of mechanisms to discover and verify their identities.
[0063] Specifically, regulatory entities that have passed online or offline authentication, i.e., regulators, download a distributed digital identity wallet and proxy on their networked computers or servers providing regulatory services. They create a distributed digital identity and submit their regulatory identity DID information, along with other credential information (such as business registration information), to the regulatory governance agency. The agency requests verification of their identity and submission of registration and public disclosure of the digital identity. This DID information can be a DID Doc (DID & pk). The regulatory agency then submits a proxy identity registration request (signed by the regulator) to the approved regulator. To ensure the discoverability and immutability of the identity, the regulator's distributed digital identity information is typically registered on a distributed digital identity ledger or blockchain, with information registration and confirmation completed through consensus nodes. The distributed digital identity ledger can adopt an open-permission governance model or a private-permission model, jointly maintained by the regulatory governance agency and other parties, supporting access by regulators and business entities.
[0064] Correspondingly, business entities should also undergo relevant business compliance certification. Before conducting external business, business entities can first undergo legal entity identity verification. Afterwards, they need to file their business with the regulatory authorities, which may include the following steps:
[0065] Step 1: The business party installs the distributed digital identity wallet and identity proxy application locally to determine the business party's identity DID information;
[0066] The second step is for the business party to initiate a business filing request based on DID registration with the regulatory party, and to establish a DID connection based on the DID of the relationship between the two parties through the identity proxy application and the identity proxy of the regulatory party;
[0067] Third step: The business party submits its identity DID information to the regulator through the DID connection;
[0068] Fourth, after the business party's identity is verified, the regulatory body approves the business party's business filing request, signs and submits a request to register the business party's DID on the blockchain, so as to store the business party's identity DID in the distributed digital identity ledger.
[0069] It is important to note that after receiving the registration and filing request from the business entity, the regulator typically needs to first establish a DID relationship with the business entity and then perform a DID connection based on that relationship. This process may include the following steps:
[0070] The first step is for the regulator to receive the registration and filing request from the business party and send a connection invitation to the business party as the first response to the registration and filing request; the connection invitation includes the regulator's DID, connection ID, random number, and URL address for receiving the connection request from the DID;
[0071] The second step is to initiate a DID connection request to the URL address in the connection invitation from the regulator after the business party receives the connection invitation and creates a business party relationship DID using the local digital identity wallet.
[0072] Third step: The regulator receives the DID connection request sent by the business party. The DID connection request includes: the business party relationship DID, and a signature of the connection invitation information using the private key corresponding to the business party relationship DID.
[0073] Step 4: Verify the business party relationship DID information and the decrypted invitation information in the connection request. After successful verification, store the business party relationship DID in the local storage of the regulator and use the identity wallet to create a regulator relationship DID that matches the relationship DID, and then feed it back to the business party.
[0074] Step 5: Upon receiving the DID connection request response from the regulator, the business party verifies the relationship DID of the regulator. After successful verification, the business party stores the relationship DID locally, thus completing the creation of the DID relationship between the business party and the regulator.
[0075] It is important to note that the creation of a DID relationship involves mutual authentication between the two parties. In the practical application of this application, it is possible to implement only one-way authentication from the regulator to the business party, or only two-way authentication between the business party and the regulator. Two-way authentication helps both parties verify each other's identities, ensuring that business transaction data is not leaked and that data security is maintained. A feasible mutual authentication process for creating a DID relationship is as follows:
[0076] Step 1: The regulator sends a DID connection invitation to the business party:
[0077] Businesses operating regulated businesses must apply for and file records with the regulator. For regulated businesses submitting regulatory filings, the regulator sends a DID (Distributed Information Distribution) connection request, which should include the following information:
[0078] The regulator's DID (should be consistent with the information published on the distributed digital identity ledger);
[0079] Connection ID;
[0080] The URL that receives DID connection requests;
[0081] Challenge value (as a random number, intended for one-time use)
[0082] Typically, DID connection requests are encoded in standard Base64 URL format and then sent to the business party via email, SMS, or website QR code (out-of-band transmission).
[0083] The second step involves the business party receiving the DID connection invitation, constructing a private business party relationship peerDID@A:B and related key pairs using a local wallet. This is only used for the current relationship connection, and the following information is submitted to the regulator through the connection request:
[0084] Connection ID;
[0085] The response value is generated by signing the challenge value with the private key created by peerDID@A:B;
[0086] The peerDID@A:B created and related public key information, access entry address of the regulated business system, etc.
[0087] The above information is encrypted using the regulator's DID public key (obtained from the distributed digital identity ledger) and then returned to the connection request acceptance address in the connection invitation.
[0088] The regulator receives a DID connection request from the business party, decrypts it using its DID private key, verifies the challenge response based on the received peerDID@A:B public key, and upon successful verification, saves the aforementioned peerDID@A:B to the regulator's SSI agent. The regulator then creates a corresponding regulator relationship peerDID@B:A and responds with a connection request. Similarly, to prevent man-in-the-middle attacks, the returned regulator connection request response should be signed with the regulator relationship peerDID@B:A's private key and encrypted with the peer relationship peerDID@A:B's public key before being returned.
[0089] The relationship DID and key, which are mutually authenticated by the regulator and the business party, are stored in the SSI agents on the local machines of the regulator and the business party, respectively.
[0090] Furthermore, once the regulators and business partners complete the DID relationship creation process described above, they can establish a two-way connection based on DID authentication to exchange credential data.
[0091] Credential data exchange can be used by regulators to verify applicant identity, such as verifying the legal entity identity and DID submitted by the applicant. In addition, regulators should verify other relevant qualifications online and offline, depending on the applicant's business scope.
[0092] For approved business entities, the supervisory party that has registered on the distributed digital identity ledger may, as needed, request that the business entity's identity DID information, which may be DID Doc (DID, public key, and business system entry point address) information, be uploaded to the blockchain.
[0093] Before regulators can monitor and access business systems, they need to establish a DID connection with the business based on the previously created DID relationship. This can include the following steps:
[0094] The regulator's SSI proxy request establishes a DID connection with the business party's SSI proxy;
[0095] The business party confirms whether the relationship DID corresponding to the regulatory party exists in the business party's relationship record through the relationship record;
[0096] If so, the business party confirms that the connection requester is the regulatory party through a challenge response authentication based on the relationship DID. If the authentication is successful, a DID connection is established between the business party and the regulatory party.
[0097] Based on the established DID connection, the regulator can initiate data access to the regulated business party according to the business system address filed with the regulator. The business party responds to the data access request, calls the corresponding API interface to collect the data, and feeds the data back to the regulator based on the DID connection.
[0098] To ensure data transmission security, data should be encrypted using an encryption key negotiated between the private key of the business party's relationship DID and the public key of the regulator's relationship DID. After decrypting the response data, the regulator's SSI agent can forward the data to relevant systems for automated data checks, including data format and validity.
[0099] For data that does not involve strict privacy protection requirements, it can be directly aggregated into the data lake in the regulatory backend, supporting regulatory big data analysis and inspection. Data write security can be achieved through the traditional client / server security model or through DID point-to-point secure communication.
[0100] See Figure 2 , Figure 2 This is a schematic diagram illustrating the specific application structure of a real-time transaction monitoring method. Figure 2 In this process, the transaction server aggregates transaction data from each POS machine and acts as the business party, while both Supervisory Agent 1 and Supervisory Agent 2 act as the supervisors. Both Supervisory Agent 1 and Supervisory Agent 2 need to perform secure communication with the transaction server based on a DID connection, i.e. Figure 2 The two are DIDComm, but their functions are not the same. Regulatory Agent 2 is used to collect and inspect data from the transaction server and upload it to the data lake, while Regulatory Agent 1 is used to perform local AML (Anti-Money Laundering) checks on the business system.
[0101] The following text is about... Figure 2 The application of the regulatory agent 1 as the regulator is explained below:
[0102] In addition to real-time data access for appropriate monitoring, regulators may also need to conduct real-time checks on specific transactions to assess the extent of violations and intervene to prevent fraud and financial crime. Since such checks often involve business-sensitive information or user privacy information, the following steps can be taken: A machine-readable and machine-executable compliance check script is transmitted to the business party through a regulatory agent, enabling local checks. The check results should be returned in a manner verifiable by the regulator. To prevent malicious attackers from transmitting counterfeit compliance scripts or code to obtain improper information, requests and downloads of compliance scripts or code should be based on a DID connection established between the regulator and the business party. To ensure the security, non-repudiation, and integrity of the script information during download, encryption can be achieved through public-private key negotiation between the two parties, sender's private key signing, and MAC verification.
[0103] In this embodiment of the application, when a transaction is detected, a secure, private, and licensed SSI agent needs to be connected to the business party's system. By introducing real-time monitoring in the transaction process, compliance checks are shifted from post-event to in-event, solving the problem of checks not keeping up with payments and ensuring that transactions are both monitorable and easy to monitor.
[0104] To automate the inspection of monitoring data, the data structure should be standardized to support machine readability and verifiability. As a preferred embodiment, before collecting and monitoring transaction data from business entities through an SSI agent, verifiable credential data templates incorporating regulatory transaction data structure standards should be established and published on a distributed digital identity ledger. The business entity should then organize the transaction data into corresponding verifiable credentials based on the credential templates on the ledger and return them to the regulator to support automated verification.
[0105] Specifically, regulators should clearly define and publish the fine-grained data they need (or adopt existing standards). Defined regulatory review data (based on combinations of several data points) is published on a distributed digital identity ledger in the form of verifiable credential templates, ensuring that any changes to regulatory review data requirements are promptly accessible to regulators and business stakeholders. Verifiable credential templates are machine-readable definitions of a set of attribute data types and formats used for credential claims, facilitating the standardization of regulatory data and automated machine verification.
[0106] No specific specifications or content limitations are provided for the voucher template here. The specifications for voucher templates can be found in the W3C Verifiable Credential Model specification.
[0107] In addition to data from real-time transactions, the regulatory backend can also aggregate large amounts of fine-grained, structured and unstructured data accessed through other channels, creating a single view of all internal and external data sources for financial institutions. Automated modeling, analysis and visualization of this data are crucial for improving the effectiveness of macro and micro prudential supervision.
[0108] To achieve this goal, effective expansion of collaborative relationships between different regulatory cloud service platforms is needed. Similarly, different regulatory cloud services can establish peer-to-peer trusted connections with other cloud proxy services based on DID (Data Identification and Authentication) principles, enabling data sharing while adhering to relevant data protection principles. This allows for comprehensive data visualization and analysis, or the implementation of data protection-based machine learning to optimize risk identification models. Considering the clustered collaboration of regulatory cloud services, a suitable n-wise DID connection relationship should be established. Providing cloud-deployed regulatory services helps reduce the burden and costs on business stakeholders and improves the agility of compliance response.
[0109] This type of financial monitoring engine can work across one or more industry regulatory server clusters. The deployment of this hybrid cloud model can quickly adapt to the requirements of new challenges or changing regulatory environments, enabling scalable and dynamic financial supervision, giving relevant organizations good business agility, and the benefits of big data analytics.
[0110] This embodiment integrates the regulatory body directly into the business system of the operator, enabling them to participate in transactions and significantly improving the real-time nature of supervision. Furthermore, before establishing an SSI connection, the regulatory body and the business operator perform DID authentication to build mutual trust, ensuring data exchange security that surpasses that of third-party software vendors.
[0111] Meanwhile, the trusted governance based on distributed identity in this application features a flattened structure and flexible scalability, supporting changes in the combination of regulators and business parties, and enabling them to quickly adapt to new business challenges and the requirements of the ever-changing regulatory environment.
[0112] The transaction monitoring system provided in the embodiments of this application is described below. The transaction monitoring system described below can be referred to in correspondence with the transaction monitoring method described above.
[0113] See Figure 3 , Figure 3 This is a schematic diagram of a transaction monitoring system provided in an embodiment of this application. The system includes:
[0114] The relationship creation module is used to identify the business entities being regulated and establish DID connection relationships;
[0115] The connection access module is used to establish an SSI proxy connection based on the DID connection relationship. After the business party confirms the identity of the supervisor of the connection requester, it initiates a real-time monitoring access request to the business party based on the SSI proxy connection.
[0116] The business monitoring module is used to collect and monitor the transaction business data of the business party through the SSI agent.
[0117] Based on the above embodiments, as a preferred embodiment, it further includes:
[0118] The regulatory registration module is used to obtain a distributed digital identity wallet;
[0119] The regulator's distributed digital identity (DID) information is created based on the distributed digital identity wallet and submitted to the regulatory authority. After the regulatory authority confirms the identity of the requester corresponding to the regulator's DID information, it registers the regulator's DID information on the blockchain to the distributed digital identity ledger. The distributed digital identity ledger is managed by the regulatory authority and is accessible to both the regulator and the business party.
[0120] Based on the above embodiments, as a preferred embodiment, it further includes:
[0121] The business entity filing module is applied to the business entity and is used to install the distributed digital identity wallet and identity agent application locally, determine the business entity's identity DID information; initiate a business filing request based on DID registration to the regulatory authority, and establish a DID connection based on the relationship DID between the two parties through the identity agent application and the regulatory authority's identity agent; and submit the business entity's identity DID information to the regulatory authority through the DID connection.
[0122] The filing response module, applied by the regulator, is used to approve the business filing request of the business party after the business party's identity verification is passed. The regulator signs and submits a request to register the business party's DID on the blockchain so that the business party's identity DID can be stored in the distributed digital identity ledger.
[0123] Based on the above embodiments, as a preferred embodiment, it further includes:
[0124] The regulator's DID connection invitation module is applied to the regulator and is used to receive the registration and filing request from the business party and send a connection invitation to the business party as the first response to the registration and filing request; the connection invitation includes the regulator's DID, connection ID, random number, and URL address for receiving the DID connection request;
[0125] The business party DID connection request module, applied to the business party, is used to initiate a DID connection request to the URL address in the regulatory party's connection invitation after the business party receives the connection invitation and creates a business party relationship DID using its local digital identity wallet.
[0126] The regulator's DID connection response module, applied to the regulator, is used to receive the DID connection request sent by the business party. The DID connection request includes: the business party relationship DID, and a signature of the connection invitation information using the private key corresponding to the business party relationship DID; it verifies the business party relationship DID information and the decrypted invitation information in the connection request; after successful verification, it stores the business party relationship DID in the regulator's local storage, and uses the identity wallet to create a regulator relationship DID paired with the relationship DID, and feeds it back to the business party;
[0127] The DID relationship confirmation module is applied to the business side. It is used to receive the DID connection request response from the regulator, verify the relationship DID of the regulator, and store the relationship DID to the local machine of the business side after successful verification, thus completing the creation of the DID relationship between the business side and the regulator.
[0128] Based on the above embodiments, as a preferred embodiment, it further includes:
[0129] The credential template configuration module is used to create credential templates that include the data structure standards of the regulatory transaction business, and publish the credential templates on the distributed digital identity ledger; the business party organizes the transaction business data into corresponding verifiable credentials based on the credential templates on the ledger and returns them to the regulator to support the regulator in performing automated verification.
[0130] This application also provides a computer-readable storage medium having a computer program stored thereon, which, when executed, can perform the steps provided in the above embodiments. The storage medium may include various media capable of storing program code, such as a USB flash drive, a portable hard drive, a read-only memory (ROM), a random access memory (RAM), a magnetic disk, or an optical disk.
[0131] This application also provides an electronic device that may include a memory and a processor. The memory stores a computer program, and when the processor calls the computer program in the memory, it can implement the steps provided in the above embodiments. Of course, the electronic device may also include various network interfaces, power supplies, and other components.
[0132] The various embodiments in this specification are described in a progressive manner, with each embodiment focusing on its differences from other embodiments. Similar or identical parts between embodiments can be referred to interchangeably. As the system provided in the embodiments corresponds to the method provided in the embodiments, the description is relatively simple; relevant parts can be found in the method section.
[0133] This document uses specific examples to illustrate the principles and implementation methods of this application. The descriptions of the embodiments above are only for the purpose of helping to understand the method and core ideas of this application. It should be noted that those skilled in the art can make several improvements and modifications to this application without departing from the principles of this application, and these improvements and modifications also fall within the protection scope of the claims of this application.
[0134] It should also be noted that, in this specification, relational terms such as "first" and "second" are used only to distinguish one entity or operation from another, and do not necessarily require or imply any such actual relationship or order between these entities or operations. Furthermore, the terms "comprising," "including," or any other variations thereof are intended to cover non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements includes not only those elements but also other elements not expressly listed, or elements inherent to such a process, method, article, or apparatus. Without further limitations, an element defined by the phrase "comprising one..." does not exclude the presence of other identical elements in the process, method, article, or apparatus that includes said element.
Claims
1. A transaction monitoring method, characterized in that, include: Identify the business entities to be regulated and establish DID (Distributed Information Management) connections; An SSI proxy connection is established based on the DID connection relationship. After the business party confirms the identity of the supervisor of the connection requester, a real-time monitoring access request to the business party is initiated based on the SSI proxy connection. The SSI agent collects and monitors the transaction data of the business party. Prior to determining the business entity to be regulated, the process also includes: The regulator obtains a distributed digital identity wallet; Create a regulator's distributed digital identity (DID) information based on the distributed digital identity wallet, and submit the regulator's distributed digital identity (DID) information to the regulatory authority. After the regulatory authority confirms the identity of the requester corresponding to the regulator's distributed digital identity (DID) information, it registers the regulator's DID information on the blockchain to the distributed digital identity ledger; the distributed digital identity ledger is managed by the regulatory authority and supports access by the regulator and the business party. After registering the regulator's distributed digital identity (DID) information on the blockchain to the distributed digital identity ledger, the process also includes: The business party installs the distributed digital identity wallet and identity agent application locally to determine the business party's identity DID information; The business party initiates a business filing request based on DID registration with the regulator, and establishes a DID connection based on the relationship DID between the two parties through the identity proxy application and the regulator's identity proxy; The business entity submits its identity DID information to the regulator through the DID connection. After the business party's identity is verified, the regulatory body approves the business party's business filing request, signs and submits a request to register the business party's DID on the blockchain, so as to store the business party's identity DID in the distributed digital identity ledger. After identifying the business entities to be regulated, this also includes: The regulator receives the registration and filing request from the business party and sends a connection invitation to the business party as the first response to the registration and filing request; the connection invitation includes the regulator's DID, connection ID, random number, and URL address for receiving the connection request from the DID; After the business party receives the connection invitation and creates a business party relationship DID using its local digital identity wallet, it initiates a DID connection request to the URL address in the connection invitation from the regulator. The regulator receives the DID connection request from the business party. The DID connection request includes: the business party relationship DID, and a signature of the connection invitation information using the private key corresponding to the business party relationship DID. The business party relationship DID information and the decrypted invitation information in the connection request are verified. After successful verification, the business party relationship DID is stored locally by the regulator, and the regulator relationship DID is created using the identity wallet and fed back to the business party. Upon receiving the DID connection request response from the regulator, the business party verifies the relationship DID of the regulator. After successful verification, the business party stores the relationship DID locally, thus completing the creation of the DID relationship between the business party and the regulator.
2. The transaction monitoring method according to claim 1, characterized in that, Initiating a real-time monitoring access request to the business party based on an SSI proxy connection to obtain access authorization to the business party includes: The regulator's SSI proxy request establishes a DID connection with the business party's SSI proxy; The business party confirms whether the relationship DID corresponding to the regulatory party exists in the business party's relationship record through the relationship record; If so, the business party confirms that the connection requester is the regulatory party through a challenge response authentication based on the relationship DID. If the authentication is successful, a DID connection is established between the business party and the regulatory party. The service provider receives and processes data access requests from the DID connection channel.
3. The transaction monitoring method according to claim 1, characterized in that, Before collecting and monitoring the transaction data of the business party through the SSI agent, the process also includes: The business party's SSI agent receives the business access request sent by the regulatory party's SSI agent and forwards the business access request to the business party's system; The business entity's system responds to the business access request and returns the corresponding business data. The business entity's SSI agent encrypts the business data using the relationship DID key with the regulator and returns it to the regulator's SSI agent so as to execute the step of collecting and monitoring the business entity's transaction business data through the SSI agent.
4. The transaction monitoring method according to claim 1, characterized in that, Before collecting and monitoring the transaction data of the business party through the SSI agent, the process also includes: Establish a credential template that includes the data structure standard for the regulatory transaction business, and publish the credential template on a distributed digital identity ledger; the business party organizes the transaction business data into corresponding verifiable credentials based on the credential template on the ledger and returns them to the regulator to support the regulator in performing automated verification.
5. A transaction monitoring system, characterized in that, include: The relationship creation module is used to identify the business entities being regulated and establish DID connection relationships; The connection access module is used to establish an SSI proxy connection based on the DID connection relationship. After the business party confirms the identity of the supervisor of the connection requester, it initiates a real-time monitoring access request to the business party based on the SSI proxy connection. The business monitoring module is used to collect and monitor the transaction business data of the business party through the SSI agent; The regulatory registration module is used to obtain a distributed digital identity wallet; create a regulatory distributed digital identity DID information based on the distributed digital identity wallet; and submit the regulatory distributed digital identity DID information to the regulatory authority. After the regulatory authority confirms the identity of the requester corresponding to the regulator's distributed digital identity (DID) information, it registers the regulator's DID information on the blockchain to the distributed digital identity ledger; the distributed digital identity ledger is managed by the regulatory authority and supports access by the regulator and the business party. The business entity filing module is applied to the business entity and is used to install the distributed digital identity wallet and identity agent application locally, determine the business entity's identity DID information; initiate a business filing request based on DID registration to the regulatory authority, and establish a DID connection based on the relationship DID between the two parties through the identity agent application and the regulatory authority's identity agent; and submit the business entity's identity DID information to the regulatory authority through the DID connection. The filing response module is applied by the regulator to approve the business filing request of the business party after the business party's identity verification is passed. The regulator signs and submits a request to register the business party's DID on the blockchain so that the business party's identity DID can be stored in the distributed digital identity ledger. The regulator's DID connection invitation module is applied to the regulator and is used to receive the registration and filing request from the business party and send a connection invitation to the business party as the first response to the registration and filing request; the connection invitation includes the regulator's DID, connection ID, random number, and URL address for receiving the DID connection request; The business party DID connection request module is applied to the business party and is used to initiate a DID connection request to the URL address in the regulatory party connection invitation after the business party receives the connection invitation and creates a business party relationship DID using a local digital identity wallet. The regulator's DID connection response module is applied to the regulator and is used to receive the DID connection request sent by the business party. The DID connection request includes: the business party relationship DID, and a signature of the connection invitation information using the private key corresponding to the business party relationship DID. The business party relationship DID information and the decrypted invitation information in the connection request are verified. After successful verification, the business party relationship DID is stored locally by the regulator, and the regulator relationship DID is created using the identity wallet and fed back to the business party. The DID relationship confirmation module is applied to the business side. It is used to receive the DID connection request response from the regulator, verify the relationship DID of the regulator, and store the relationship DID to the local machine of the business side after successful verification, thus completing the creation of the DID relationship between the business side and the regulator.
6. A computer-readable storage medium having a computer program stored thereon, characterized in that, When the computer program is executed by a processor, it implements the steps of the transaction monitoring method as described in any one of claims 1-4.
7. An electronic device, characterized in that, It includes a memory and a processor, wherein the memory stores a computer program, and the processor, when calling the computer program in the memory, implements the steps of the transaction monitoring method as described in any one of claims 1-4.