China’s central bank-backed digital currency DCEP has designed a unique identity authentication serial mechanism to facilitate the circulation of DCEP in the electronic systems of various businesses. On the premise of ensuring security, the user’s identity authentication process gets more convenient.

In short, in the payment of DCEP, due to the absence of centralized system for instant online management of user identity information, the work of identity verification is distributed to various business application systems in the form of decentralization, leaving only one identity authentication intermediary to assist users (DCEP’S patent does not mention the commercial implementation form of this intermediary).

But in this way, whenever users switch to log in to the merchant application platform, the identity authentication before payment needs repeated conduction, and the user’s experience of using DCEP system for payment will become worse.

Therefore, in order to improve the user’s experience by technology and reduce the user’s identity authentication process, China’s central bank has designed a special multi-identity authentication mechanism.

For example, when performing a simple live shopping operation, users may use three to four app platforms to complete the payment behavior.

When using the platform application, users need to log in with the corresponding application identity. But the user identity management of different applications is basically different, users need to switch application identity multiple times to log in different applications, thus increasing user workload, reduce login efficiency, and reduce user experience.

In the circulation of DCEP, due to the technical need to ensure the security of currency transactions, so the authentication at login is more essential.

The following are the steps for user authentication:

1. Accept the use request, indicating the application to be used by the user and the user’s primary identity — request acceptance module.

2. Identify the user’s identity associated with the primary identity – proof the determined module.

3. Send the identification to the application to use the proof sending module. The sending module will sign the identification certificate with the first key. The application can use the corresponding first public key to decrypt the identity.

When receiving the user request indicating the application to be used by the user and the user’s primary identity, the identity using device may determine the identity certificate associated with the user’s primary identity, and then send the identity certificate associated with the primary identity to the application to be used, so that the user can use the application according to the primary identity and the user’s primary identity. Users do not need to switch application identity to log in different applications, which improves the login efficiency and user experience.

The user’s identity certificate is produced by the authentication authority according to the user’s authentication request in advance. When the identity management device receives the returned identity certificate, it associates the user’s primary identity with the identity certificate to manage multiple identity certificates in a unified way.