CN108667785B

CN108667785B - System and method for network identity service based on Open ID

Info

Publication number: CN108667785B
Application number: CN201710214848.8A
Authority: CN
Inventors: 但熹; 郭宏杰; 刘海龙
Original assignee: Eidlink Information Technology Co ltd
Current assignee: Eidlink Information Technology Co ltd
Priority date: 2017-04-01
Filing date: 2017-04-01
Publication date: 2020-11-27
Anticipated expiration: 2037-04-01
Also published as: CN108667785A

Abstract

The application provides a system and a method of network identity service based on Open ID, identity information can be shared through an identity coding server, and the problems of Open ID account sharing and identity authentication sharing are effectively solved. The system comprises a network application server RP, a public identity identification server OP and an identity code server, wherein the RP is used for receiving a login request sent by a user, sending an authentication request to the OP, receiving an identity code B from the OP and establishing a mapping relation between the identity code B and an Open ID; the OP is used for acquiring the OP account information input by the user, sending a personal identity code request to the identity code server and acquiring the identity code B from the identity code server; the identity code server is used for acquiring the identity code A according to the personal identity code request and generating the identity code B according to the identity code A.

Description

System and method for network identity service based on Open ID

Technical Field

The present application relates to the field of information security, and more particularly, to a system and method for an Open ID based network identity service.

Background

With the rapid development of internet technology, the network services processed by users tend to be diversified more and more, and in order to ensure network security, the public security department decides to implement a network account real-name registration system comprehensively. In order to simplify the real-name registration procedure of the user network account, a plurality of public Identity service providers (OPs) provide an account sharing process of public Identity (open Identity), and the sharing of the network account is realized. However, such sharing of network accounts does not solve the real-name authentication problem of shared accounts; after the network application server (RP) must complete the open ID authentication, the user needs to complete the real-name authentication, and the RP does not fundamentally improve the user experience when using the open ID function, thereby simplifying the registration and login process.

In addition, even if the RP stores a large amount of user identity information after real-name authentication, the RP brings great threat to the personal information security of the user. On one hand, hackers attack and steal user information in batches to cause scale information leakage events; on the other hand, data management in the internet application is lost, and internal staff illegally use personal identity data of the user, so that user information is leaked.

Therefore, how to simplify the registration and login process based on real-name authentication and improve the personal information security of the user is a problem to be solved urgently.

Disclosure of Invention

The application provides a system and a method of network identity service based on Open ID, which can realize credible network identity management through Open ID, are convenient for users, and protect user privacy to the maximum extent due to irreversible characteristics of user identity codes; meanwhile, account management and trusted network identity management of the RP are realized, and foreground anonymity, background real name and identity traceability of the RP are realized. The method can be widely applied to the fields of Internet authorization authentication, network identity management and the like.

In a first aspect, a system for an Open ID-based network identity service is provided, which comprises a network application server RP, a public identity server OP and an identity encoding server, wherein,

the RP is used for receiving a login request sent by a user and sending an authentication and certification request to the OP according to the login request, wherein the authentication and certification request comprises a public identity identifier Open ID;

the RP is further configured to receive an identity code B of the user from the OP after the OP authentication is successful, store the identity code B, and establish a mapping relationship between the identity code B and the Open ID, where the identity code B is used to identify identity information of the user at the RP;

the RP is further configured to feed back login success information to the user after establishing the mapping relationship between the identity code B and the Open ID;

the OP is used for sending first prompt information to the user after receiving the authentication request, wherein the first prompt information is used for prompting the user to input OP account information on an OP login page;

the OP is also used for acquiring the OP account information input by the user;

the OP is also used for sending a personal identity code request to the identity code server after the OP account information is obtained, and obtaining the identity code B from the identity code server;

the OP is also used for authenticating the Open ID according to the OP account information;

the OP is further configured to send the identity code B to the RP after the Open ID authentication is successful;

the identity code server is used for acquiring an identity code A according to the personal identity code request, generating an identity code B according to the identity code A, and feeding back the identity code B to the OP, wherein the identity code A is used for identifying identity information of the terminal equipment at the OP.

Optionally, in an implementation manner of the first aspect, the OP is specifically configured to:

after receiving the authentication request from the RP and acquiring the OP account information, determining that the user has real-name authentication with the identity code A;

obtaining an RP ID, wherein the RP ID is used for identifying the RP;

sending a personal identity code request to the identity code server, wherein the personal identity code request comprises the identity code A and the RP ID, so that the identity code server determines an RP registration code according to the RP ID and generates the identity code B according to the identity code A and the RP registration code, and the RP registration code is used for assisting the identity code A to generate the identity code B;

acquiring the identity code B from the identity code server;

according to the OP account information, carrying out authentication and verification on the Open ID;

and after the Open ID authentication is successful, sending the identity code B to the RP so that the RP stores the identity code B and establishes a mapping relation between the identity code B and the Open ID.

Optionally, in an implementation manner of the first aspect, when the OP determines that the RP accesses the OP for the first time and the RP applies for the identity coding service, the OP is further configured to:

sending an RP registration request to the identity code server, wherein the RP registration request comprises RP information so that the identity code server generates an RP ID and an RP registration code according to the RP information, and the RP ID is used for identifying the RP;

and acquiring the RP ID from the identity code server and storing the RP ID.

confirming that the user is not authenticated by real name after receiving the authentication request from the RP and acquiring the OP account information;

sending second prompt information to the user, wherein the second prompt information is used for prompting the user to carry out real-name authentication so that the user inputs the identity information of the user according to the second prompt information;

acquiring the identity information input by the user;

processing the identity information to obtain an identity information ciphertext;

acquiring an OP ID and an RP ID, wherein the OP ID is used for identifying the OP, and the RP ID is used for identifying the RP;

sending a personal identity code request to the identity code server, wherein the personal identity code request comprises the identity information ciphertext, the OP ID and the RP ID, so that the identity code server determines an OP registration code according to the OP ID, generates the identity code A according to the OP registration code and the identity information ciphertext, determines an RP registration code according to the RP ID, and generates the identity code B according to the identity code A and the RP registration code, wherein the OP registration code is used for assisting the identity information ciphertext to generate the identity code A, and the RP registration code is used for assisting the identity code A to generate the identity code B;

acquiring the identity code A and the identity code B from the identity code server;

saving the identity code A;

performing authentication and verification on the Open ID according to the identity information;

sending an OP registration request to the identity code server, wherein the OP registration request comprises OP information so that the identity code server generates an OP ID and an OP registration code according to the OP information;

acquiring the OP ID from the identity code server and storing the OP ID;

sending an RP registration request to the identity code server, wherein the RP registration request comprises RP information so that the identity code server generates an RP ID and an RP registration code according to the RP information;

and acquiring the RP ID from the identity code server and storing the RP ID.

Optionally, in an implementation manner of the first aspect, the identity encoding server is further configured to:

receiving the personal identity code request from the OP, the personal identity code request comprising the identity code a and the RP ID;

determining the RP registration code according to the RP ID, and generating the identity code B according to the RP registration code and the identity code A;

feeding back the identity code B to the OP.

receiving the RP registration request from the OP, the RP registration request including the RP information;

generating the RP ID and the RP registration code according to the RP information;

saving the RP registration code and feeding back the RP ID to the OP;

feeding back the identity code B to the OP.

receiving the personal identity code request from the OP, the personal identity code request including the identity information ciphertext, the OP ID, and the RP ID;

determining the OP registration code according to the OP ID;

generating the identity code A according to the OP registration code and the identity information ciphertext;

determining the RP registration code according to the RP ID;

generating the identity code B according to the RP registration code and the identity code A;

and feeding back the identity code A and the identity code B to the OP.

receiving the OP registration request from the OP, the OP registration request including the OP information;

generating the OP ID and the OP registration code according to the OP information;

saving the OP registration code and feeding back the OP ID to the OP;

saving the RP registration code and feeding back the RP ID to the OP;

determining the OP registration code according to the OP ID;

determining the RP registration code according to the RP ID;

and feeding back the identity code A and the identity code B to the OP.

and determining the identity information of the user according to the identity code A and the identity code B.

Therefore, in the system of the network identity service based on the Open ID in the embodiment of the present application, based on the Open ID account system mutual authentication technology, in combination with the identity coding server, the user identity is verified and a unique trusted identity code of the user is generated, and the Open ID of the user is bound to the trusted identity code, so that the network identity management with convenience, safety, personal privacy protection and strong implementability is realized.

In a second aspect, a method for an Open ID-based network identity service is provided, where the method is applied to a system for an Open ID-based network identity service that includes a network application server RP, a public identity server OP, and an identity code server, where the RP and the OP are communicatively connected to a user, the identity code server is communicatively connected to the user through the OP, and the RP is communicatively connected to the OP at the same time, and the method includes:

after the OP receives an authentication and authentication request from the RP and acquires OP account information from the user, the OP sends a personal identity code request to the identity code server, so that the identity code server acquires an identity code a according to the personal identity code request, and generates an identity code B according to the identity code a, wherein the authentication and authentication request includes a public identity identifier Open ID, the identity code a is used for identifying the identity information of the user at the OP, and the identity code B is used for identifying the identity information of the user at the RP;

the OP acquires the identity code B from the identity code server;

the OP authenticates the Open ID according to the OP account information;

and after the Open ID authentication is successful, the OP sends the identity code B to the RP so that the RP stores the identity code B and establishes a mapping relation between the identity code B and the Open ID.

Optionally, in an implementation manner of the second aspect, after the OP receives the authentication and authentication request from the RP and acquires the OP account information from the user, and before the OP sends the personal identity code request to the identity code server, the method further includes:

the OP determines that the user has real-name authentication and identity code A;

the OP obtains an RP ID, which is used to identify the RP.

Optionally, in an implementation manner of the second aspect, the personal identity code request includes the identity code a and the RP ID;

the OP sends a personal identity code request to the identity code server, so that the identity code server generates an identity code B according to the personal identity code request, and the method comprises the following steps:

the OP sends the personal identity code request to the identity code server, so that the identity code server determines an RP registration code according to the RP ID, and generates the identity code B according to the identity code A and the RP registration code, wherein the RP registration code is used for assisting the identity code A to generate the identity code B.

Optionally, in an implementation manner of the second aspect, when the OP determines that the RP accesses the OP for the first time and the RP applies for the identity coding service, the acquiring, by the OP, the RP ID includes:

the OP sends an RP registration request to the identity code server, wherein the RP registration request comprises RP information, so that the identity code server generates the RP ID and an RP registration code according to the RP information, the RP ID is used for identifying the RP, and the RP registration code is used for assisting the identity code A to generate the identity code B;

the OP obtains the RP ID from the identity code server and saves the RP ID.

the OP confirms that the user is not authenticated by real name;

after confirming that the user is not authenticated by the real name, the OP sends first prompt information to the user, wherein the first prompt information is used for prompting the user to perform real name authentication so that the user inputs identity information of the user according to the first prompt information;

the OP acquires the identity information input by the user;

the OP processes the identity information to obtain an identity information ciphertext;

the OP acquires an OP ID and an RP ID, wherein the OP ID is used for identifying the OP and the RP ID is used for identifying the RP.

Optionally, in an implementation manner of the second aspect, the personal identity code request includes the identity information ciphertext, the OP ID and the RP ID;

the OP sends a personal identity code request to the identity code server, so that the identity code server obtains an identity code A according to the personal identity code request, and generates an identity code B according to the identity code A, and the method comprises the following steps:

the OP sends the individual identity code request to the identity code server, so that the identity code server determines an OP registration code according to the OP ID, generates an identity code A according to the OP registration code and the identity information ciphertext, determines an RP registration code according to the RP ID, and generates the identity code B according to the identity code A and the RP registration code, wherein the OP registration code is used for assisting the identity information ciphertext to generate an identity code A, and the RP registration code is used for assisting the identity code A to generate the identity code B.

Optionally, in an implementation manner of the second aspect, when the OP determines that the RP accesses the OP for the first time and the RP applies for the identity coding service, the acquiring, by the OP, the OP ID and the RP ID includes:

the OP sends an OP registration request to the identity code server, wherein the OP registration request comprises OP information, so that the identity code server generates an OP ID and an OP registration code according to the OP information, and the OP registration code is used for assisting the identity information ciphertext to generate an identity code A;

the OP acquires the OP ID from the identity code server and stores the OP ID;

the OP sends an RP registration request to the identity code server, wherein the RP registration request comprises RP information so that the identity code server generates an RP ID and an RP registration code according to the RP information, and the RP registration code is used for assisting the identity code A to generate the identity code B;

the OP obtains the RP ID from the identity code server and saves the RP ID.

Optionally, in an implementation manner of the second aspect, the method further includes:

the OP sends second prompt information to the user, and the second prompt information prompts the user to input the OP account information on an OP login page;

the OP acquires the OP account information from the user.

In a third aspect, a method for an Open ID-based network identity service is provided, where the method is applied to a system for an Open ID-based network identity service that includes a network application server RP, a public identity server OP, and an identity code server, where the RP and the OP are communicatively connected to a user, the identity code server is communicatively connected to the user through the OP, and the RP is communicatively connected to the OP at the same time, and the method includes:

the identity code server receiving a personal identity code request from the OP;

the identity code server acquires an identity code A according to the personal identity code request, generates an identity code B according to the identity code A, and feeds back the identity code B to the OP, wherein the identity code A is used for identifying the identity information of the user at the OP, and the identity code B is used for identifying the identity information of the user at the RP.

Optionally, in an implementation manner of the third aspect, when the personal identity code request includes an identity code a and an RP ID, the identity code server obtains the identity code a according to the personal identity code request, and generates an identity code B according to the identity code a, including:

the identity code server acquires the identity code A according to the personal identity code request, determines an RP registration code according to the RP ID, and generates the identity code B according to the RP registration code and the identity code A, wherein the RP ID is used for identifying the RP.

Optionally, in an implementation manner of the third aspect, before the identity code server receives the personal identity code request from the OP, the method further includes:

the identity code server receiving an RP registration request from the OP, the RP registration request including RP information;

the identity coding server generates the RP ID and the RP registration code according to the RP information;

the identity code server saves the RP registration code and feeds back the RP ID to the OP.

Optionally, in an implementation manner of the third aspect, when the personal identity code request includes an identity information ciphertext, an OP ID, and an RP ID, the identity code server generates an identity code B according to the personal identity code request, including:

the identity code server determines an OP registration code according to the OP ID, wherein the OP ID is used for identifying the OP, and the OP registration code is used for assisting the identity information ciphertext to generate the identity code A;

the identity code server generates the identity code A according to the OP registration code and the identity information ciphertext;

the identity code server determines an RP registration code according to the RP ID, wherein the RP ID is used for identifying the RP, and the RP registration code is used for assisting the identity code A to generate the identity code B;

the identity code server generates the identity code B according to the RP registration code and the identity code A;

the identity code server feeds back the identity code A and the identity code B to the OP.

the identity code server receiving an OP registration request from the OP, the OP registration request including OP information;

the identity code server generates the OP ID and the OP registration code according to the OP information;

the identity code server saves the OP registration code and feeds back the OP ID to the OP;

Optionally, in an implementation manner of the third aspect, the method further includes: and the identity code server determines the identity information of the user according to the identity code A and the identity code B.

In a fourth aspect, a method for an Open ID-based network identity service is provided, where the method is applied to a system for an Open ID-based network identity service that includes a network application server RP, a public identity server OP, and an identity code server, where the RP and the OP are communicatively connected to a user, the identity code server is communicatively connected to the user through the OP, and the RP is communicatively connected to the OP at the same time, and the method includes:

the RP receives a login request from the user, wherein the login request is used for authorizing the RP to send an authentication and authentication request to the OP, and the authentication and authentication request comprises a public identity identifier (Open ID);

the RP sends the authentication request to the OP according to the login request sent by the user;

after the OP authentication is successful, the RP receives the identity code B of the user from the OP, stores the identity code B and establishes a mapping relation between the identity code B and the Open ID, wherein the identity code B is used for identifying the identity information of the user at the RP;

after establishing the mapping relationship between the identity code B and the Open ID, the RP feeds back login success information to the user.

Therefore, in the method for network identity service based on Open ID in the embodiment of the present application, based on the Open ID account system mutual authentication technology, in combination with the identity coding server, the user identity is verified and a unique trusted identity code of the user is generated, and the Open ID of the user is bound to the trusted identity code, so that network identity management with convenience, safety, personal privacy protection and strong implementability is achieved.

In a fifth aspect, a computer storage medium is provided, in which program code is stored, and the program code is used to instruct execution of the operations performed by the public identity server OP in the second aspect or any optional implementation manner of the second aspect.

A sixth aspect provides a computer storage medium having stored therein program code for instructing execution of the operations performed by the identity coding server in the third aspect or any alternative implementation of the third aspect.

In a seventh aspect, a computer storage medium is provided, in which program codes are stored, and the program codes are used to instruct the network application server RP to execute the operations performed in the fourth aspect or any optional implementation manner of the fourth aspect.

Therefore, in the computer storage medium of the embodiment of the application, the program code stored in the computer storage medium is based on the Open ID account system mutual authentication technology, and combines with the identity code server to verify the user identity and generate the unique trusted identity code of the user, and the Open ID of the user and the trusted identity code are bound, so that the network identity management with convenience, safety, personal privacy protection and strong implementability is realized.

Drawings

In order to more clearly illustrate the technical solutions of the present application, the drawings needed for the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings without creative efforts.

Fig. 1 is a schematic diagram of a system for an Open ID-based network identity service according to an embodiment of the present application.

Fig. 2 is a schematic flow chart of a method of Open ID based network identity services described from the perspective of a public identity server.

Fig. 3 is a schematic flow chart of a method of an Open ID based network identity service described from the perspective of an identity code server.

Fig. 4 is a schematic flow chart of a method of an Open ID based network identity service described from the perspective of a network application server.

Fig. 5 is a schematic flow chart of a method of Open ID based network identity services described from the device interaction perspective.

Fig. 6 is another schematic flow chart of a method of Open ID based network identity services described from a device interaction perspective.

Fig. 7 is yet another schematic flow chart of a method of Open ID based network identity services described from a device interaction perspective.

Fig. 8 is yet another schematic flow chart of a method of Open ID based network identity services described from a device interaction perspective.

Fig. 9 shows a schematic block diagram of a device of an Open ID-based network identity service provided in an embodiment of the present application.

Detailed Description

The technical solutions in the embodiments of the present application will be described clearly below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are some, but not all, embodiments of the present application. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.

The system and method for network identity service based on Open ID provided in the embodiments of the present application can be applied to a computer, where the computer includes a hardware layer, an operating system layer running on the hardware layer, and an application layer running on the operating system layer. The hardware layer includes hardware such as a cpu (central Processing Unit), a Memory Management Unit (MMU), and a Memory (also referred to as a main Memory). The operating system may be any one or more computer operating systems that implement business processing through processes (processes), such as a Linux operating system, a Unix operating system, an Android operating system, an iOS operating system, or a windows operating system. The application layer comprises applications such as a browser, an address list, word processing software, instant messaging software and the like. In the embodiment of the present application, the computer may be a handheld device such as a smartphone or a terminal device such as a personal computer, and the present application is not particularly limited as long as the user can be authenticated by the method for user authentication according to the embodiment of the present application by running a program in which codes of the method for user authentication according to the embodiment of the present application are recorded. The execution main body of the user authentication method in the embodiment of the application may be a computer device, or a functional module capable of calling a program and executing the program in the computer device.

Moreover, various aspects or features of the present application may be implemented as a method, apparatus, or article of manufacture using standard programming and/or engineering techniques. The term "article of manufacture" as used herein is intended to encompass a computer program accessible from any computer-readable device, carrier, or media. For example, computer-readable media may include, but are not limited to: magnetic storage devices (e.g., hard disk, floppy disk, magnetic tape, etc.), optical disks (e.g., CD (Compact Disc), DVD (Digital Versatile Disc), etc.), smart cards, and flash Memory devices (e.g., EPROM (Erasable Programmable Read-Only Memory), card, stick, key drive, etc.). In addition, various storage media described herein can represent one or more devices and/or other machine-readable media for storing information. The term "machine-readable medium" can include, without being limited to, wireless channels and various other media capable of storing, containing, and/or carrying instruction(s) and/or data.

It should be understood that the open ID is a user-centric digital identification framework that has features of openness, decentralization, freedom, etc. and different websites can be logged in using the same open ID.

The system and method for the Open ID based network identity service are described in detail below with reference to fig. 1 to 8.

Fig. 1 is a schematic diagram of a system 100 for an Open ID-based network identity service according to an embodiment of the present application. As shown in fig. 1, the system includes a web application server 110, a public identity server 120, and an identity code server 130. The network application server 110 and the public identity server 120 are in communication connection with a user, the identity code server is in communication connection with the user through the public identity server 120, and meanwhile, the network application server 110 and the public identity server 120 can also be in direct communication connection.

It should be understood that the identity code server 130 can be a module in the web application server 110, a module in the public identity server 120, a module in another server, and the identity code server 130 can be a separate server.

Specifically, the system 100 for network identity service based on Open ID can be applied to all internet applications in which login needs to be registered, and the personal identity information is secure without risk of leakage. The user may be configured to send a login request to the network application server RP to authorize the RP to send an authentication and authorization request to the OP, where the authentication and authorization request includes an Open ID. Then, first prompt information is further received from the public identity server OP, and the first prompt information is used for prompting the user to input OP account information on an OP login page to log in the OP.

It should be appreciated that at this point the user chooses to log on to the RP using the Open ID.

Optionally, the user requests to log in the RP, and in this process, the RP is triggered to send an authentication and authentication request to the OP, so that the OP performs authentication and authentication on the Open ID of the user.

Optionally, when the OP sends the first prompt message, the OP pops up an OP login page to the user, so that the user inputs the own OP account information on the OP login page.

Specifically, the network application server RP 110 may send the authentication request to the OP according to the login request sent by the user. And after the OP authentication is successful, the RP receives the identity code B of the user from the OP, stores the identity code B and establishes a mapping relation between the identity code B and the Open ID, wherein the identity code B is used for identifying the identity information of the user at the RP. And after establishing the mapping relation between the identity code B and the Open ID, the RP feeds login success information back to the user.

It should be understood that the OP authentication refers to that the OP authenticates the OP account information of the user.

Optionally, the RP is configured to accept a login request sent by a user, and send an authentication and authorization request to the OP according to the login request, where the authentication and authorization request includes a public identity identifier Open ID.

Optionally, after the RP establishes the mapping relationship between the identity code B and the Open ID, the RP may directly call the identity code B to perform authentication when subsequently logging in the RP using the Open ID.

Optionally, the identity codes B for different RPs are different.

Specifically, after receiving the authentication request and obtaining the OP account information, the public identity server OP 120 sends a personal identity code request to the identity code server, and obtains the identity code B from the identity code server. The OP is further configured to authenticate the Open ID according to the OP account information. The OP is further configured to send the identity code B to the RP after the Open ID authentication is successful.

Optionally, the OP is configured to send first prompt information to the user after receiving the authentication and authentication request, where the first prompt information is used to prompt the user to input OP account information on an OP login page.

Optionally, the OP is further configured to obtain the OP account information input by the user.

Optionally, the OP is specifically configured to:

after receiving the authentication request from the RP and acquiring the OP account information, determining that the user has a real-name authentication identity code a, where the identity code a is used to identify the identity information of the user at the OP;

obtaining an RP ID, wherein the RP ID is used for identifying the RP;

acquiring the identity code B from the identity code server;

It should be understood that when the OP determines that the user is authenticated by the real name, the OP stores the identity code a, and the OP can directly obtain the identity code a.

Optionally, when the OP determines that the RP does not first access the OP, the RP ID is stored in the OP, and the OP may directly obtain the RP ID.

Optionally, when the OP determines that the RP accesses the OP for the first time and the RP applies for the identity code service, the OP is further configured to:

and acquiring the RP ID from the identity code server and storing the RP ID.

It should be understood that the RP already stores its own information at the OP before sending the authentication request to the OP, or the RP is already registered at the OP, so the OP can directly obtain the RP information.

Optionally, there is a one-to-one correspondence between the RP ID and the RP registration code, and the identity code server may determine the corresponding RP registration code by using the RP ID.

Optionally, the RP registration code is stored on the identity code server and the RP ID is stored on the OP.

Optionally, the OP is specifically configured to:

acquiring the identity information input by the user;

sending a personal identity code request to the identity code server, wherein the personal identity code request comprises the identity information ciphertext, the OP ID and the RP ID, so that the identity code server determines an OP registration code according to the OP ID, generates an identity code A according to the OP registration code and the identity information ciphertext, determines an RP registration code according to the RP ID, and generates an identity code B according to the identity code A and the RP registration code, wherein the OP registration code is used for assisting the identity information ciphertext to generate the identity code A, the RP registration code is used for assisting the identity code A to generate the identity code B, and the identity code A is used for identifying the identity information of the user at the OP;

saving the identity code A;

Optionally, when sending the second prompt message, the OP pops up a real-name authentication page to the user, so that the user inputs own identity information on the real-name authentication page. Optionally, the identity information includes, but is not limited to, an identification number, a name.

Optionally, when the OP determines that the RP does not first access the OP, the OP stores an OP ID and an RP ID, and the OP may directly obtain the OP ID and the RP ID.

acquiring the OP ID from the identity code server and storing the OP ID;

and acquiring the RP ID from the identity code server and storing the RP ID.

It is understood that the OP may directly obtain the OP information.

Specifically, the identity code server 140 generates the identity code B according to the personal identity code request, and feeds back the identity code B to the OP.

Optionally, the identity code server is further configured to:

feeding back the identity code B to the OP.

It should be appreciated that at this point the OP may determine that the user has been authenticated with the identity code a, and at the same time, the OP may determine that the RP is not accessing the OP for the first time.

Alternatively, the OP may directly acquire the RP ID at this time.

Optionally, the identity code server is further configured to:

saving the RP registration code and feeding back the RP ID to the OP;

feeding back the identity code B to the OP.

It should be appreciated that at this time, the OP may determine that the user has been authenticated with the identity code a, and at the same time, the OP may determine that the RP has first accessed the OP and that the RP applies for identity code service.

Optionally, at this time, the OP needs to submit an RP registration request to the identity code server to obtain the RP ID.

Optionally, the identity code server is further configured to:

determining the OP registration code according to the OP ID;

determining the RP registration code according to the RP ID;

and feeding back the identity code A and the identity code B to the OP.

It should be appreciated that at this point the OP may determine that the user is not authenticated by real name, while the OP determines that the RP is not accessing the OP for the first time.

Alternatively, at this time, the OP may directly acquire the OP ID and the RP ID.

Optionally, the identity code server is further configured to:

saving the OP registration code and feeding back the OP ID to the OP;

saving the RP registration code and feeding back the RP ID to the OP;

determining the OP registration code according to the OP ID;

determining the RP registration code according to the RP ID;

and feeding back the identity code A and the identity code B to the OP.

It should be appreciated that at this point the OP may determine that the user is not authenticated by real name, and at the same time, the OP determines that the RP is accessing the OP for the first time and that the RP applies for identity coding services.

Optionally, at this time, the OP needs to submit an OP registration request to the identity code server to obtain the OP ID, and submit an RP registration request to the identity code server to obtain the RP ID.

Optionally, the identity code server is further configured to:

It should be understood that the identity code server can determine a unique user according to the identity code a and the identity code B, i.e. the identity code server can accurately track and locate a unique user according to the identity code a and the identity code B.

Hereinafter, a method for an Open ID-based network identity service according to an embodiment of the present application is described in detail with reference to fig. 2 to 8.

It should be understood that fig. 2 to 8 show detailed steps or operations of the method of the openid-based network identity service, but these steps or operations are merely examples, and other operations or variations of the operations in fig. 2 to 8 may also be performed by the embodiments of the present application. Moreover, the various steps in fig. 2-8 may be performed in a different order presented in fig. 2-8, and it is possible that not all of the operations in fig. 2-8 are performed.

Fig. 2 is a schematic flow chart of a method 200 of an Open ID based network identity service described from the perspective of a public identity server OP. The method 200 can be applied to all scenes that internet applications need to register and log in, and the method 200 can be applied to the system 100 of the Open ID-based network identity service including a network application server RP, a public identity server OP and an identity code server, wherein a user can directly perform communication connection with the network application server and the public identity server, the user can perform communication connection with the identity code server through the public identity server, and meanwhile, the network application server and the public identity server can also directly perform communication connection. As shown in fig. 2, the method 200 includes:

s210, after the OP receives an authentication request from the RP and acquires OP account information from the user, the OP sends a personal identity code request to the identity code server, so that the identity code server acquires an identity code a according to the personal identity code request, and generates an identity code B according to the identity code a, where the authentication request includes a public identity identifier Open ID, the identity code a is used to identify the identity information of the user at the OP, and the identity code B is used to identify the identity information of the user at the RP;

s220, the OP acquires the identity code B from the identity code server;

s230, the OP performs authentication and authorization on the Open ID according to the OP account information;

s240, after the Open ID authentication succeeds, the OP sends the identity code B to the RP, so that the RP stores the identity code B, and establishes a mapping relationship between the identity code B and the Open ID.

Optionally, after the OP receives the authentication and authorization request from the RP and acquires the OP account information from the user, and before the OP sends the personal identity code request to the identity code server, the method 200 further includes:

the OP determines that the user has real-name authentication and has an identity code A, wherein the identity code A is used for identifying the identity information of the user at the OP;

the OP obtains an RP ID, which is used to identify the RP.

Optionally, the personal identity code request includes the identity code a and the RP ID;

s210 the OP sends a personal identity code request to the identity code server, so that the identity code server generates an identity code B according to the personal identity code request, including:

Optionally, when the OP determines that the RP accesses the OP for the first time and the RP applies for the identity coding service in S210, the OP acquires the RP ID, including:

the OP obtains the RP ID from the identity code server and saves the RP ID.

the OP confirms that the user is not authenticated by real name;

the OP acquires the identity information input by the user;

Optionally, the individual identity code request includes the identity information ciphertext, the OP ID, and the RP ID;

s210 the OP sends a personal identity code request to the identity code server, so that the identity code server obtains an identity code a according to the personal identity code request, and generates an identity code B according to the identity code a, including:

Optionally, when the OP determines that the RP accesses the OP for the first time and the RP applies for the identity coding service in S210, the OP acquires an OP ID and an RP ID, including:

the OP acquires the OP ID from the identity code server and stores the OP ID;

the OP obtains the RP ID from the identity code server and saves the RP ID.

Optionally, the method 200 further comprises:

the OP acquires the OP account information from the user.

It should be understood that the method 200 for the Open ID-based network identity service according to the embodiment of the present application may also be performed by the public identity server OP 110 provided in the above embodiment. According to the steps or processes in the method 200 for openid-based network identity service in the embodiment of the present application, the above and other operations and/or functions of each module of the system 100 for openid-based network identity service in the embodiment of the present application may be corresponding, and for brevity, are not described again here.

Fig. 3 is a schematic flow chart of a method 300 of an Open ID based network identity service described from the perspective of an identity code server. The method 300 can be applied to the system 100 for network identity services based on Open ID, which includes a network application server RP, a public identity server OP, and an identity code server, wherein a user can directly perform communication connection with the network application server and the public identity server, the user can directly perform communication connection with the identity code server through the public identity server, and meanwhile, the network application server and the public identity server can also directly perform communication connection. As shown in fig. 3, the method 300 includes:

s310, the identity code server receiving a personal identity code request from the OP;

s320, the identity code server obtains an identity code A according to the personal identity code request, generates an identity code B according to the identity code A, and feeds back the identity code B to the OP, wherein the identity code A is used for identifying the identity information of the user at the OP, and the identity code B is used for identifying the identity information of the user at the RP.

Optionally, when the personal identity code request includes an identity code a and an RP ID, S320 the identity code server obtains the identity code a according to the personal identity code request, and generates an identity code B according to the identity code a, including:

Optionally, before the identity code server receives the personal identity code request from the OP, the method 300 further comprises:

Optionally, when the personal identity code request includes an identity information ciphertext, an OP ID, and an RP ID, S320 the identity code server generates an identity code B according to the personal identity code request, including:

Optionally, the method 300 further comprises:

It should be understood that the method 300 for openid-based network identity service according to the embodiment of the present application may also be performed by the identity encoding server 130 provided in the above embodiment. According to the steps or processes of the method 300 for openid-based network identity service in the embodiment of the present application, the above and other operations and/or functions of the modules of the system 100 for openid-based network identity service in the embodiment of the present application may be corresponding, and for brevity, are not described again here.

Fig. 4 is a schematic flow chart of a method 400 of an Open ID based network identity service described from the perspective of a network application server, RP. The method 400 can be applied to all internet applications requiring registration and login, and the method 400 can be applied to the system 100 of the Open ID-based network identity service including the network application server RP, the public identity server OP and the identity code server, wherein a user can directly perform communication connection with the network application server and the public identity server, the user can perform communication connection with the identity code server through the public identity server, and meanwhile, the network application server and the public identity server can also directly perform communication connection. As shown in fig. 4, the method 400 includes:

s410, the RP receives a login request from the user, where the login request is used to authorize the RP to send an authentication and authorization request to the OP, where the authentication and authorization request includes a public identity identifier Open ID;

s420, the RP sends the authentication request to the OP according to the login request sent by the user;

s430, after the OP authentication is successful, the RP receives the identity code B of the user from the OP, stores the identity code B, and establishes a mapping relation between the identity code B and the Open ID, wherein the identity code B is used for identifying the identity information of the user at the RP;

s440, after establishing the mapping relationship between the identity code B and the Open ID, the RP feeds back login success information to the user.

It should be understood that the method 400 for openid-based network identity service according to the embodiment of the present application may also be performed by the network application server RP 120 provided in the foregoing embodiment. According to the steps or processes of the method 300 for openid-based network identity service in the embodiment of the present application, the above and other operations and/or functions of the modules of the system 100 for openid-based network identity service in the embodiment of the present application may be corresponding, and for brevity, are not described again here.

Fig. 5 is a schematic flow chart diagram of a method 500 of an Open ID based network identity service described from the device interaction perspective. The method 500 may be applied to all internet applications requiring registration and login, and the method 500 may be applied to the system 100 of the Open ID-based network identity service including the network application server RP, the public identity server OP, and the identity encoding server. In the method 500, the RP applies for the first time, and the Open ID of the user is not authenticated in real name, specifically as shown in fig. 5, the method 500 includes:

s501, a user sends a login request to an RP to authorize the RP to send an authentication and authentication request to the OP, wherein the authentication and authentication request comprises an Open ID;

s502, RP sends the authentication request to OP;

s503, the OP sends first prompt information to the user, wherein the first prompt information is used for prompting the user to input OP account information on an OP login page;

s504, the user logs in the OP according to the first prompt message;

s505, OP determines that RP applies for the first time and applies for identity coding service, and Open ID of user is not real-name authenticated;

s506, the OP sends second prompt information to the user, and the second prompt information is used for prompting the user to perform real-name authentication;

s507, the user inputs the identity information of the user according to the second prompt message;

s508, OP processes the identity information to obtain identity information ciphertext;

s509, the OP sends an OP registration request to the identity code server, where the OP registration request includes OP information;

s510, the identity code server generates an OP ID and an OP registration code according to the OP information, and stores the OP registration code, wherein the OP ID is used for identifying the OP, and the OP registration code is used for assisting the identity information ciphertext to generate an identity code A;

s511, the identity code server sends the OP ID to the OP;

s512, the OP acquires the OP ID from the identity coding server and stores the OP ID;

s513, the OP sends an RP registration request to the identity code server, wherein the RP registration request comprises RP information;

s514, the identity code server generates an RP ID and an RP registration code according to the RP information, wherein the RP ID is used for identifying the RP, and the RP registration code is used for assisting the identity code A to generate an identity code B;

s515, the identity code server sends the RP ID to the OP;

s516, the OP acquires the RP ID from the identity coding server and stores the RP ID;

s517, OP sends personal identity code request to identity code server, the personal identity code request includes the identity information cipher text, the OP ID and the RP ID;

s518, the identity code server determines the OP registration code according to the OP ID, and generates an identity code A according to the OP registration code and the identity information ciphertext, wherein the identity code A is used for identifying the identity information of the user at the OP;

s519, the identity code server determines the RP registration code according to the RP ID, and generates the identity code B according to the identity code A and the RP registration code, wherein the identity code B is used for identifying identity information of a user at the RP;

s520, the identity code server sends the identity code A and the identity code B to an OP;

s521, storing the identity code A by the OP;

s522, the OP performs authentication and authorization on the Open ID according to the identity information;

s523, after the authentication and the authentication are successful, the OP sends the identity code B to the RP;

s524, the RP stores the identity code B and establishes a mapping relation between the identity code B and the Open ID;

and S525, after the RP establishes the mapping relation between the identity code B and the Open ID, feeding back a login success message to the user.

Fig. 6 is a schematic flow chart diagram of a method 600 of an Open ID based network identity service described from a device interaction perspective. The method 600 may be applied to all internet applications requiring registration and login, and the method 600 may be applied to the system 100 of the Open ID-based network identity service including the network application server RP, the public identity server OP, and the identity encoding server. In the method 600, an RP applies for the first time, and the Open ID of a user is authenticated in real name, specifically as shown in fig. 6, the method 600 includes:

s601, a user sends a login request to an RP to authorize the RP to send an authentication and authentication request to the OP, wherein the authentication and authentication request comprises an Open ID;

s602, RP sends the authentication request to OP;

s603, the OP sends first prompt information to the user, and the first prompt information is used for prompting the user to input OP account information on an OP login page;

s604, the user logs in the OP according to the first prompt message;

s605, determining that the RP applies for the first time and applies for an identity coding service, and Open ID real-name authentication of a user by an OP, wherein the Open ID real-name authentication of the user has an identity code A, and the identity code A is used for identifying identity information of the user at the OP;

s606, OP sends RP register request to ID code server, the RP register request includes RP information;

s607, the identity code server generates an RP ID and an RP registration code according to the RP information, wherein the RP ID is used for identifying the RP, and the RP registration code is used for assisting the identity code A to generate an identity code B;

s608, the identity code server sends the RP ID to the OP;

s609, the OP acquires the RP ID from the identity coding server and stores the RP ID;

s610, OP sends a personal identity code request to an identity code server, wherein the personal identity code request comprises the identity code A and the RP ID;

s611, the identity code server determines the RP registration code according to the RP ID, and generates the identity code B according to the identity code A and the RP registration code, wherein the identity code B is used for identifying identity information of a user at the RP;

s612, the identity code server sends the identity code B to the OP;

s613, the OP performs authentication on the Open ID according to the identity information;

s614, after the authentication and the authentication are successful, the OP sends the identity code B to the RP;

s615, the RP stores the identity code B and establishes a mapping relation between the identity code B and the Open ID;

s616, after the RP establishes the mapping relationship between the identity code B and the Open ID, feeds back a login success message to the user.

Fig. 7 is a schematic flow chart diagram of a method 700 of an Open ID based network identity service described from the device interaction perspective. The method 700 can be applied to all internet applications requiring registration and login, and the method 700 can be applied to the system 100 of the Open ID-based network identity service including the network application server RP, the public identity server OP, and the identity encoding server. In the method 700, the RP does not apply for the first time, and the Open ID of the user is authenticated in real name, specifically as shown in fig. 7, the method 700 includes:

s701, a user sends a login request to an RP (remote protocol) to authorize the RP to send an authentication and authentication request to the OP, wherein the authentication and authentication request comprises an Open ID (identity);

s702, RP sends the authentication request to OP;

s703, the OP sends a first prompt message to the user, wherein the first prompt message is used for prompting the user to input OP account information on an OP login page;

s704, the user logs in the OP according to the first prompt message;

s705, determining that the RP is not applied for the first time and Open ID of the user is authenticated in real name by the OP, wherein the RP ID is stored in the OP, the user is authenticated in real name and is provided with an identity code A, the RP ID is used for identifying the RP, and the identity code A is used for identifying identity information of the user at the OP;

s706, OP sends a personal identity code request to an identity code server, wherein the personal identity code request comprises the identity code A and the RP ID;

s707, the identity code server determines the RP registration code according to the RP ID, and generates the identity code B according to the identity code A and the RP registration code, wherein the identity code B is used for identifying the identity information of the user at the RP;

s708, the identity code server sends the identity code B to the OP;

s709, the OP performs authentication and authorization on the Open ID according to the identity information;

s710, after the authentication is successful, the identity code B is sent to the RP;

s711, the RP stores the identity code B and establishes a mapping relation between the identity code B and the Open ID;

s712, after the RP establishes the mapping relationship between the identity code B and the Open ID, feeding back a login success message to the user.

Fig. 8 is a schematic flow chart diagram of a method 800 of an Open ID based network identity service described from the device interaction perspective. The method 800 may be applied to all internet applications requiring registration and login, and the method 800 may be applied to the system 100 of the Open ID-based network identity service including the network application server RP, the public identity server OP, and the identity encoding server. In the method 800, the RP does not apply for the first time, and the Open ID of the user is not authenticated in real name, specifically as shown in fig. 8, the method 800 includes:

s801, a user sends a login request to an RP to authorize the RP to send an authentication and authentication request to the OP, wherein the authentication and authentication request comprises an Open ID;

s802, RP sends the authentication request to OP;

s803, the OP sends a first prompt message to the user, wherein the first prompt message is used for prompting the user to input OP account information on an OP login page;

s804, the user logs in the OP according to the first prompt message;

s805, determining that the RP is not applied for the first time by the OP and Open ID of the user is not authenticated in real name, wherein the OP stores OP ID and RP ID, the OP ID is used for identifying the OP, and the RP ID is used for identifying the RP;

s806, the OP sends a second prompt message to the user, wherein the second prompt message is used for prompting the user to perform real-name authentication;

s807, the user inputs the identity information of the user according to the second prompt message;

s808, the OP processes the identity information to obtain an identity information ciphertext;

s809, the OP sends a personal identity code request to the identity code server, where the personal identity code request includes the identity information ciphertext, the OP ID and the RP ID;

s810, the identity code server determines an OP registration code according to the OP ID, and generates the identity code A according to the OP registration code and the identity information ciphertext, wherein the OP registration code is used for assisting the identity information ciphertext to generate the identity code A, and the identity code A is used for identifying the identity information of the user at the OP;

s811, the identity code server determines an RP registration code according to the RP ID, and generates the identity code B according to the identity code A and the RP registration code, wherein the RP registration code is used for assisting the identity code A to generate the identity code B, and the identity code B is used for identifying identity information of a user at the RP;

s812, the identity code server sends the identity code A and the identity code B to an OP;

s813, the OP saves the identity code A;

s814, the OP performs authentication and authorization on the Open ID according to the identity information;

s815, after the authentication and the authentication are successful, the OP sends the identity code B to the RP;

s816, the RP stores the identity code B and establishes a mapping relation between the identity code B and the Open ID;

and S817, after the RP establishes the mapping relationship between the identity code B and the Open ID, feeding back a login success message to the user.

Fig. 9 shows a schematic block diagram of an apparatus 900 for an Open ID-based network identity service provided in an embodiment of the present application, where the apparatus 900 for an Open ID-based network identity service includes:

a memory 910 for storing a program, the program comprising code;

a transceiver 920 for communicating with other devices;

a processor 930 for executing program code in memory 910.

Optionally, the transceiver 920 is used to perform specific information transceiving under the driving of the processor 930.

Optionally, when the code is executed, the processor 930 may implement each operation performed by the public identity server OP in the system 100 in fig. 1, the method 200 in fig. 2, the method 500 in fig. 5, the method 600 in fig. 6, the method 700 in fig. 7, and the method 800 in fig. 8, and details are not repeated here for brevity. At this time, the device 900 of the Open ID based network identity service may be a public identity server.

Optionally, when the code is executed, the processor 930 may also implement each operation performed by the identity code server in the system 100 in fig. 1, the method 300 in fig. 3, the method 500 in fig. 5, the method 600 in fig. 6, the method 700 in fig. 7, and the method 800 in fig. 8, which is not described herein again for brevity. At this time, the device 900 of the Open ID based network identity service may be an identity code server.

Optionally, when the code is executed, the processor 930 may implement each operation performed by the network application server RP in the system 100 in fig. 1, the method 400 in fig. 4, the method 500 in fig. 5, the method 600 in fig. 6, the method 700 in fig. 7, and the method 800 in fig. 8, and details are not described herein for brevity. At this time, the device 900 of the Open ID based network identity service may be a network application server RP.

It should be understood that, in the embodiment of the present application, the processor 930 may be a Central Processing Unit (CPU), and the processor 930 may also be other general processors, Digital Signal Processors (DSPs), Application Specific Integrated Circuits (ASICs), off-the-shelf programmable gate arrays (FPGAs) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, and the like. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.

The memory 910 may include both read-only memory and random-access memory, and provides instructions and data to the processor 930. A portion of the memory 910 may also include non-volatile random access memory. For example, the memory 910 may also store device type information.

The transceiver 920 may be for implementing information transmission and reception functions.

In implementation, at least one step of the above method may be performed by a hardware integrated logic circuit in the processor 930, or the integrated logic circuit may perform the at least one step under instruction driving in a software form. Thus, the device 900 for Open ID based network identity services may be a single chip or a chipset. The steps of a method disclosed in connection with the embodiments of the present application may be directly implemented by a hardware processor, or may be implemented by a combination of hardware and software modules in a processor. The software module may be located in ram, flash memory, rom, prom, or eprom, registers, etc. storage media as is well known in the art. The storage medium is located in a memory, and the processor 930 reads information in the memory and performs the steps of the method in combination with hardware thereof. To avoid repetition, it is not described in detail here.

Those of ordinary skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.

It is clear to those skilled in the art that, for convenience and brevity of description, the specific working processes of the above-described systems, apparatuses and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.

In the several embodiments provided in the present application, it should be understood that the disclosed system, apparatus and method may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the unit is only one logical functional division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.

The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.

In addition, functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit.

This functionality, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application or portions thereof that substantially contribute to the prior art may be embodied in the form of a software product stored in a storage medium and including instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.

The above description is only for the specific embodiments of the present application, but the scope of the present application is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present application, and shall be covered by the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.

Claims

1. A system of Open ID based network identity services, characterized in that the system comprises a network application server RP, a public identity server OP and an identity encoding server, wherein,

the RP is further configured to receive, after the OP authentication is successful, an identity code B of the user from the OP, store the identity code B, and establish a mapping relationship between the identity code B and an Open ID, where the identity code B is used to identify identity information of the user at the RP;

the RP is also used for feeding login success information back to the user after the mapping relation between the identity code B and the Open ID is established;

the OP is used for sending first prompt information to the user after receiving the authentication and authentication request, wherein the first prompt information is used for prompting the user to input OP account information on an OP login page;

the OP is also used for acquiring the OP account information input by the user;

the OP is further used for authenticating the Open ID according to the OP account information;

the identity code server is used for acquiring an identity code A according to the personal identity code request, generating an identity code B according to the identity code A and feeding back the identity code B to the OP, wherein the identity code A is used for identifying the identity information of the user at the OP.

2. The system according to claim 1, wherein the OP is specifically configured to:

after receiving the authentication request from the RP and acquiring the OP account information, determining that the user is authenticated with the identity code A by real name;

obtaining an RP ID, wherein the RP ID is used for identifying the RP;

acquiring the identity code B from the identity code server;

and after the Open ID authentication is successful, sending the identity code B to the RP, so that the RP stores the identity code B and establishes a mapping relation between the identity code B and the Open ID.

3. The system of claim 2, wherein when the OP determines that the RP first accesses the OP and the RP applies for identity-coding service, the OP is further configured to:

and obtaining the RP ID from the identity code server and storing the RP ID.

4. The system according to claim 1, wherein the OP is specifically configured to:

sending second prompt information to the user, wherein the second prompt information is used for prompting the user to perform real-name authentication so that the user inputs the identity information of the user according to the second prompt information;

acquiring the identity information input by the user;

saving the identity code A;

performing authentication and authentication on the Open ID according to the identity information;

5. The system of claim 4, wherein when the OP determines that the RP first accesses the OP and the RP applies for identity-coding service, the OP is further configured to:

sending an OP (operation port) registration request to the identity code server, wherein the OP registration request comprises OP information, so that the identity code server generates an OP ID (identity) and an OP registration code according to the OP information;

acquiring the OP ID from the identity code server and storing the OP ID;

and obtaining the RP ID from the identity code server and storing the RP ID.

6. The system of claim 2, wherein the identity code server is further configured to:

and feeding back the identity code B to the OP.

7. The system of claim 3, wherein the identity code server is further configured to:

saving the RP registration code and feeding back the RP ID to the OP;

and feeding back the identity code B to the OP.

8. The system of claim 4, wherein the identity code server is further configured to:

receiving the personal identity code request from the OP, the personal identity code request comprising the identity information ciphertext, the OP ID, and the RP ID;

determining the OP registration code according to the OP ID;

determining the RP registration code according to the RP ID;

and feeding back the identity code A and the identity code B to the OP.

9. The system of claim 5, wherein the identity code server is further configured to:

saving the OP registration code and feeding back the OP ID to the OP;

saving the RP registration code and feeding back the RP ID to the OP;

determining the OP registration code according to the OP ID;

determining the RP registration code according to the RP ID;

and feeding back the identity code A and the identity code B to the OP.

10. The system of any of claims 1 to 9, wherein the identity code server is further configured to:

11. An Open ID-based network identity service method, applied to a system of an Open ID-based network identity service including a network application server (RP), a public identity identification server (OP) and an identity code server (ID), wherein the RP and the OP are communicatively connected to a user, the ID code server is communicatively connected to the user through the OP, and the RP is communicatively connected to the OP at the same time, the method includes:

the OP acquires the identity code B from the identity code server;

the OP authenticates the Open ID according to the OP account information;

and after the Open ID authentication is successful, the OP sends the identity code B to the RP, so that the RP stores the identity code B and establishes a mapping relation between the identity code B and the Open ID.

12. The method according to claim 11, wherein after the OP receives the authentication request from the RP and acquires the OP account information from the user, and before the OP sends the personal identity code request to the identity code server, the method further comprises:

the OP determines that the user is authenticated with the identity code A by the real name;

and the OP acquires an RP ID, and the RP ID is used for identifying the RP.

13. The method of claim 12, wherein the personal identity code request includes the identity code a and the RP ID;

and the OP sends the personal identity code request to the identity code server so that the identity code server determines an RP registration code according to the RP ID and generates the identity code B according to the identity code A and the RP registration code, wherein the RP registration code is used for assisting the identity code A to generate the identity code B.

14. The method of claim 12, wherein when the OP determines that the RP accesses the OP for the first time and the RP applies for identity coding service, the OP obtains an RP ID, comprising:

and the OP acquires the RP ID from the identity coding server and stores the RP ID.

15. The method according to claim 11, wherein after the OP receives the authentication request from the RP and acquires the OP account information from the user, and before the OP sends the personal identity code request to the identity code server, the method further comprises:

the OP confirms that the user is not authenticated by real name;

the OP acquires the identity information input by the user;

the OP acquires an OP ID and an RP ID, wherein the OP ID is used for identifying the OP, and the RP ID is used for identifying the RP.

16. The method of claim 15, wherein the personal identity code request comprises the identity information cryptogram, the OP ID, and the RP ID;

17. The method of claim 15, wherein when the OP determines that the RP accesses the OP for the first time and the RP applies for identity coding service, the OP obtains an OP ID and an RP ID, comprising:

the OP acquires the OP ID from the identity coding server and stores the OP ID;

the OP sends an RP registration request to the identity code server, wherein the RP registration request comprises RP information, so that the identity code server generates an RP ID and an RP registration code according to the RP information, and the RP registration code is used for assisting the identity code A to generate the identity code B;

18. The method according to any one of claims 11 to 17, further comprising:

the OP acquires the OP account information from the user.

19. An Open ID-based network identity service method, applied to a system of an Open ID-based network identity service including a network application server (RP), a public identity identification server (OP) and an identity code server (ID), wherein the RP and the OP are communicatively connected to a user, the ID code server is communicatively connected to the user through the OP, and the RP is communicatively connected to the OP at the same time, the method includes:

and the identity code server acquires an identity code A according to the personal identity code request, generates an identity code B according to the identity code A, and feeds back the identity code B to the OP, wherein the identity code A is used for identifying the identity information of the user at the OP, and the identity code B is used for identifying the identity information of the user at the RP.

20. The method of claim 19, wherein when the personal identity code request includes an identity code a and an RP ID, the identity code server obtains the identity code a according to the personal identity code request and generates an identity code B according to the identity code a, comprising:

21. The method of claim 20, wherein before the identity code server receives the personal identity code request from the OP, the method further comprises:

and the identity coding server saves the RP registration code and feeds back the RP ID to the OP.

22. The method of claim 19, wherein when the personal identity code request includes an identity information ciphertext, an OP ID, and an RP ID, the identity code server generates an identity code B based on the personal identity code request, comprising:

and the identity code server feeds back the identity code A and the identity code B to the OP.

23. The method of claim 22, wherein before the identity code server receives the personal identity code request from the OP, the method further comprises:

the identity code server receiving an OP registration request from the OP, the OP registration request comprising OP information;

the identity coding server generates the OP ID and the OP registration code according to the OP information;

24. The method according to any one of claims 19 to 23, further comprising:

and the identity code server determines the identity information of the user according to the identity code A and the identity code B.

25. An Open ID-based network identity service method, applied to a system of an Open ID-based network identity service including a network application server (RP), a public identity identification server (OP) and an identity code server (ID), wherein the RP and the OP are communicatively connected to a user, the ID code server is communicatively connected to the user through the OP, and the RP is communicatively connected to the OP at the same time, the method includes:

after the OP authentication is successful, the RP receives an identity code B of the user from the OP, stores the identity code B, and establishes a mapping relation between the identity code B and an Open ID, wherein the identity code B is used for identifying identity information of the user at the RP;

after the mapping relation between the identity code B and the Open ID is established, the RP feeds login success information back to the user.