Passenger identity verification method and device, and electronic device

By combining facial feature extraction of passengers with blockchain similarity comparison and digital credential verification, the problems of low data security and low efficiency in passenger identity verification are solved, and an automated and privacy-protected identity verification process is realized.

CN122243570APending Publication Date: 2026-06-19TRAVELSKY TECHNOLOGY LIMITED

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
TRAVELSKY TECHNOLOGY LIMITED
Filing Date
2026-03-09
Publication Date
2026-06-19

AI Technical Summary

Technical Problem

In existing technologies, passenger identity verification suffers from low data security and low efficiency, and it is difficult to identify problems such as forged documents and impersonation to enjoy airfare discounts.

Method used

By extracting features from the facial data of target passengers, comparing similarity using preset facial feature values ​​of passengers stored on the blockchain, and combining this with the ownership verification and validity check of digital credentials, automated identity verification is achieved.

Benefits of technology

Without disclosing passengers' original identity data, the system improves the efficiency and accuracy of identity verification, protects passenger privacy, and reduces system integration costs and the need for manual verification.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN122243570A_ABST
    Figure CN122243570A_ABST
Patent Text Reader

Abstract

This application discloses a method, apparatus, and electronic device for verifying passenger identity, relating to the field of blockchain technology. The method includes: extracting features from the facial data of a target passenger to obtain facial feature values; detecting the similarity between the target passenger's facial feature values ​​and L facial feature values ​​stored in the blockchain; if the maximum value among the L similarities is greater than a preset similarity, detecting whether the owner of the digital credential provided by the target passenger is the target passenger; if the owner of the digital credential is the target passenger, detecting whether the digital credential provided by the target passenger passes the validity check; if the digital credential provided by the target passenger passes the validity check, determining that the target passenger has passed identity verification, and processing check-in for the target passenger. This application solves the technical problems of low data security and low efficiency in verifying the identity of passengers applying for ticket purchase discounts based on existing technologies.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This application relates to the field of blockchain technology, and more specifically, to a method, apparatus, and electronic device for verifying passenger identity. Background Technology

[0002] During the ticket purchase process, some individuals and organizations have taken advantage of loopholes in the ticket purchase process and identity verification mechanism to impersonate or forge the identities of special passengers who are entitled to ticket purchase discounts, thereby disrupting the airline's ticket management order.

[0003] In the current system, the identity data of special passengers eligible for discounted airfares is managed by the corresponding administrative departments. To achieve data sharing between the ticketing system and the administrative departments' information systems, complex cross-departmental agreements and security audits must be conducted before the special passengers' identity data can be transmitted externally through the information systems. This process not only increases the system integration costs of the ticketing system but also introduces potential privacy risks. At the same time, the traditional identity verification model relies on airline staff to manually check the documents provided by passengers, which is inefficient and makes it difficult to identify document forgery. This results in low data security and low efficiency in verifying the identity of passengers applying for discounted airfares using existing technology.

[0004] There is currently no effective solution to the above problems. Summary of the Invention

[0005] This application provides a method, apparatus, and electronic device for verifying passenger identity, in order to at least solve the technical problems of low data security and low efficiency in verifying the identity of passengers applying for ticket purchase discounts based on existing technologies.

[0006] According to one aspect of this application, a method for verifying passenger identity is provided, comprising: extracting features from the facial data of a target passenger to obtain the facial feature value of the target passenger, wherein the target passenger is a passenger applying for a preset airfare discount rule; detecting the similarity between the facial feature value of the target passenger and L facial feature values ​​stored in a blockchain to obtain L similarity scores, wherein L is a positive integer, each facial feature value stored in the blockchain is the facial feature value of a preset passenger, and the preset passenger is a passenger who has passed the qualification authentication of a preset issuing authority; if the maximum value among the L similarity scores is greater than the preset similarity score, detecting whether the owner of the digital certificate provided by the target passenger is the target passenger, wherein the digital certificate is a certificate issued by the preset issuing authority to the preset passenger; if the owner of the digital certificate is the target passenger, detecting whether the digital certificate provided by the target passenger passes the validity check; if the digital certificate provided by the target passenger passes the validity check, determining that the target passenger has passed the identity verification, and processing the check-in for the target passenger.

[0007] Optionally, detecting whether the owner of the digital credential provided by the target passenger is the target passenger includes: querying the blockchain based on the digital identity identifier of a preset passenger corresponding to the maximum value among L similarities to obtain the target passenger's digital identity file, wherein the digital identity file includes at least the target passenger's public key; performing signature verification on the first signature in the digital credential based on the public key in the digital identity file, wherein the first signature is a digital signature generated based on the private key of the owner of the digital credential; and determining that the owner of the digital credential provided by the target passenger is the target passenger if the first signature passes the signature verification.

[0008] Optionally, detecting whether the digital certificate provided by the target passenger passes the validity check includes: detecting whether the digital certificate provided by the target passenger passes M validity sub-checks, where M is a positive integer, and the M validity sub-checks include at least: a first validity sub-check, used to verify the signature of the second signature in the digital certificate based on the public key of the preset issuer corresponding to the digital certificate, the second signature being a digital signature generated based on the private key of the preset issuer; a second validity sub-check, used to check whether the list of preset issuers in the blockchain includes the issuer identifier of the preset issuer corresponding to the digital certificate; and a third validity sub-check, used to check whether the certificate status of the digital certificate is revoked; if the digital certificate passes the M validity sub-checks, it is determined that the digital certificate provided by the target passenger passes the validity check.

[0009] Optionally, before detecting whether the owner of the digital credential provided by the target passenger is the target passenger, the passenger identity verification method further includes: collecting the digital identity identifier and application data of the preset passenger, wherein the application data includes at least the preset passenger's public key, facial data, qualification data, and first signature, and the qualification data is used to prove that the preset passenger is qualified to enjoy the preset airfare discount rules; generating a digital identity registration request for the preset passenger based on the digital identity identifier and application data; and after the preset credential issuer receives the digital identity registration request, generating the digital credential for the preset passenger based on the digital identity registration request.

[0010] Optionally, generating a digital credential for a preset passenger based on a digital identity registration request by a preset issuing authority includes: authenticating the preset passenger's qualifications based on the application data in the digital identity registration request by the preset issuing authority; generating an initial digital credential for the preset passenger based on the digital identity registration request after the preset passenger passes the qualification authentication; digitally signing the initial digital credential based on the private key of the preset issuing authority, and embedding the second signature obtained from the digital signature into the initial digital credential to obtain the digital credential for the preset passenger.

[0011] Optionally, after generating a digital credential for a preset passenger based on a digital identity registration request through a preset issuing party, the passenger identity verification method further includes: extracting features from the preset passenger's facial data to obtain the preset passenger's facial feature value; generating a digital identity file for the preset passenger based on the preset passenger's facial feature value, digital identity identifier, and public key; and storing the preset passenger's digital identity file on the blockchain.

[0012] Optionally, after generating a digital credential for a pre-defined passenger based on a digital identity registration request through a pre-defined issuing party, the passenger identity verification method further includes: after receiving a request to revoke the digital credential of the pre-defined passenger, storing the credential identifier of the pre-defined passenger's digital credential in a list of pre-revoked credentials in the blockchain.

[0013] Optionally, before generating the digital credential for the preset passenger based on the digital identity registration request through the preset issuer, the passenger identity verification method further includes: verifying the preset issuer based on the issuer registration request submitted by the preset issuer, wherein the issuer registration request includes at least the public key of the preset issuer, the credential type of the digital credential, the data type of the preset passenger's application data, the interface address of the digital identity registration request, and the query address of the preset revoked credential list; after the preset issuer passes the issuer verification, the issuer identifier of the preset issuer is stored in the preset issuer list in the blockchain.

[0014] According to another aspect of this application, a passenger identity verification device is also provided, comprising: a first feature extraction unit, configured to extract features from the facial data of a target passenger to obtain the facial feature value of the target passenger, wherein the target passenger is a passenger applying for a preset airfare discount rule; a first detection unit, configured to detect the similarity between the facial feature value of the target passenger and L facial feature values ​​stored in a blockchain to obtain L similarity scores, wherein L is a positive integer, and each facial feature value stored in the blockchain is the facial feature value of a preset passenger, wherein the preset passenger is a passenger who has passed the qualification authentication of a preset issuing authority; a second detection unit, configured to detect whether the owner of the digital certificate provided by the target passenger is the target passenger if the maximum value among the L similarity scores is greater than the preset similarity score, wherein the digital certificate is a certificate issued by the preset issuing authority to the preset passenger; a third detection unit, configured to detect whether the digital certificate provided by the target passenger passes the validity check if the owner of the digital certificate is the target passenger; and a check-in unit, configured to determine that the target passenger has passed the identity verification and process the check-in for the target passenger if the digital certificate provided by the target passenger passes the validity check.

[0015] According to another aspect of this application, a computer program product is also provided, which stores a computer program, wherein, when the computer program is run, it controls the computer program product to perform the passenger identity verification method described above.

[0016] According to another aspect of this application, an electronic device is also provided, wherein the electronic device includes one or more processors and a memory for storing one or more programs, wherein when the one or more programs are executed by the one or more processors, the one or more processors implement the passenger identity verification method of any one of the above.

[0017] In this application, firstly, facial features are extracted from the facial data of the target passenger to obtain the facial feature value of the target passenger, where the target passenger is the passenger applying for a preset airfare discount rule. Then, this application detects the similarity between the facial feature value of the target passenger and L facial feature values ​​stored in the blockchain, obtaining L similarity scores, where L is a positive integer. Each facial feature value stored in the blockchain is the facial feature value of the preset passenger, who is a passenger who has passed the qualification authentication of a preset issuing party. Next, if the maximum value among the L similarity scores is greater than the preset similarity score, it checks whether the owner of the digital certificate provided by the target passenger is the target passenger, where the digital certificate is a certificate issued by the preset issuing party to the preset passenger. Subsequently, if the owner of the digital certificate is the target passenger, it checks whether the digital certificate provided by the target passenger passes the validity check. Finally, if the digital certificate provided by the target passenger passes the validity check, it is determined that the target passenger has passed identity verification, and check-in is processed for the target passenger.

[0018] As described above, this application achieves automated passenger identity verification without disseminating the original identity data (e.g., digital certificates issued by the pre-defined issuing authority) stored on the blockchain. This is achieved by extracting the facial feature values ​​of the target passenger and comparing them with the facial feature values ​​of the pre-defined passengers stored in the corresponding management department. Combined with the means of verifying the ownership and validity of the digital certificate held by the target passenger, this application achieves the technical effect of protecting passenger privacy throughout the passenger identity verification process. The technical solution of this application does not require integration of the airline's ticketing system with the information system of the pre-defined passenger management department, nor does it require manual verification of the digital certificates provided by the passenger. This improves the efficiency of passenger identity verification and solves the technical problems of low data security and low efficiency in identity verification of passengers applying for ticket purchase discounts based on existing technologies. Attached Figure Description

[0019] The accompanying drawings, which are included to provide a further understanding of this application and form part of this application, illustrate exemplary embodiments and are used to explain this application, but do not constitute an undue limitation of this application. In the drawings:

[0020] Figure 1 This is a flowchart of an optional passenger identity verification method according to an embodiment of this application;

[0021] Figure 2 This is an architecture diagram of an optional passenger identity verification system according to an embodiment of this application;

[0022] Figure 3This is an architecture diagram of an optional issuing party service module according to an embodiment of this application;

[0023] Figure 4 This is an architecture diagram of an optional user terminal module according to an embodiment of this application;

[0024] Figure 5 This is a schematic diagram of an optional passenger identity verification device according to an embodiment of this application;

[0025] Figure 6 This is a structural block diagram of an electronic device according to an embodiment of this application. Detailed Implementation

[0026] To enable those skilled in the art to better understand the present application, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the accompanying drawings. Obviously, the described embodiments are only some embodiments of the present application, and not all embodiments. Based on the embodiments in the present application, all other embodiments obtained by those of ordinary skill in the art without creative effort should fall within the scope of protection of the present application.

[0027] It should be noted that the terms "first," "second," etc., in the specification, claims, and accompanying drawings of this application are used to distinguish similar objects and are not necessarily used to describe a specific order or sequence. It should be understood that such data can be interchanged where appropriate so that the embodiments of this application described herein can be implemented in orders other than those illustrated or described herein. Furthermore, the terms "comprising" and "having," and any variations thereof, are intended to cover non-exclusive inclusion; for example, a process, method, system, product, or apparatus that comprises a series of steps or units is not necessarily limited to those steps or units explicitly listed, but may include other steps or units not explicitly listed or inherent to such processes, methods, products, or apparatus.

[0028] It should also be noted that all information and data (including but not limited to information used for display and analysis) involved in this application are authorized by the user or fully authorized by all parties. For example, if there is an interface between this system and the relevant user or organization, before obtaining the relevant information, it is necessary to send a request to the aforementioned user or organization through the interface, and obtain the relevant information only after receiving consent from the aforementioned user or organization.

[0029] Furthermore, the collection, storage, use, processing, transmission, provision, disclosure, and application of relevant information and data involved in this application all comply with the relevant laws, regulations, and standards of the relevant regions, and necessary confidentiality measures have been taken. This application does not violate public order and good morals. In addition, this application provides a corresponding operation entry point for users to choose to agree to or refuse authorization. If the user chooses to refuse authorization, the corresponding expert decision-making process will be initiated.

[0030] The present invention will now be described in detail with reference to various embodiments.

[0031] Example 1

[0032] According to an embodiment of this application, an embodiment of a method for verifying passenger identity is provided. It should be noted that the steps shown in the flowchart in the accompanying drawings can be executed in a computer system such as a set of computer-executable instructions. Furthermore, although a logical order is shown in the flowchart, in some cases, the steps shown or described may be executed in a different order than that shown here.

[0033] This application provides a passenger identity verification system (hereinafter referred to as the verification system) for executing the passenger identity verification method of this application. Figure 1 This is a flowchart of an optional passenger identity verification method according to an embodiment of this application, such as... Figure 1 As shown, the method includes the following steps:

[0034] Step S101: Extract features from the facial data of the target passenger to obtain the facial feature value of the target passenger, wherein the target passenger is the passenger who applied to enjoy the preset airfare discount rules.

[0035] Optionally, at the airline's check-in terminal, the verification system acquires the facial image of the target passenger through an image acquisition device to obtain the target passenger's facial data. Then, it calls a preset facial recognition algorithm to extract facial features such as facial contours and facial structure from the facial image, and converts the extracted facial features into a fixed-length numerical vector to obtain the target passenger's facial feature value.

[0036] Optionally, the verification system extracts facial feature values ​​to digitally represent the facial features of the target passenger, avoiding the technical vulnerability of using easily forged physical documents such as ID cards and photos by department personnel. This method does not require passengers to carry any physical documents; the identity verification process can be initiated solely based on facial data, improving verification efficiency. At the same time, since facial feature values ​​are one-way encrypted vectors, attackers cannot reverse-engineer the original facial data after intercepting facial feature values, which reduces the probability of facial data leakage from a technical perspective and improves the security of the target passenger's facial data.

[0037] Step S102: Detect the similarity between the facial feature value of the target passenger and the L facial feature values ​​stored in the blockchain to obtain L similarity scores, where L is a positive integer. Each facial feature value stored in the blockchain is the facial feature value of a preset passenger, who is a passenger who has passed the qualification certification of a preset issuing party.

[0038] Optionally, at the airline's check-in terminal, the verification system calls the digital identity service module to query the L facial feature values ​​of all L pre-defined passengers who have registered and completed qualification authentication in the blockchain. Then, it calculates the cosine similarity between the target passenger's facial feature value and the facial feature value on each chain, and outputs L similarity values.

[0039] Optionally, the facial feature value stored on the blockchain refers to the feature vector that is uploaded by the passenger when registering their digital identity and written into the blockchain through a smart contract. It has the characteristics of being tamper-proof and traceable.

[0040] Optionally, a pre-defined passenger refers to a passenger who has completed qualification verification and digital identity registration through a pre-defined issuing authority.

[0041] Optionally, the verification system stores the facial feature values ​​of pre-defined passengers who have been certified by a pre-defined issuing authority and completed digital identity registration in the blockchain. By leveraging the immutability of on-chain data, the credibility of the detected L similarity scores is improved. Furthermore, by storing the facial feature values ​​of pre-defined passengers in the blockchain, the airline's ticketing system can automatically complete the preliminary verification of the target passenger's identity using only on-chain data without accessing the database of an external system. This reduces the integration cost of the ticketing system and improves the efficiency of the preliminary verification of the target passenger's identity.

[0042] Step S103: If the maximum value among the L similarities is greater than the preset similarity, detect whether the owner of the digital certificate provided by the target passenger is the target passenger. The digital certificate is a certificate issued by the preset issuer to the preset passenger.

[0043] Optionally, if the maximum value among the L similarities is greater than the preset similarity, the verification system determines that the target passenger matches a preset passenger identity in the blockchain, that is, confirms that the target passenger is a passenger who has passed the qualification certification of the preset issuing party and has the qualifications to enjoy the preset air ticket discount rules. Then, the verification system prompts the target passenger to show the QR code of the digital certificate. The verification system obtains the target passenger's digital certificate by scanning the QR code.

[0044] Optionally, traditional facial recognition technology can only confirm "who this person is," but cannot confirm "whether this person has impersonated someone else to enjoy the pre-set ticket discount rules." The verification system, by detecting the consistency between the owner of the digital voucher provided by the target passenger and the target passenger, can identify whether the holder of the digital voucher and the owner of the digital voucher are the same person, effectively preventing the loophole of impersonating someone else to enjoy the pre-set ticket discount rules, thereby improving the accuracy of passenger identity verification.

[0045] Step S104: If the owner of the digital credential is the target passenger, check whether the digital credential provided by the target passenger passes the validity check.

[0046] Optionally, the verification system checks at least the following three items by calling the credential verification interface of the digital identity service module:

[0047] (1) Verify the digital signature in the digital certificate using the public key of the pre-defined issuer;

[0048] (2) Whether the preset issuer corresponding to the digital certificate has been certified by the nodes in the consortium blockchain;

[0049] (3) Whether the digital certificate is in a revoked state.

[0050] Optionally, even if the digital credential belongs to the target passenger, but the digital signature in the digital credential is non-compliant, the preset issuer corresponding to the digital credential has not been certified by the node, or the digital credential is in a revoked state, the target passenger still cannot enjoy the preset airfare discount. The verification system verifies the digital signature to conduct a trust check on the preset issuer of the digital credential. By checking whether the digital credential is in a revoked state, it ensures the validity of the digital credential and thus guarantees the accuracy of the target passenger's identity verification result.

[0051] Step S105: If the digital credential provided by the target passenger passes the validity verification, determine that the target passenger has passed the identity verification and process the check-in for the target passenger.

[0052] Optionally, if the digital credentials provided by the target passenger pass the validity verification, the verification system automatically marks the target passenger as a "verified passenger", opens the check-in function module, and automatically prints boarding passes and selects flight seats for the target passenger, thereby improving the user experience of the target passenger.

[0053] As described above, this application achieves automated passenger identity verification without disseminating the original identity data (e.g., digital certificates issued by the pre-defined issuing authority) stored on the blockchain. This is achieved by extracting the facial feature values ​​of the target passenger and comparing them with the facial feature values ​​of the pre-defined passengers stored in the corresponding management department. Combined with the means of verifying the ownership and validity of the digital certificate held by the target passenger, this application achieves the technical effect of protecting passenger privacy throughout the passenger identity verification process. The technical solution of this application does not require integration of the airline's ticketing system with the information system of the pre-defined passenger management department, nor does it require manual verification of the digital certificates provided by the passenger. This improves the efficiency of passenger identity verification and solves the technical problems of low data security and low efficiency in identity verification of passengers applying for ticket purchase discounts based on existing technologies.

[0054] In one optional embodiment, the verification system first queries the blockchain based on the digital identity identifier of a preset passenger corresponding to the maximum value among L similarities to obtain the target passenger's digital identity file. The digital identity file includes at least the target passenger's public key. Then, the verification system performs signature verification on the first signature in the digital credential based on the public key in the digital identity file. The first signature is a digital signature generated based on the private key of the owner of the digital credential. If the first signature passes the signature verification, the verification system determines that the owner of the digital credential provided by the target passenger is the target passenger.

[0055] Optionally, when the verification system determines that the target passenger matches the identity of a preset passenger in the blockchain through facial feature comparison, the verification system automatically uses the digital identity identifier of the preset passenger as an index to query and obtain the corresponding "digital identity file" on the blockchain. Subsequently, the verification system extracts the first signature in the digital certificate, that is, the signature generated by the certificate holder's private key, and uses the public key in the digital identity file to verify the first signature. If the signature verification is successful, it proves that the digital certificate was issued by the person who holds the private key corresponding to the public key, that is, the owner of the digital certificate is the target passenger himself, thereby completing the confirmation of the ownership of the digital certificate.

[0056] Optionally, a digital identity is a unique identifier generated by the verification system when each pre-registered passenger applies for and registers their digital identity.

[0057] Optionally, after a successful facial recognition, the verification system does not rely directly on manual judgment or external databases. Instead, it accurately obtains the public key of the target passenger through the digital identity identifier already stored on the blockchain. Since the digital identity file is stored on the blockchain, its content is complete, its source is credible and non-repudiable, avoiding the risk of local cache or centralized database being tampered with, and providing a secure and reliable source of public keys for subsequent signature verification.

[0058] Optionally, the verification system verifies the first signature in the digital credential based on the public key in the digital identity file, thereby verifying the correspondence between the "owner of the digital credential" and the "holder of the digital identity". Since the public key comes from the on-chain digital identity file, and its identity has been pre-confirmed with the passenger through facial recognition, the public key represents the current passenger. If the credential signature can be successfully verified by the public key, it can be determined that the credential was generated by the person who owns the private key, the content of the credential has not been tampered with after issuance, and the holder of the credential is the target passenger, thus eliminating the possibility of "others holding or impersonating the credential".

[0059] Optionally, if the first signature passes the signature verification, the verification system determines that the digital credential provided by the target passenger belongs to the target passenger. This process does not rely on plaintext comparison of the credential content and does not require the transmission of sensitive identity data. Instead, it completes the ownership determination based on the registered on-chain digital identity and cryptographic signature mechanism, thereby improving the data security in the passenger identity verification process.

[0060] In one optional embodiment, the verification system first checks whether the digital credential provided by the target passenger passes M validity sub-tests, where M is a positive integer. If the digital credential passes the M validity sub-tests, the system determines that the digital credential provided by the target passenger has passed the validity test.

[0061] Optionally, the M validity sub-tests shall include at least:

[0062] The first validity check is used to verify the second signature in the digital certificate based on the public key of the preset issuer corresponding to the digital certificate. The second signature is a digital signature generated based on the private key of the preset issuer.

[0063] The second validity check is used to detect whether the list of preset issuers in the blockchain includes the issuer identifier of the preset issuer corresponding to the digital certificate.

[0064] The third validity check is used to detect whether the digital voucher is in a revoked state.

[0065] Optionally, when the target passenger presents the digital credential, the verification system calls the digital identity service module. First, it retrieves the public key of the preset issuer corresponding to the digital credential from the blockchain to verify the compliance of the second signature in the credential. Second, the verification system queries the list of trusted issuers stored in the blockchain to confirm whether the issuer has been registered as a compliant issuing entity. Third, the verification system calls the revocation credential storage unit to check whether the credential identifier of the digital credential exists in the preset revocation credential list. Only when all three sub-checks pass, the verification system determines that the digital credential has passed the validity check and allows it to proceed to the subsequent check-in process.

[0066] Optionally, the first validity sub-verification can be used to detect the credibility of the pre-issuer of the digital certificate. Since digital signatures use an asymmetric encryption mechanism, only the pre-issuer holding the corresponding private key can generate a valid signature. The public key is stored on the blockchain by the pre-issuer during registration and cannot be forged. If the first validity sub-verification fails, it indicates that the digital certificate may be forged or its content may have been modified. By passing the first validity sub-verification, the reliability of the source and the integrity of the content of the digital certificate can be detected from a cryptographic perspective.

[0067] Optionally, the second validity sub-check can detect that the pre-authorized issuer of the digital certificate is a trusted entity pre-authorized by the verification system. Even if an attacker obtains the private key of a compliant pre-authorized issuer and forges a signature, the digital signature will still be rejected if the pre-authorized issuer is not registered on the chain. This mechanism prevents the risk of "unauthorized institutions impersonating pre-authorized issuers to issue digital certificates" and realizes centralized, transparent, and tamper-proof access control of the issuing entity of digital certificates by the verification system.

[0068] Optionally, the validity period of a digital certificate can be confirmed through a third validity check. For example, if a passenger's preferential eligibility is cancelled, the issuing authority can add the certificate identifier of the digital certificate to the list of revoked certificates. The subsequent verification system can confirm the certificate status of the corresponding digital certificate by querying the list of revoked certificates. The revocation list is updated on the blockchain by the issuing authority and can be directly read by the check-in system. The response is fast, and dynamic management of the digital certificate's lifecycle is realized.

[0069] In summary, all three verifications mentioned above are based on trusted data stored on the blockchain. They require no connection to external systems or manual intervention, and are all automated locally, achieving the following technical effects:

[0070] (1) Anti-counterfeiting: Certificates without a valid signature or issued by an unregistered issuing party will not be accepted;

[0071] (2) Anti-fraud: Even if the credential is stolen, the system can still refuse to accept it if it has been revoked;

[0072] (3) Traceability: All issuing parties, signatures, and revocation records are recorded on the blockchain, enabling auditing capabilities;

[0073] (4) Low dependency: It does not depend on the issuing party's system being online in real time. The revocation status is updated asynchronously, and the system can still verify offline.

[0074] (5) Strong compliance: It only verifies the compliance of the voucher and does not acquire or store passenger privacy attributes, which is in line with the principle of data minimization.

[0075] In one optional embodiment, the verification system first collects the digital identity and application data of a preset passenger. The application data includes at least the preset passenger's public key, facial data, qualification data, and a first signature. The qualification data is used to prove that the preset passenger is qualified to enjoy the preset airfare discount rules. Then, the verification system generates a digital identity registration request for the preset passenger based on the digital identity and application data. Subsequently, after the preset certificate issuer receives the digital identity registration request, the verification system generates a digital credential for the preset passenger based on the digital identity registration request.

[0076] Optionally, a passenger initiates a digital identity registration process via a mobile terminal App. The App collects the passenger's digital identity identifier (a unique identifier generated locally), public key (a public key paired with a private key), facial data (facial feature values ​​extracted by an algorithm), qualification data (such as a "disability certificate" issued by a certain department), and a first signature generated by the passenger's private key on the above content. The above information is combined into application data, which is packaged by the App into a digital identity registration request and sent to a pre-designated issuing party. After receiving the request, the pre-designated issuing party verifies the authenticity of the application data. If the verification is successful, the pre-designated issuing party issues a digital certificate to the passenger using its own private key. The digital certificate is stored locally by the passenger on the mobile terminal App and is subsequently used for identity verification in check-in scenarios.

[0077] Optionally, the verification system can achieve a registration mechanism of "passenger self-initiation, minimal data collection, and self-identity verification" by collecting the digital identity identifiers and application data of pre-set passengers. At this time, passengers only submit necessary information and do not upload original ID cards, photos or complete files to avoid privacy leaks. In addition, the qualification data is only used as a verification basis and is not stored in the system's main database to reduce the risk of data abuse. This design enables the digital identity registration process to achieve a decentralized registration model of "passenger active declaration and certificate issuer passive verification".

[0078] Optionally, the verification system generates a pre-defined digital identity registration request for the passenger based on the digital identity identifier and application data. This integrates scattered registration elements into a standardized, verifiable request unit, facilitating unified processing by the issuing authority. All data is signed with the passenger's private key, ensuring the integrity and non-repudiation of the request. This structured request format is compatible with the smart contract of the digital identity service module, providing a technical foundation for subsequent on-chain registration or issuing authority verification. This design avoids the inefficient process of traditional "offline submission of paper materials + manual data entry," achieving digitalization, automation, and traceability of the registration process.

[0079] Optionally, after the preset issuer receives the digital identity registration request, the verification system generates a digital credential for the preset passenger based on the digital identity registration request. The preset issuer does not obtain the passenger's private key or store the original facial data, but only judges the authenticity based on the signature, qualifications, and feature values ​​submitted by the passenger. After the authenticity judgment is passed, only the digital credential is issued, without recording or storing the passenger's original identity information. This method allows the issuer to complete the "qualification authorization" only through encrypted signature without opening its internal database or sharing passenger data with airlines or airports. This conforms to the zero-knowledge proof concept, that is, the issuer "knows that the passenger meets the conditions" but "does not disclose any specific information to third parties".

[0080] In summary, the above steps constitute a complete registration loop for passengers from "applying for eligibility" to "obtaining verifiable credentials," achieving the following combined technical effects:

[0081] (1) Privacy protection: Neither the issuing party nor the airline stores the passenger's original qualifications, facial images, or identity information; they only process signatures and feature values, which meets the privacy protection requirements.

[0082] (2) Separation of permissions: Passengers control private keys and credentials, while the issuing party only authorizes qualifications and does not control the data, thus avoiding centralized databases becoming targets of attacks;

[0083] (3) Anti-impersonation registration: The first signature ensures that the registration is initiated by the person himself / herself, preventing registration by proxy and forged applications;

[0084] (4) Verifiable credentials: The issued digital credentials have cryptographic strength and can be independently verified during subsequent check-in without having to trace back to the issuing system;

[0085] (5) High scalability: The same process can be adapted to other special passenger groups. Only the issuing party and qualification data type need to be changed, without modifying the system architecture.

[0086] In one optional embodiment, the verification system first authenticates the pre-defined passenger based on the application data in the digital identity registration request by the pre-defined issuing party. Then, after the pre-defined passenger passes the authentication, the verification system generates an initial digital credential for the pre-defined passenger based on the digital identity registration request. Then, the verification system digitally signs the initial digital credential based on the private key of the pre-defined issuing party and embeds the second signature obtained from the digital signature into the initial digital credential to obtain the digital credential of the pre-defined passenger.

[0087] Optionally, after receiving a digital identity registration request submitted by a pre-defined passenger, the pre-defined issuing authority conducts qualification authentication based on the application data. The authentication process mainly includes: verifying the validity of the passenger's first signature to confirm that the application was initiated by the passenger; verifying the authenticity of the qualification data, such as verifying the validity of the "disability certificate" by connecting to an official database or calling a pre-defined interface; and comparing facial feature values ​​to see if they match the identity information in the qualification document. If the passenger is confirmed to be eligible for a flight discount, the issuing authority generates an initial digital certificate based on the passenger's digital identity, containing their identity identifier, attributes, validity period, etc. Subsequently, the issuing authority uses its own private key to digitally sign the initial digital certificate, generating a second signature, which is then embedded into the certificate to form the final, verifiable digital certificate. This certificate is kept by the passenger for identity verification during subsequent check-in.

[0088] Optionally, the verification system uses a pre-defined issuing party to authenticate a pre-defined passenger based on the application data in the digital identity registration request. The pre-defined issuing party only needs to verify the passenger's first signature (confirming the applicant is a genuine entity), qualification data (confirming the authenticity of the qualification), and facial feature value (assisting in confirming identity consistency), without needing to obtain or store original ID documents, household registration information, or historical files. All authentication actions are completed internally by the issuing party, and its system does not need to open its database interface to external systems, avoiding compliance risks caused by cross-system data sharing. Using the "first signature" to verify the source of the application ensures that the authentication request is genuine and non-repudiable, effectively preventing others from applying on behalf of others or forging identities. This process does not depend on whether the passenger has registered a digital identity, but only requires them to provide verifiable application materials, possessing the dual advantages of openness and security.

[0089] Optionally, after a passenger passes the qualification authentication, the verification system generates an initial digital credential for the passenger based on the digital identity registration request. The initial digital credential is an electronic qualification certificate generated by the issuing party after the qualification authentication is passed, which has not yet been signed. The initial digital credential does not contain any original identity information, but only necessary attributes, which meets the principle of "minimizing information exposure". The content of the credential does not depend on the issuing party's database, but is generated by the issuing party only based on the authentication result, ensuring that the content of the credential is consistent with the authentication result and avoiding manual input errors or system tampering.

[0090] Optionally, the verification system digitally signs the initial digital certificate based on the private key of the preset issuer, and embeds the second signature obtained from the digital signature into the initial digital certificate. Only the preset issuer holding the private key can generate a valid second signature, which cannot be forged from the outside, ensuring the authenticity and trustworthiness of the certificate source. The second signature covers all the contents of the certificate (attributes, validity period, identity identifier, etc.), and any tampering will cause the signature to become invalid, thus ensuring the integrity of the certificate.

[0091] In summary, the above steps constitute a complete closed-loop process from "qualification verification" to "certificate issuance." This process does not rely on data sharing between passengers and airlines, does not require the issuing party to open its original database, and does not expose any sensitive personal information. It achieves the following technical effects solely through cryptographic means:

[0092] (1) The certification process is controllable: the issuing party completes the qualification assessment in a closed environment without exposing its internal data;

[0093] (2) Credible and verifiable credentials: The second signature is issued by an "authoritative institution" and can be independently verified by a compliant system;

[0094] (3) Separation of identity and qualification: The certificate does not contain name or ID number, but only attribute declaration, minimizing information leakage;

[0095] (4) Decentralized availability: Once the credential is issued, passengers can use it offline, and the check-in system only needs the on-chain public key to complete the verification.

[0096] In one optional embodiment, the verification system first extracts features from the facial data of the preset passenger to obtain the facial feature value of the preset passenger. Then, the verification system generates a digital identity file of the preset passenger based on the facial feature value, digital identity identifier and public key. Finally, the verification system stores the digital identity file of the preset passenger in the blockchain.

[0097] Optionally, when a passenger registers their digital identity using a terminal app, the app calls the local camera to capture their facial image, then runs a facial feature extraction algorithm to generate a unique facial feature value corresponding to the passenger. This feature value, together with the passenger's self-generated digital identity identifier and public key, constitutes the core content of the digital identity file. The system encapsulates the digital identity file into structured data, calls a blockchain smart contract through the digital identity service module, and writes the file content into the consortium blockchain to complete on-chain storage. Once the digital identity file is on the blockchain, it is tamper-proof and can be uniquely queried and verified by the subsequent check-in system.

[0098] Optionally, the verification system generates a preset digital identity file for each passenger based on their facial feature value, digital identity identifier, and public key. The digital identity identifier serves as the primary index to ensure the uniqueness of each passenger's digital identity. The public key provides the data foundation for subsequent verification of the ownership of digital credentials. The facial feature value serves as the basis for biometric binding to ensure that the digital identity corresponds to the real individual. The combination of these three elements forms a complete and indivisible identity unit, avoiding the risk of "separation of identity and features".

[0099] Optionally, the verification system can achieve trusted storage and decentralized management of identity data by storing the digital identity files of pre-set passengers on the blockchain. Once the data is on the chain, no participating node can unilaterally modify or delete it, ensuring the authenticity and integrity of the identity information. When the check-in system verifies the information, it can query and obtain the passenger's digital identity file through the blockchain without calling the issuing authority or government system, reducing the cost and compliance risks of cross-system integration. As a public trust infrastructure, the blockchain enables non-issuing authorities such as airlines and airports to also trust the identity data without having to repeatedly verify the passenger's qualifications.

[0100] In summary, the above steps constitute the process for creating and reliably registering a passenger's digital identity, achieving the following technical effects:

[0101] (1) Privacy protection: No original facial images are uploaded or stored. Biometric features are processed in the form of encrypted vectors, which complies with personal information security regulations;

[0102] (2) Unique identity binding: face, identifier, and public key are triple-bound to ensure consistency of "person-data-rights" and prevent impersonation and theft;

[0103] (3) Data trustworthiness: On-chain storage ensures that data is not forged or repudiated, establishing a system-level trust foundation;

[0104] (4) Decentralized availability: The check-in system does not need to connect to an external database. It can obtain authoritative identity information through the blockchain, reducing system coupling and operational complexity;

[0105] (5) Reusable and scalable: The digital identity file can be reused in all subsequent application scenarios (such as check-in, security check, boarding) and supports other special passenger types to register using the same mechanism, only requiring a change of the issuing party.

[0106] In one optional embodiment, after receiving a request to revoke a preset passenger's digital credential, the verification system stores the credential identifier of the preset passenger's digital credential into a preset revocation credential list in the blockchain.

[0107] Optionally, when a pre-defined issuing authority decides to revoke a passenger's digital credential (e.g., the passenger's eligibility is cancelled, the credential expires, or misuse is discovered), the issuing authority initiates a revocation request to the blockchain through its service module. This request contains the unique credential identifier (i.e., credential ID) of the digital credential to be revoked. Upon receiving this request, the smart contract in the blockchain verifies whether the request originates from a registered pre-defined issuing authority (confirmed through its digital identity and signature). If the verification is successful, the credential identifier is written into a predefined "pre-defined revoked credential list" in the blockchain. This list only stores the credential ID and does not contain credential content, passenger identity information, or other sensitive data. Any subsequent check-in system can query this list to determine whether the credential has been revoked and thus decide whether to allow check-in.

[0108] Optionally, after receiving a request to revoke a pre-selected passenger's digital credential, the verification system stores the credential identifier of the pre-selected passenger's digital credential in a pre-selected revocation credential list in the blockchain, which can achieve the following technical effects:

[0109] (1) The revocation request only carries the credential identifier and does not involve sensitive data such as passenger identity, qualifications, or face, thus meeting the principle of minimizing information exposure;

[0110] (2) The revocation is initiated by the pre-set certificate issuer and must be signed with its private key to ensure that the instruction is genuine and cannot be forged, and to prevent malicious revocation or misoperation.

[0111] (3) The revocation list only stores the ID and does not store the voucher content, ensuring that even if the list is made public, the passenger's privacy information cannot be restored, which meets the requirements of data minimization and privacy protection;

[0112] (4) As the only trusted source, blockchain allows all participants (such as the check-in system) to query the revocation list locally without having to connect to the issuing system in real time, thus reducing network dependence and the risk of service interruption.

[0113] In one optional embodiment, the verification system first verifies the preset issuer based on the issuer registration request submitted by the preset issuer. The issuer registration request includes at least the preset issuer's public key, the credential type of the digital certificate, the data type of the preset passenger's application data, the interface address of the digital identity registration request, and the query address of the preset revocation credential list. After the preset issuer passes the issuer verification, the verification system stores the issuer identifier of the preset issuer in the preset issuer list in the blockchain.

[0114] Optionally, before issuing digital credentials to special passengers, the pre-designated issuer needs to submit an issuer registration request to the digital identity service module. Upon receiving the request, the digital identity service module verifies the identity compliance, interface availability, and data standardization of the pre-designated issuer (such as verifying whether the interface can respond normally and whether the credential type is compliant). After the verification is passed, the system writes the unique issuer identifier (such as a hash value generated based on its digital identity) assigned to the issuer into the list of pre-designated issuers maintained in the blockchain, which serves as the basis for the subsequent check-in system to verify the compliance of the digital credential issuing entity.

[0115] Optionally, the verification system generates a pre-defined issuer registration request based on the pre-defined issuer's public key, the digital credential type, the pre-defined passenger's application data data type, the interface address for the digital identity registration request, and the query address for the pre-defined revocation credential list. By explicitly requiring the submission of the public key, it ensures that all subsequent credential signatures can be verified by the system, avoiding "invalid issuance" that cannot be verified. By specifying the credential type, it prevents the issuer from issuing unauthorized attributes. By clearly defining the data type of the application data, it ensures that the application structure submitted by all passengers is consistent, facilitating automated processing and verification by the system. By providing two interface addresses, it ensures that the issuer has continuous service capabilities: the application interface is used to respond to passenger requests, and the revocation query interface is used to support the check-in system in real-time verification of credential status.

[0116] Optionally, after the preset issuer passes the issuer verification, the verification system stores the issuer identifier of the preset issuer in the preset issuer list in the blockchain, which can achieve the following technical effects:

[0117] (1) Ensure the "authority" of the pre-set certificate issuer: Once the pre-set certificate issuer's identifier is on the chain, it is confirmed by the consensus of the consortium chain nodes, and no party can tamper with, delete or forge it;

[0118] (2) When the check-in module verifies the digital certificate, it only needs to query the list to confirm whether the issuing party of the certificate is a compliant entity, without having to call the issuing party's system or manually verify, thus improving the verification efficiency;

[0119] (3) The list only stores identifiers and does not contain information about the issuing party’s internal system, personnel list or contact information, thus protecting the organization’s sensitive data.

[0120] In one alternative embodiment, Figure 2 This is an architecture diagram of an optional passenger identity verification system according to an embodiment of this application, such as... Figure 2 As shown, the verification system includes: a blockchain module, a digital identity service module, an issuing party service module, a check-in module, and a user terminal module.

[0121] Optionally, a blockchain module is used to build a decentralized digital identity ledger based on a consortium blockchain architecture. Participating organizations in the consortium blockchain include at least airlines and airports. The verification system, through the deployment of digital identity smart contracts, realizes core functions such as digital identity creation, management, identity verification, issuer management, and credential verification. When a passenger registers for a digital identity, the user terminal module collects the passenger's facial feature data, writes it into the digital identity information, and stores it on the blockchain for rapid identity verification via facial recognition during subsequent check-in.

[0122] Optionally, the digital identity service module is used to build a decentralized digital identity for travelers. This module achieves underlying data interaction by connecting to the digital identity smart contract in the blockchain module and provides standardized service interfaces to the outside world. Specific functional components include:

[0123] Digital Identity Management Unit: Enables operations such as registration and updating of passenger digital identities.

[0124] Digital Identity Resolution Unit: Resolves passenger digital identity details stored on the blockchain based on the unique digital identity identifier.

[0125] Issuing Party Management Unit: Registers and verifies the identities and qualifications of trusted issuing parties, maintains a list of trusted issuing parties, and ensures the compliance of entities issuing digital certificates.

[0126] Digital credential verification unit: Provides standardized interfaces to verify the authenticity and validity of credentials (such as signature compliance, whether they have been revoked, etc.), supporting rapid verification in passenger check-in scenarios.

[0127] Face Management Unit: Receives face feature data from user terminal module and check-in module, manages the association between face features and digital identity, and stores face feature values ​​on the blockchain to achieve secure management and verification of identity information.

[0128] Optionally, the issuing party service module (hereinafter referred to as the issuing party module) is responsible for the application, issuance, and revocation management of passenger digital credentials. This module is also assigned a digital identity during registration and issues digital credentials to passengers based on the private key of this digital identity. Figure 3 This is an architecture diagram of an optional issuing party service module according to an embodiment of this application, such as... Figure 3 As shown, the specific functional components of the certificate issuer service module include:

[0129] The credential application unit receives digital credential application requests submitted by passengers. The application includes a digital identity identifier, application data, and a signature generated by the passenger's private key. The issuing authority is pre-set to verify the authenticity and validity of the materials submitted by the passenger.

[0130] Voucher Issuance Unit: When a passenger's voucher application is approved, the pre-set issuing party uses its own private key to sign the voucher and return it.

[0131] Voucher Revocation Unit: When a digital voucher needs to be revoked, the voucher's ID is saved to the revocation voucher storage unit for subsequent querying and verification.

[0132] Revocation voucher storage unit: Stores a list of revoked vouchers (only voucher IDs are stored, not voucher content).

[0133] Certificate Issuer Registration Unit: Register your own information by calling the certificate issuer management unit of the digital identity service module. Before registration, the certificate issuer is required to generate a public-private key pair and submit the following:

[0134] (1) Public key of the issuing party.

[0135] (2) Types of vouchers that can be issued.

[0136] (3) The types of data that passengers need to provide when applying for a voucher.

[0137] (4) Apply for an interface address.

[0138] (5) Revocation certificate query interface address.

[0139] Optionally, the check-in module, deployed in the airport service system, is used for identity verification and check-in processing. Specific functional components include:

[0140] Face capture and verification unit: First, the face capture unit of the check-in module collects the passenger's face data. Then, the digital identity service module compares the collected face feature values ​​to verify the compliance of the passenger's identity. After successful verification, the passenger's digital identity information will be returned.

[0141] Voucher receiving unit: Used to scan the QR code of digital vouchers (such as "disability certificate") presented by passengers.

[0142] Credential Verification Unit: First, the facial recognition unit is invoked to obtain the digital identity information of the authenticated passenger. The public key within the digital identity is then used to verify the digital credential signature to confirm the passenger's identity. Subsequently, the compliance of the credential is further verified through the digital identity service module interface, including signature validity, the authenticity of the issuing party, and the credential status. Check-in can only proceed after successful verification; otherwise, the system will refuse check-in.

[0143] Optionally, the user terminal module runs as an app on the passenger's mobile terminal for managing digital identity and credential interactions. Figure 4 This is an architecture diagram of an optional user terminal module according to an embodiment of this application, such as... Figure 4As shown, the specific functional components of the user terminal module include:

[0144] Registration Unit: Users generate a public-private key pair locally, with the private key securely stored by the key management unit; at the same time, they submit the public key and facial information to the digital identity service module for registration to complete the creation of their digital identity.

[0145] Key Management Unit: Securely manages and stores user private keys.

[0146] Certificate Issuer Query Unit: Query the list of trusted certificate issuers that have registered on the digital identity service platform.

[0147] The certificate application and management unit is responsible for initiating digital certificate applications to the preset certificate issuers and managing the obtained certificates, including functions such as certificate display and revocation status query.

[0148] In one optional embodiment, taking the identity verification of a target passenger as an example, the interaction steps of the five modules—blockchain module, digital identity service module, issuing party service module, check-in module, and user terminal module—are as follows:

[0149] (1) Blockchain module:

[0150] Step 1: Create a decentralized digital identity ledger, with the main participants being various airlines and airports.

[0151] Step 2: Write a smart contract using the corresponding blockchain engine. The smart contract should provide core methods for creating, updating, verifying, and managing digital identities. Trusted issuers need to be stored on the blockchain, and during the digital verification phase, it is necessary to query on the blockchain whether they are compliant issuers.

[0152] (2) Digital Identity Service Module:

[0153] Step 1: Use the corresponding blockchain engine to build a client that accesses smart contracts.

[0154] Step 2: The system provides a passenger registration interface, allowing passengers or pre-designated issuers to initiate digital identity registration. During the registration process, public key information must be submitted. For passenger registration, the terminal module also needs to collect facial data and generate corresponding facial feature values. These feature values ​​will be written into the digital identity file and stored on the blockchain along with the public key and other information, achieving trusted registration and tamper-proof management of identity information.

[0155] Step 3: Provide a facial recognition interface. The check-in module collects facial data and generates facial feature value data, which is then sent to the digital identity service module for comparison with the facial feature value data stored in the blockchain. If successful, the digital identity information of the passenger is returned.

[0156] Step 4: Provide a digital identity resolution query interface. Input the unique digital identity identifier to query the digital identity information and facial feature value information stored on the blockchain.

[0157] Step 5: Provide an interface for certificate issuer registration, which can be initiated by the certificate issuer to apply to become a compliant certificate issuer and store the information on the blockchain.

[0158] Step 6: Passengers present their digital voucher QR code at the terminal. The check-in equipment collects and parses the QR code content, converting it into a digital voucher JSON (JavaScript Object Notation, a lightweight data interchange format) string. Subsequently, by calling the digital identity smart contract, it verifies the voucher holder's identity, issuing authority, and validity period for compliance.

[0159] Optionally, the certificate issuer service module:

[0160] Step 1: Provide a certificate application interface, which the user terminal connects to. Taking the authentication of disabled passengers as an example, the passenger will submit application data (digital identity, authentication materials, passenger private key signature) to a certain affairs department (i.e., the preset certificate issuer).

[0161] Step 2: If the application data is approved, a digital certificate will be returned (see the example above), along with the signature information of the issuing party's private key.

[0162] Step 3: The issuing party can revoke the issued certificate, save the revoked certificate ID to the storage medium, and provide a standard query interface for the digital identity service module to query.

[0163] Step 4: Complete the issuer registration by calling the issuer management unit of the digital identity service module. The following information must be submitted during registration: issuer digital identity identifier, authentication type (e.g., "disabled person"), data required for passenger credential application, credential application interface address, and credential revocation query interface address.

[0164] Optionally, check-in module:

[0165] Step 1: The check-in equipment collects passenger facial data and calls the facial authentication interface of the digital identity service for recognition and verification. After successful recognition, the system returns the passenger's digital identity information, which includes the passenger's public key.

[0166] Step 2: Passengers present the QR code of their "Disability Certificate". The certificate receiving unit parses the QR code data and sends it to the certificate verification unit for verification.

[0167] Step 3: The credential verification unit first calls the face capture and verification unit to obtain the passenger's previously verified digital identity public key. This key is used to verify the signature of the digital credential displayed by the passenger, ensuring that the digital credential belongs to the passenger and has not been stolen. Subsequently, the credential verification unit verifies the credential's compliance through the digital identity service interface, including the signature, issuing party, and status. If verification is successful, the system continues with check-in; if verification fails, check-in service is refused.

[0168] Optionally, the user terminal module:

[0169] Step 1: Passengers need to complete registration when logging into the App for the first time. The user's terminal generates a key pair locally. The private key is stored in the App's secure storage area, while the public key and facial information are submitted to the digital identity service module for registration.

[0170] Step 2: Passengers query the list of trusted issuers registered in the digital identity service module, such as "a certain affairs department", fill in the application information, initiate a digital credential application, and receive the application ID.

[0171] Step 3: After the application is approved, you can obtain a digital certificate through the application ID.

[0172] Step 4: In the identity verification scenario, sign the credential using your private key. Then present the QR code containing the credential to the check-in module for verification.

[0173] As described above, this application achieves automated passenger identity verification without disseminating the original identity data (e.g., digital certificates issued by the pre-defined issuing authority) stored on the blockchain. This is achieved by extracting the facial feature values ​​of the target passenger and comparing them with the facial feature values ​​of the pre-defined passengers stored in the corresponding management department. Combined with the means of verifying the ownership and validity of the digital certificate held by the target passenger, this application achieves the technical effect of protecting passenger privacy throughout the passenger identity verification process. The technical solution of this application does not require integration of the airline's ticketing system with the information system of the pre-defined passenger management department, nor does it require manual verification of the digital certificates provided by the passenger. This improves the efficiency of passenger identity verification and solves the technical problems of low data security and low efficiency in identity verification of passengers applying for ticket purchase discounts based on existing technologies.

[0174] Example 2

[0175] This application embodiment can also provide a passenger identity verification device. It should be noted that the passenger identity verification device of this application embodiment can be used to execute the passenger identity verification method provided in this application embodiment. The passenger identity verification device provided in this application embodiment will be described below.

[0176] According to an embodiment of this application, an apparatus for implementing the above-described passenger identity verification method is also provided. Figure 5 This is a schematic diagram of an optional passenger identity verification device according to an embodiment of this application, such as... Figure 5 As shown, the device includes: a first feature extraction unit 501, a first detection unit 502, a second detection unit 503, a third detection unit 504, and a check-in unit 505.

[0177] Optionally, the first feature extraction unit 501 is used to extract features from the facial data of the target passenger to obtain the facial feature value of the target passenger, wherein the target passenger is the passenger applying for a preset airfare discount rule; the first detection unit 502 is used to detect the similarity between the facial feature value of the target passenger and L facial feature values ​​stored in the blockchain to obtain L similarity scores, wherein L is a positive integer, and each facial feature value stored in the blockchain is the facial feature value of the preset passenger, wherein the preset passenger is the passenger who has passed the qualification authentication of the preset issuing party; the second detection unit 503 is used to detect whether the owner of the digital certificate provided by the target passenger is the target passenger if the maximum value among the L similarity scores is greater than the preset similarity score, wherein the digital certificate is a certificate issued by the preset issuing party to the preset passenger; the third detection unit 504 is used to detect whether the digital certificate provided by the target passenger passes the validity check if the owner of the digital certificate is the target passenger; the check-in unit 505 is used to determine that the target passenger has passed the identity verification and to process the check-in for the target passenger if the digital certificate provided by the target passenger passes the validity check.

[0178] In one optional embodiment, the second detection unit 503 includes: a query subunit, a first signature verification subunit, and a first determination subunit.

[0179] Optionally, a query subunit is used to query the blockchain based on the digital identity identifier of a preset passenger corresponding to the maximum value among L similarities to obtain the digital identity file of the target passenger, wherein the digital identity file includes at least the public key of the target passenger; a first signature verification subunit is used to perform signature verification on the first signature in the digital certificate based on the public key in the digital identity file, wherein the first signature is a digital signature generated based on the private key of the owner of the digital certificate; and a first determination subunit is used to determine that the owner of the digital certificate provided by the target passenger is the target passenger if the first signature passes the signature verification.

[0180] In one optional embodiment, the third detection unit 504 includes: a validity verification subunit and a second determination subunit.

[0181] Optionally, the validity verification subunit is used to detect whether the digital certificate provided by the target passenger passes M validity sub-verifications, where M is a positive integer, and the M validity sub-verifications include at least: a first validity sub-verification, used to verify the second signature in the digital certificate based on the public key of the preset issuer corresponding to the digital certificate, the second signature being a digital signature generated based on the private key of the preset issuer; a second validity sub-verification, used to detect whether the preset issuer list in the blockchain includes the issuer identifier of the preset issuer corresponding to the digital certificate; a third validity sub-verification, used to detect whether the certificate status of the digital certificate is revoked; and a second determination subunit, used to determine that the digital certificate provided by the target passenger passes the validity verification if the digital certificate passes the M validity sub-verifications.

[0182] In one optional embodiment, the passenger identity verification device further includes: a data acquisition unit, a first generation unit, and a second generation unit.

[0183] Optionally, the collection unit is used to collect the digital identity identifier and application data of a preset passenger, wherein the application data includes at least the preset passenger's public key, facial data, qualification data, and first signature, and the qualification data is used to prove that the preset passenger is qualified to enjoy the preset airfare discount rules; the first generation unit is used to generate a digital identity registration request for the preset passenger based on the digital identity identifier and application data; the second generation unit is used to generate a digital credential for the preset passenger by the preset credential issuer based on the digital identity registration request after the preset credential issuer receives the digital identity registration request.

[0184] In one optional embodiment, the second generation unit includes: an authentication subunit, a generation subunit, and a signature subunit.

[0185] Optionally, the authentication subunit is used to authenticate the preset passenger based on the application data in the digital identity registration request by the preset issuing party; the generation subunit is used to generate the preset passenger's initial digital certificate based on the digital identity registration request after the preset passenger passes the authentication; and the signing subunit is used to digitally sign the initial digital certificate based on the private key of the preset issuing party, and embed the second signature obtained by digital signing into the initial digital certificate to obtain the preset passenger's digital certificate.

[0186] In one optional embodiment, the passenger identity verification device further includes: a second feature extraction unit, a third generation unit, and a first storage unit.

[0187] Optionally, the second feature extraction unit is used to extract features from the facial data of the preset passenger to obtain the facial feature value of the preset passenger; the third generation unit is used to generate the digital identity file of the preset passenger based on the facial feature value, digital identity identifier and public key; and the first storage unit is used to store the digital identity file of the preset passenger to the blockchain.

[0188] In an optional embodiment, the passenger identity verification device further includes a second storage unit.

[0189] Optionally, the second storage unit is used to store the credential identifier of the preset passenger's digital credential into the preset revocation credential list in the blockchain after receiving the preset passenger's digital credential revocation request.

[0190] In one optional embodiment, the passenger identity verification device further includes: an issuing verification unit and a third storage unit.

[0191] Optionally, the issuer verification unit is used to verify the preset issuer based on the issuer registration request submitted by the preset issuer. The issuer registration request includes at least the public key of the preset issuer, the certificate type of the digital certificate, the data type of the application data of the preset passenger, the interface address of the digital identity registration request, and the query address of the preset revocation certificate list. The third storage unit is used to store the issuer identifier of the preset issuer in the preset issuer list in the blockchain after the preset issuer passes the issuer verification.

[0192] As described above, this application achieves automated passenger identity verification without disseminating the original identity data (e.g., digital certificates issued by the pre-defined issuing authority) stored on the blockchain. This is achieved by extracting the facial feature values ​​of the target passenger and comparing them with the facial feature values ​​of the pre-defined passengers stored in the corresponding management department. Combined with the means of verifying the ownership and validity of the digital certificate held by the target passenger, this application achieves the technical effect of protecting passenger privacy throughout the passenger identity verification process. The technical solution of this application does not require integration of the airline's ticketing system with the information system of the pre-defined passenger management department, nor does it require manual verification of the digital certificates provided by the passenger. This improves the efficiency of passenger identity verification and solves the technical problems of low data security and low efficiency in identity verification of passengers applying for ticket purchase discounts based on existing technologies.

[0193] It should be noted that the first feature extraction unit 501, the first detection unit 502, the second detection unit 503, the third detection unit 504, and the check-in unit 505 mentioned above correspond to steps S101 to S105 in the method embodiment. The instances and application scenarios implemented by the above units and the corresponding steps are the same, but are not limited to the content disclosed in the above embodiment.

[0194] Example 3

[0195] Embodiments of this application can also provide an electronic device. Figure 6 This is a structural block diagram of an electronic device according to an embodiment of this application, such as... Figure 6 As shown, the electronic device includes: one or more ( Figure 6 (Only one is shown) Processor 602, memory 604, memory controller, and peripheral interface, wherein the peripheral interface is connected to the radio frequency module, audio module and display.

[0196] The memory can be used to store software programs and modules, such as the program instructions / modules corresponding to the methods and devices in the embodiments of this application. The processor executes various functional applications and data processing by running the software programs and modules stored in the memory, thereby realizing the above-mentioned passenger identity verification method.

[0197] The memory may include high-speed random access memory (RAM), and may also include non-volatile memory, such as one or more magnetic storage devices, flash memory, or other non-volatile solid-state memory. In some instances, the memory may further include memory remotely located relative to the processor, which can be connected to the terminal via a network. Examples of such networks include, but are not limited to, the Internet, intranets, local area networks (LANs), mobile communication networks, and combinations thereof.

[0198] The processor can access information and applications stored in memory via a transfer device to perform the following steps:

[0199] Facial features are extracted from the target passenger's facial data to obtain the target passenger's facial feature value, where the target passenger is the passenger applying for a preset airfare discount rule. The similarity between the target passenger's facial feature value and L facial feature values ​​stored on the blockchain is detected, resulting in L similarity scores, where L is a positive integer. Each facial feature value stored on the blockchain is the facial feature value of a preset passenger, who is a passenger who has passed the qualification authentication of a preset issuing authority. If the maximum value among the L similarity scores is greater than the preset similarity score, it is checked whether the owner of the digital certificate provided by the target passenger is the target passenger, where the digital certificate is a certificate issued by the preset issuing authority to the preset passenger. If the owner of the digital certificate is the target passenger, it is checked whether the digital certificate provided by the target passenger passes the validity check. If the digital certificate provided by the target passenger passes the validity check, it is determined that the target passenger has passed identity verification, and check-in is processed for the target passenger.

[0200] This application provides a scheme for verifying passenger identity. By extracting the facial feature value of the target passenger and comparing it with the facial feature value of a preset passenger certified by a preset issuing authority stored on the blockchain, combined with methods for verifying the ownership and validity of the digital certificate held by the target passenger, this application achieves automated passenger identity verification without disseminating the original identity data of the target passenger stored in the corresponding management department (e.g., the digital certificate issued by the preset issuing authority). This achieves the technical effect of protecting passenger privacy throughout the passenger identity verification process. The technical solution of this application does not require integration with the airline's ticketing system and the information system of the preset passenger management department, nor does it require manual verification of the digital certificate provided by the passenger. This improves the efficiency of passenger identity verification and solves the technical problems of low data security and low efficiency in verifying the identity of passengers applying for ticket purchase discounts based on existing technologies.

[0201] Those skilled in the art will understand that Figure 6 The structure shown is for illustrative purposes only. Electronic devices can also be smartphones, tablets, PDAs, mobile internet devices, PADs, and other terminal devices. Figure 6 This does not limit the structure of the aforementioned electronic device. For example, electronic devices may also include components that are more... Figure 6 The more or fewer components shown (such as network interfaces, display devices, etc.), or having the same Figure 6 The different configurations shown.

[0202] Those skilled in the art will understand that all or part of the steps in the various methods of the above embodiments can be implemented by a program instructing the hardware related to the terminal device. The program can be stored in a computer-readable storage medium, which may include: flash drive, read-only memory (ROM), random access memory (RAM), disk or optical disk, etc.

[0203] Example 4

[0204] Embodiments of this application may also provide a storage medium.

[0205] Optionally, in this embodiment of the application, the storage medium can be used to store the program code executed by the passenger identity verification method provided in the above method embodiment.

[0206] Optionally, in this embodiment, the storage medium may be located in any computer terminal in a group of computer terminals in a computer network, or in any mobile terminal in a group of mobile terminals.

[0207] This application also provides a computer program product, which, when executed on a data processing device, is suitable for performing steps of a method for verifying passenger identity.

[0208] The sequence numbers of the embodiments in this application are for descriptive purposes only and do not represent the superiority or inferiority of the embodiments.

[0209] In the above embodiments of this application, the descriptions of each embodiment have different focuses. For parts not described in detail in a certain embodiment, please refer to the relevant descriptions of other embodiments.

[0210] In the several embodiments provided in this application, it should be understood that the disclosed technical content can be implemented in other ways. The device embodiments described above are merely illustrative; for example, the division of units is only a logical functional division, and in actual implementation, there may be other division methods. For example, multiple units or components may be combined or integrated into another system, or some features may be ignored or not executed. Furthermore, the displayed or discussed mutual coupling, direct coupling, or communication connection may be through some interfaces; the indirect coupling or communication connection between units or modules may be electrical or other forms.

[0211] The units described as separate components may or may not be physically separate. The components shown as units may or may not be physical units; that is, they may be located in one place or distributed across multiple network units. Some or all of the units can be selected to achieve the purpose of this embodiment according to actual needs.

[0212] Furthermore, the functional units in the various embodiments of this application can be integrated into one processing unit, or each unit can exist physically separately, or two or more units can be integrated into one unit. The integrated unit can be implemented in hardware or as a software functional unit.

[0213] If the integrated unit is implemented as a software functional unit and sold or used as an independent product, it can be stored in a computer-readable storage medium. Based on this understanding, the technical solution of this application, in essence, or the part that contributes to the prior art, or all or part of the technical solution, can be embodied in the form of a software product. This computer software product is stored in a storage medium and includes several instructions to cause a computer device (which may be a personal computer, server, or network device, etc.) to execute all or part of the steps of the methods described in the various embodiments of this application. The aforementioned storage medium includes various media capable of storing program code, such as a USB flash drive, read-only memory (ROM), random access memory (RAM), portable hard drive, magnetic disk, or optical disk.

[0214] The above description is only a preferred embodiment of this application. It should be noted that for those skilled in the art, several improvements and modifications can be made without departing from the principle of this application, and these improvements and modifications should also be considered within the scope of protection of this application.

Claims

1. A method of verifying the identity of a passenger, characterized by, include: Feature extraction is performed on the facial data of the target passenger to obtain the facial feature value of the target passenger, wherein the target passenger is the passenger applying to enjoy the preset airfare discount rules; The similarity between the facial feature value of the target passenger and L facial feature values ​​stored in the blockchain is detected to obtain L similarity scores, where L is a positive integer. Each facial feature value stored in the blockchain is the facial feature value of a preset passenger, and the preset passenger is a passenger who has passed the qualification certification of a preset issuing party. If the maximum value among the L similarities is greater than a preset similarity, it is detected whether the owner of the digital certificate provided by the target passenger is the target passenger, wherein the digital certificate is a certificate issued by the preset issuing party to the preset passenger; If the digital credential belongs to the target passenger, check whether the digital credential provided by the target passenger passes the validity check; If the digital credential provided by the target passenger passes the validity verification, the target passenger is determined to be verified, and check-in is processed for the target passenger.

2. The passenger identity verification method according to claim 1, characterized by, Detecting whether the owner of the digital credential provided by the target passenger is the target passenger includes: Based on the digital identity identifier of the preset passenger corresponding to the maximum value among the L similarities, a query is performed in the blockchain to obtain the digital identity file of the target passenger, wherein the digital identity file includes at least the public key of the target passenger; The first signature in the digital credential is verified based on the public key in the digital identity file, wherein the first signature is a digital signature generated based on the private key of the owner of the digital credential. If the first signature passes the signature verification, it is determined that the digital credential provided by the target passenger belongs to the target passenger.

3. The passenger identity verification method according to claim 1, characterized in that, Detecting whether the digital credentials provided by the target passenger pass the validity check includes: The system checks whether the digital credential provided by the target passenger passes M validity sub-tests, where M is a positive integer, and the M validity sub-tests include at least the following: The first validity check is used to verify the second signature in the digital certificate based on the public key of the preset issuer corresponding to the digital certificate. The second signature is a digital signature generated based on the private key of the preset issuer. The second validity check is used to detect whether the list of preset issuers in the blockchain includes the issuer identifier of the preset issuer corresponding to the digital certificate. The third validity check is used to detect whether the digital certificate is in a revoked state. If the digital credential passes the M validity sub-tests, it is determined that the digital credential provided by the target passenger passes the validity tests.

4. The passenger identity verification method according to claim 1, characterized in that, Before detecting whether the owner of the digital credential provided by the target passenger is the target passenger, the passenger identity verification method further includes: Collect the digital identity and application data of the preset passenger, wherein the application data includes at least the preset passenger's public key, facial data, qualification data and first signature, and the qualification data is used to prove that the preset passenger is qualified to enjoy the preset airfare discount rules; A digital identity registration request for the preset passenger is generated based on the digital identity identifier and the application data; After receiving the digital identity registration request, the preset issuing party generates the digital credential for the preset passenger based on the digital identity registration request.

5. The passenger identity verification method according to claim 4, characterized in that, The process of generating a digital credential for the preset passenger based on the digital identity registration request by the preset issuing authority includes: The preset issuing authority performs qualification verification on the preset passenger based on the application data in the digital identity registration request; After the preset passenger passes the qualification authentication, an initial digital credential for the preset passenger is generated based on the digital identity registration request; The initial digital credential is digitally signed based on the private key of the preset issuer, and the second signature obtained by the digital signature is embedded into the initial digital credential to obtain the digital credential of the preset passenger.

6. The passenger identity verification method according to claim 4, characterized in that, After the preset issuing authority generates the digital credential for the preset passenger based on the digital identity registration request, the passenger identity verification method further includes: Feature extraction is performed on the facial data of the preset passenger to obtain the facial feature value of the preset passenger; A digital identity file for the preset passenger is generated based on the preset passenger's facial feature value, digital identity identifier, and public key; The digital identity file of the preset passenger is stored in the blockchain.

7. The passenger identity verification method according to claim 4, characterized in that, After the preset issuing authority generates the digital credential for the preset passenger based on the digital identity registration request, the passenger identity verification method further includes: Upon receiving the request to revoke the digital credential of the preset passenger, the credential identifier of the preset passenger's digital credential is stored in the preset revocation credential list in the blockchain.

8. The passenger identity verification method according to claim 4, characterized in that, Before generating the digital credential for the preset passenger through the preset issuing authority based on the digital identity registration request, the passenger identity verification method further includes: Based on the certificate issuer registration request submitted by the preset certificate issuer, the preset certificate issuer is verified. The certificate issuer registration request includes at least the public key of the preset certificate issuer, the certificate type of the digital certificate, the data type of the application data of the preset passenger, the interface address of the digital identity registration request, and the query address of the preset revocation certificate list. After the preset certificate issuer passes the certificate issuer verification, the certificate issuer identifier of the preset certificate issuer is stored in the preset certificate issuer list in the blockchain.

9. A device for verifying passenger identity, characterized in that, include: The first feature extraction unit is used to extract features from the facial data of the target passenger to obtain the facial feature value of the target passenger, wherein the target passenger is a passenger applying to enjoy the preset airfare discount rules; The first detection unit is used to detect the similarity between the facial feature value of the target passenger and L facial feature values ​​stored in the blockchain, and obtain L similarity scores, where L is a positive integer. Each facial feature value stored in the blockchain is the facial feature value of a preset passenger, and the preset passenger is a passenger who has passed the qualification certification of a preset issuing party. The second detection unit is used to detect whether the owner of the digital certificate provided by the target passenger is the target passenger when the maximum value among the L similarities is greater than the preset similarity, wherein the digital certificate is a certificate issued by the preset issuer to the preset passenger. The third detection unit is used to detect whether the digital credential provided by the target passenger passes the validity check when the owner of the digital credential is the target passenger. The check-in unit is used to determine that the target passenger has passed the identity verification if the digital credential provided by the target passenger passes the validity verification, and to process the check-in for the target passenger.

10. An electronic device, characterized in that, It includes one or more processors and a memory, the memory being used to store one or more programs, wherein when the one or more programs are executed by the one or more processors, the one or more processors cause the one or more processors to implement the passenger identity verification method according to any one of claims 1 to 8.