CN116232737A - Point-to-point distributed digital identity connection establishment method, device, equipment and medium - Google Patents

Point-to-point distributed digital identity connection establishment method, device, equipment and medium Download PDF

Info

Publication number
CN116232737A
CN116232737A CN202310240048.9A CN202310240048A CN116232737A CN 116232737 A CN116232737 A CN 116232737A CN 202310240048 A CN202310240048 A CN 202310240048A CN 116232737 A CN116232737 A CN 116232737A
Authority
CN
China
Prior art keywords
node
point
digital identity
distributed digital
target
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202310240048.9A
Other languages
Chinese (zh)
Inventor
温化冰
平庆瑞
张一锋
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhongchao Credit Card Industry Development Co ltd
China Banknote Printing and Minting Group Co Ltd
Original Assignee
Zhongchao Credit Card Industry Development Co ltd
China Banknote Printing and Minting Group Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhongchao Credit Card Industry Development Co ltd, China Banknote Printing and Minting Group Co Ltd filed Critical Zhongchao Credit Card Industry Development Co ltd
Priority to CN202310240048.9A priority Critical patent/CN116232737A/en
Publication of CN116232737A publication Critical patent/CN116232737A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/06Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/104Peer-to-peer [P2P] networks
    • H04L67/1061Peer-to-peer [P2P] networks using node-based peer discovery mechanisms
    • H04L67/1065Discovery involving distributed pre-established resource-based relationships among peers, e.g. based on distributed hash tables [DHT] 
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Computer And Data Communications (AREA)

Abstract

The application discloses a point-to-point distributed digital identity connection establishment method, a device, equipment and a medium, which relate to the technical field of computers and comprise the following steps: generating a hash value by the initiating node; establishing TCP connection between an initiating node and a target node based on the initiating node, the index server and the target node and the hash value; the control target node acquires and stores a first distributed digital identity of the target node, and sends a first document of the first distributed digital identity to the initiating node based on TCP connection; the method comprises the steps that an initiating node is controlled to acquire and store a first document sent by a target node, acquire and store a second distributed digital identity of the initiating node, and send the second document of the second distributed digital identity to the target node based on TCP connection; and the control target node acquires and stores a second document sent by the initiating node so as to establish point-to-point distributed digital identity connection between the target node and the initiating node. The method and the device can directly establish the connection between the distributed digital identities point to point.

Description

Point-to-point distributed digital identity connection establishment method, device, equipment and medium
Technical Field
The present invention relates to the field of computer technologies, and in particular, to a method, an apparatus, a device, and a medium for establishing a point-to-point distributed digital identity connection.
Background
Currently, in the distributed digital identity network, each digital identity owner needs to establish a connection with a Cloud Agent (i.e. Cloud Agent) through its own Agent (referred to as Edge Agent), and then can communicate with each other. One cloud agent may establish a connection with multiple edge agents, with multiple cloud agents on the network.
An edge proxy typically runs on a client that is directly controlled by the distributed digital identity owner, and a cloud proxy is a node on the network, similar to a server. The cloud proxy is responsible for connecting multiple edge proxies and for handling the routing of distributed digital identity connections, as shown in figure 1.
However, this approach of using cloud agents has drawbacks, mainly: 1. communication is carried out through the connection cloud agent, so that the decentralization degree of the distributed digital identity is weakened; 2. each interaction needs to pass through the cloud proxy server, so that the server is overburdened, and throughput of the cloud proxy server is affected. While deploying more cloud proxies can alleviate this problem, the large number of cloud proxy servers greatly increases cost; 3. the addition of cloud agents increases the complexity of the network and also requires handling complex routes.
In summary, how to directly establish a connection between distributed digital identities point-to-point is a current urgent problem to be solved.
Disclosure of Invention
In view of the above, the present invention aims to provide a method, a device, and a medium for establishing a point-to-point distributed digital identity connection, which can directly establish a connection between distributed digital identities point-to-point. The specific scheme is as follows:
in a first aspect, the application discloses a method for establishing a point-to-point distributed digital identity connection, which is applied to a point-to-point distributed digital identity connection establishment system, wherein the point-to-point distributed digital identity connection establishment system comprises an index server, an initiating node and a target node, and comprises the following steps:
generating a hash value by the initiating node;
establishing a TCP connection between the initiating node and the target node based on the data transmission between the initiating node, the index server and the target node and the hash value;
controlling the target node to acquire and store a first distributed digital identity of the target node, and sending a first document corresponding to the first distributed digital identity to the initiating node based on the TCP connection;
The initiating node is controlled to acquire and store the first document sent by the target node, then acquire and store a second distributed digital identity of the initiating node, and send a second document corresponding to the second distributed digital identity to the target node based on the TCP connection;
and controlling the target node to acquire and store the second document sent by the initiating node so as to establish point-to-point distributed digital identity connection between the target node and the initiating node.
Optionally, the generating, by the initiating node, a hash value includes:
generating a hash value, a reference random number and an initiation public key through the initiation node, dividing the initiation public key into an odd bit initiation public key and an even bit initiation public key, and dividing the reference random number into an odd bit reference random number and an even bit reference random number;
accordingly, the establishing a TCP connection between the initiating node and the target node based on the data transmission between the initiating node, the index server and the target node and the hash value includes:
the originating node is controlled to send the hash value, the odd-bit reference random number and the odd-bit originating public key to the index server, so that the index server obtains the first node address of the originating node, and sends the hash value, the even-bit reference random number and the even-bit originating public key to the target node;
Controlling the target node and acquiring the odd-bit reference random number and the odd-bit originating public key from the index server based on the hash value so that the index server acquires the second node address of the target node, then acquiring the reference random number based on the odd-bit reference random number and the even-bit reference random number, and acquiring the originating public key based on the even-bit originating public key and the odd-bit originating public key;
and establishing a TCP connection between the initiating node and the target node through the index server and based on the first node address and the second node address.
Optionally, the controlling the target node to acquire and store a first distributed digital identity of the target node, and send, based on the TCP connection, a first document corresponding to the first distributed digital identity to the originating node includes:
controlling the target node to acquire and store a first distributed digital identity of the target node, and encrypting a first document corresponding to the first distributed digital identity and the reference random number by using the initiating public key to obtain first encryption information;
And controlling the target node to sign the first encrypted information by using a first private key corresponding to the first distributed digital identity to obtain a first signature, and sending the first signature and the first encrypted information to the initiating node based on the TCP connection.
Optionally, the generating, by the initiating node, a hash value, a reference random number, and an initiating public key includes:
generating a hash value, a reference random number, an initiating public key and an initiating private key through the initiating node;
correspondingly, the controlling the initiating node to acquire and store the first document includes:
the initiating node is controlled to acquire a target signature and target encryption information, and the target encryption information is decrypted by utilizing the initiating private key;
if the target identity document and the target random number are obtained, controlling the initiating node to check the target signature by using a target public key in the target identity document;
if the signature verification is successful, judging whether the target random number is the same as the reference random number;
if the target identity documents are the same, the target identity documents are the first documents, the target label names are the first signatures, and then the initiating node is controlled to store the first documents.
Optionally, the obtaining and saving the second distributed digital identity of the initiating node, and sending, based on the TCP connection, a second document corresponding to the second distributed digital identity to the target node includes:
the initiating node is controlled to acquire and store a second distributed digital identity of the initiating node, and a second document corresponding to the second distributed digital identity is encrypted by using a first public key in the first document to obtain second encrypted information;
and controlling the initiating node to sign the second encrypted information by using a second private key corresponding to the second distributed digital identity to obtain a second signature, and sending the second encrypted information and the second signature to the target node.
Optionally, the controlling the target node to obtain and store the second document sent by the initiating node, so as to establish a point-to-point distributed digital identity connection between the target node and the initiating node, includes:
controlling the target node to acquire the reference encryption information and the reference signature;
decrypting the reference encrypted information using the first private key corresponding to the first distributed digital identity;
If the reference identity document is obtained, controlling the target node to check the reference signature by using a reference public key in the reference identity document;
and if the signature verification is successful, the reference identity document is the second document, the reference signature is the second signature, and the target node is controlled to store the second document.
Optionally, the method for establishing the point-to-point distributed digital identity connection further includes:
if the TCP connection between the target node and the initiating node is disconnected, resulting in disconnection of the distributed digital identity connection of the point-to-point between the target node and the initiating node, jumping to the generation of a hash value by the initiating node to reestablish the distributed digital identity connection of the point-to-point between the target node and the initiating node.
In a second aspect, the application discloses a point-to-point distributed digital identity connection establishment device, which is applied to a point-to-point distributed digital identity connection establishment system, wherein the point-to-point distributed digital identity connection establishment system comprises an index server, an initiating node and a target node, and the method comprises the following steps:
the generation module is used for generating a hash value through the initiating node;
A TCP connection establishment module, configured to establish a TCP connection between the initiator node and the target node based on the data transmission between the initiator node, the index server, and the target node, and the hash value;
the first acquisition module is used for controlling the target node to acquire and store a first distributed digital identity of the target node;
a first sending module, configured to send, based on the TCP connection, a first document corresponding to the first distributed digital identity to the originating node;
the second acquisition module is used for controlling the initiating node to acquire and store the first document sent by the target node and then acquire and store a second distributed digital identity of the initiating node;
the second sending module is used for sending a second document corresponding to the second distributed digital identity to the target node based on the TCP connection;
and the third acquisition module is used for controlling the target node to acquire and store the second document sent by the initiating node so as to establish point-to-point distributed digital identity connection between the target node and the initiating node.
In a third aspect, the present application discloses an electronic device comprising a processor and a memory; the processor implements the method for establishing the point-to-point distributed digital identity connection when executing the computer program stored in the memory.
In a fourth aspect, the present application discloses a computer-readable storage medium for storing a computer program; the computer program, when executed by the processor, implements the point-to-point distributed digital identity connection establishment method disclosed above.
As can be seen, the present application generates a hash value through the initiating node; establishing a TCP connection between the initiating node and the target node based on the data transmission between the initiating node, the index server and the target node and the hash value; controlling the target node to acquire and store a first distributed digital identity of the target node, and sending a first document corresponding to the first distributed digital identity to the initiating node based on the TCP connection; the initiating node is controlled to acquire and store the first document sent by the target node, then acquire and store a second distributed digital identity of the initiating node, and send a second document corresponding to the second distributed digital identity to the target node based on the TCP connection; and controlling the target node to acquire and store the second document sent by the initiating node so as to establish point-to-point distributed digital identity connection between the target node and the initiating node. Therefore, the TCP connection between the initiating node and the target node is established, the first document corresponding to the first distributed digital identity of the target node is sent to the initiating node, and the second document corresponding to the second distributed identity of the initiating node is sent to the target node, so that the connection between the target node and the initiating node is established, the use of an index server is reduced, the use of a cloud proxy is reduced, the network complexity is reduced, the decentralization degree of the distributed digital identity is enhanced, the throughput of the cloud proxy or the index server is reduced, and the cost is reduced.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings that are required to be used in the embodiments or the description of the prior art will be briefly described below, and it is obvious that the drawings in the following description are only embodiments of the present invention, and that other drawings can be obtained according to the provided drawings without inventive effort for a person skilled in the art.
FIG. 1 is a schematic diagram of a distributed digital identity network in the prior art;
FIG. 2 is a flow chart of a method for establishing a point-to-point distributed digital identity connection provided by the present application;
FIG. 3 is a schematic diagram of a network topology for point-to-point distributed digital identity connection provided herein;
FIG. 4 is a flowchart of a specific method for establishing a point-to-point distributed digital identity connection;
FIG. 5 is a schematic diagram of a method for establishing a point-to-point distributed digital identity connection according to the present application;
FIG. 6 is a flow chart of a method for establishing a point-to-point distributed digital identity connection provided by the present application;
FIG. 7 is a schematic diagram of a point-to-point distributed digital identity connection establishment device according to the present application;
Fig. 8 is a block diagram of an electronic device provided in the present application.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
Currently, this way of using cloud agents has drawbacks, mainly: 1. communication is carried out through the connection cloud agent, so that the decentralization degree of the distributed digital identity is weakened; 2. each interaction needs to pass through the cloud proxy server, and the server is overloaded, so that the throughput of the cloud proxy server is affected. While deploying more cloud proxies can alleviate this problem, the large number of cloud proxy servers greatly increases cost; 3. the addition of cloud agents increases the complexity of the network and also requires handling complex routes.
In order to overcome the above problems, the present application provides a point-to-point distributed digital identity connection establishment scheme, which can directly establish a connection between distributed digital identities point-to-point.
Referring to fig. 2, an embodiment of the application discloses a method for establishing a point-to-point distributed digital identity connection, which is applied to a point-to-point distributed digital identity connection establishment system, wherein the point-to-point distributed digital identity connection establishment system comprises an index server, an initiating node and a target node, and the method comprises the following steps:
step S11: and generating a hash value by the initiating node.
In this embodiment of the present application, the Hash value is a unique Hash value Hash generated by an agent of the originating node i (for uniquely identifying each node); it should be noted that, to guarantee the uniqueness of the hash value, the input value should be unique when the hash value is generated, such as the MAC address (Media Access Control Address) of the node.
Step S12: and establishing a TCP connection between the initiating node and the target node based on the data transmission among the initiating node, the index server and the target node and the hash value.
In the embodiment of the application, the index server is used as an intermediary, and the hash value is utilized to establish the TCP connection between the initiating node and the target node.
Step S13: and controlling the target node to acquire and store a first distributed digital identity of the target node, and transmitting a first document corresponding to the first distributed digital identity to the initiating node based on the TCP connection.
In this embodiment, each node runs an Agent (Agent) and a Wallet (Wallet), which are directly controlled by the distributed digital identity (Distributed Identity, DID) owner. An agent is software that helps the DID owners communicate with other DID owners (also via the agent).
In this embodiment of the present application, when the target node is controlled to acquire and store the first distributed digital identity of the target node, the first distributed digital identity may be temporarily generated by using an agent of the target node, or may be an idle distributed digital identity in a wallet of the agent.
In the embodiment of the application, each distributed Digital Identity (DID) consists of a DID identifier and a DID document; the DID identifier is a character string with a specific format and is used for representing a digital identity; the DID identifier corresponds to a DID document, which mainly contains the following information: DID identification, public key and authentication method, one or more presentation. The presentation is information representing past, current, or desired states of a resource.
In this embodiment, a first document corresponding to the first distributed digital identity is sent to the originating node based on the TCP (Transmission Control Protocol ) connection, so as to establish a distributed digital identity connection between the target node and the sending node.
Step S14: and controlling the initiating node to acquire and store the first document sent by the target node, then acquiring and storing a second distributed digital identity of the initiating node, and sending a second document corresponding to the second distributed digital identity to the target node based on the TCP connection.
In this embodiment of the present application, the control node obtains and stores the first document sent by the target node, and specifically stores the first document in a wallet of an agent of the initiating node, so as to establish a distributed digital identity connection between the target node and the sending node. It should be noted that before storing, it is also necessary to check whether the first document has a problem (specifically, the first document may be checked according to the DID specification), if there is a problem, it is not stored, and if there is no problem, it is stored.
In this embodiment of the present application, the obtaining and storing the second distributed digital identity of the originating node may be performed by using an agent of the originating node, or may be performed by using an idle distributed digital identity in a wallet of the agent.
In the embodiment of the application, the second document corresponding to the second distributed digital identity is sent to the target node based on the TCP connection, so that the distributed digital identity connection between the target node and the sending node is established.
Step S15: and controlling the target node to acquire and store the second document sent by the initiating node so as to establish point-to-point distributed digital identity connection between the target node and the initiating node.
In this embodiment of the present application, the controlling the target node obtains and stores the second document sent by the initiating node, and specifically stores the second document in a wallet of an agent of the target node, so as to establish a distributed digital identity connection between the target node and the sending node. It should be noted that before storing, it is also necessary to check whether the second document has a problem (specifically, the second document may be checked according to the DID specification), if there is a problem, it is not stored, and if there is no problem, it is stored.
In this embodiment of the present application, the first document of the target node is stored in the wallet of the proxy of the originating node, and the second document of the originating node is stored in the wallet of the proxy of the target node, so that a point-to-point distributed digital identity connection between the target node and the originating node is established, and then a subsequent service (such as credential issuing and verification) based on the DID connection may be performed, where, at this time, the identity owner may participate in a distributed digital identity activity (such as issuing and verification of a credential) directly on the DID layer in a point-to-point manner only by means of the proxy on the own terminal (mobile phone, PC (Personal Computer, personal computer), etc.).
In this embodiment of the present application, if the TCP connection between the target node and the initiator node is disconnected, resulting in disconnection of the distributed digital identity connection of the point-to-point between the target node and the initiator node, the method jumps to the step of generating a hash value by the initiator node, so as to reestablish the distributed digital identity connection of the point-to-point between the target node and the initiator node.
It should be noted that the reasons for causing the TCP connection to be disconnected include: the first node's local private IP address (Internet Protocol Address) may change, causing its public IP to change (e.g., NAT (Network Address Translation, network address translation) is dynamic), further causing TCP to disconnect, and the second, the handset shuts down wifi and mobile data.
In the embodiment of the application, the DID connection is secure, but the index server needs to further enhance security, and a conventional server is adopted for recording.
In this embodiment, as shown in fig. 3, the network topology structure of the distributed digital identity connection of the point-to-point is formed by an index server and other nodes, the index server is connected with each node by TCP, and the nodes are connected by DID. The index server functions as: establishing a point-to-point TCP connection (namely peer-to-peer, P2P for short) between auxiliary nodes; after the point-to-point TCP connection is established between the nodes, the index server does not participate in the work of the nodes any more, and the point-to-point DID connection is established between the nodes by self. In this scenario, the DID connection is built on top of the TCP protocol of the bi-directional connection, rather than on top of the unidirectional HTTP (Hyper Text Transfer Protocol ) protocol as in some of the schemes in the industry.
As can be seen, the present application generates a hash value through the initiating node; establishing a TCP connection between the initiating node and the target node based on the data transmission between the initiating node, the index server and the target node and the hash value; controlling the target node to acquire and store a first distributed digital identity of the target node, and sending a first document corresponding to the first distributed digital identity to the initiating node based on the TCP connection; the initiating node is controlled to acquire and store the first document sent by the target node, then acquire and store a second distributed digital identity of the initiating node, and send a second document corresponding to the second distributed digital identity to the target node based on the TCP connection; and controlling the target node to acquire and store the second document sent by the initiating node so as to establish point-to-point distributed digital identity connection between the target node and the initiating node. Therefore, the TCP connection between the initiating node and the target node is established, the first document corresponding to the first distributed digital identity of the target node is sent to the initiating node, and the second document corresponding to the second distributed identity of the initiating node is sent to the target node, so that the connection between the target node and the initiating node is established, the use of an index server is reduced, the use of a cloud proxy is reduced, the network complexity is reduced, the decentralization degree of the distributed digital identity is enhanced, the throughput of the cloud proxy or the index server is reduced, and the cost is reduced.
Referring to fig. 4, an embodiment of the present application discloses a specific method for establishing a point-to-point distributed digital identity connection, which is applied to a point-to-point distributed digital identity connection establishment system, where the point-to-point distributed digital identity connection establishment system includes an index server, an initiating node and a target node, and the method includes:
step S21: generating a hash value, a reference random number, an initiating public key and an initiating private key through the initiating node, dividing the initiating public key into an odd bit initiating public key and an even bit initiating public key, and dividing the reference random number into an odd bit reference random number and an even bit reference random number.
In the embodiment of the application, the odd bits in the random number form an odd bitDigital sub-random number Rand io (odd bits refer to random number), even bits in the random number form an even-bit sub-random number Rand ie (even bits refer to random numbers); the odd bits in the public key are formed into an odd bit sub-public key Pub io (odd bits initiate public key), even bits in public key are formed into even bits sub public key Pub ie (even bits initiate the public key).
Step S22: and controlling the initiating node to send the hash value, the odd bit reference random number and the odd bit initiating public key to the index server so that the index server obtains the first node address of the initiating node and sends the hash value, the even bit reference random number and the even bit initiating public key to the target node.
In this embodiment, the originating node sends the Hash through an out-of-band connection (out-of-band), which refers to other communication modes, such as email, sms, phone, etc., outside the DID connection being established i (hash value), rand ie (even bit reference random number), pub ie (even bit originating public key) to the target node.
Step S23: and controlling the target node, acquiring the odd-bit reference random number and the odd-bit initiation public key from the index server based on the hash value so that the index server acquires the second node address of the target node, then acquiring the reference random number based on the odd-bit reference random number and the even-bit reference random number, and acquiring the initiation public key based on the even-bit initiation public key and the odd-bit initiation public key.
In this embodiment of the present application, the channel for obtaining the odd-bit reference random number and the odd-bit originating public key from the index server based on the hash value is a different channel from the out-of-band connection; the sub-random number and the sub-public key are transmitted through the two channels connected in an out-of-band manner, so that the risk of man-in-the-middle attack can be reduced; when data of one channel is intercepted, the whole is not influenced.
Step S24: and establishing a TCP connection between the initiating node and the target node through the index server and based on the first node address and the second node address.
In this embodiment of the present application, the hash value, the odd-bit reference random number and the odd-bit initiation public key are sent to the index server, so that the index server may obtain the first node address of the initiation node; the target node is controlled, the odd-bit reference random number and the odd-bit initiating public key are obtained from the index server based on the hash value, the index server can obtain the second node address of the target node, and the index server can establish TCP connection between the initiating node and the target node by means of the existing NAT penetration technology according to the first node address and the second node address.
Step S25: controlling the target node to acquire and store a first distributed digital identity of the target node, and encrypting a first document corresponding to the first distributed digital identity and the reference random number by using the initiating public key to obtain first encryption information; and controlling the target node to sign the first encrypted information by using a first private key corresponding to the first distributed digital identity to obtain a first signature, and sending the first signature and the first encrypted information to the initiating node based on the TCP connection.
Corresponding first file Did _doc o And the received reference random number Rand i By initiating public key Pub i Encryption is carried out by adopting a first Did _doc mode o Cascaded Rand i Then encrypting the cascaded data by using an initiating public key to obtain first encryption information; the encryption process increases the security of the transmission between the target node and the originating node.
In the embodiment of the application, the corresponding first document Did _doc is obtained o And the received reference random number Rand i By initiating public key Pub i After encryption, the encryption result is also required to be encrypted by a first private key Did _priv corresponding to the corresponding first distributed digital identity o Signing, attaching the signature to the encryption result and then sending the signature to the initiating node; the signature process may be deterministicAnd ensuring the correspondence of the sending and receiving target nodes and the initiating nodes.
Step S26: the initiating node is controlled to acquire a target signature and target encryption information, and the target encryption information is decrypted by utilizing the initiating private key; if the target identity document and the target random number are obtained, controlling the initiating node to check the target signature by using a target public key in the target identity document; if the signature verification is successful, judging whether the target random number is the same as the reference random number; if the target identity documents are the same, the target identity documents are the first documents, the target label names are the first signatures, and then the initiating node is controlled to store the first documents.
In this embodiment of the present application, the initiating node obtains the target encryption information, and needs to determine that the target encryption information is the first encryption information, if decryption is successful and signature verification is successful at this time, and the random numbers are the same, then the initiating node stores the first document. The signature verification process further enhances the security of data transmission.
It is noted that the initiation private key Priv is utilized i Decrypting. The originating private key and the originating public key are key pairs.
It should be noted that the target identity document Did _doc is used o The target public key in (a) verifies the signature. It should be noted that the first private key Did _priv corresponding to the corresponding first distributed digital identity o When signing, only the first public key Did _pub in the first document corresponding to the first distributed digital identity can be utilized o And checking the signature, wherein if the signature is successful, the signature shows that the target identity document is the first document from the target node.
Step S27: the initiating node is controlled to acquire and store a second distributed digital identity of the initiating node, and a second document corresponding to the second distributed digital identity is encrypted by using a first public key in the first document to obtain second encrypted information; and controlling the initiating node to sign the second encrypted information by using a second private key corresponding to the second distributed digital identity to obtain a second signature, and sending the second encrypted information and the second signature to the target node based on the TCP connection.
In the embodiment of the application, the initiating node uses the received first document Did _doc of the target node o In (a) is a first public key Did _pub o Encrypting a corresponding second document Did _doc i Obtaining second encryption information; the encryption process increases the security of the transmission between the target node and the originating node.
In the embodiment of the application, the initiating node uses the received first document Did _doc of the target node o In (a) is a first public key Did _pub o Encrypting a corresponding second document Did _doc i After obtaining the second encrypted information, a second private key Did _priv corresponding to the corresponding second distributed digital identity is also needed i And signing, attaching the signature to the encryption result, and then sending the signature to the target node. The signing process may ensure correspondence of the sending and receiving originating and target nodes.
Step S28: controlling the target node to acquire the reference encryption information and the reference signature; decrypting the reference encrypted information using the first private key corresponding to the first distributed digital identity; if the reference identity document is obtained, controlling the target node to check the reference signature by using a reference public key in the reference identity document; and if the signature verification is successful, the reference identity document is the second document, the reference signature is the second signature, and the target node is controlled to store the second document.
In this embodiment of the present invention, the target node obtains the reference encrypted information, and needs to determine that the reference encrypted information is the second encrypted information, and if decryption is successful and signature verification is successful, it indicates that the target encrypted information is the second encrypted information, and then the target node stores the second document.
It should be noted that encryption with the first public key in the first document can only be decrypted with the first private key corresponding to the first distributed digital identity. First private key and first document Did _doc of target node o The first public key in (a) is a key pair.
It is to be noted thatIs, using the second private key Did _priv corresponding to the second distributed digital identity i When signing, only the second document Did _doc can be utilized i The second public key Did _pub of (a) i And verifying the signature, and if the signature verification is successful, indicating that the target identity document is the first document from the target node.
In the embodiment of the application, when data is transmitted between the initiating node and the target node, the asymmetric encryption mode is utilized for encryption, and the asymmetric encryption process is completed in the node instead of being completed in the index server, so that node resources are fully utilized, and the burden of the index server is reduced.
Therefore, the TCP connection between the initiating node and the target node is established, the first document corresponding to the first distributed digital identity of the target node is sent to the initiating node, and the second document corresponding to the second distributed digital identity of the initiating node is sent to the target node, so that the connection between the target node and the initiating node is established, the use of an index server is reduced, the use of a cloud proxy is reduced, the network complexity is reduced, the decentralization degree of the distributed digital identity is enhanced, the throughput of the cloud proxy or the index server is reduced, and the cost is reduced; in addition, when point-to-point transmission is carried out between distributed digital identities, asymmetric encryption is not carried out through an index server, but an encryption and decryption process is transferred to an initiating node and a target node, resources of all nodes are fully utilized, and the burden of the index server is reduced; in addition, the signature and signature verification processes are added in the encryption and decryption process, so that the security of the transmission process between the initiating node and the target node is improved.
Referring to fig. 5, a schematic diagram of a method for establishing a point-to-point distributed digital identity connection is shown, and correspondingly, as shown in fig. 6, a flowchart of a method for establishing a point-to-point distributed digital identity connection is shown; the general procedure is as follows:
1. When two nodes wish to establish DID connection, the proxy of the initiating node generates a unique Hash value Hash i (for uniquely identifying each node), a random number Rand i A pair of public and private keys Pub i And Priv i Then the random number Rand i Divided into 2 sub-random numbers: odd bits in the random number form an odd-bit sub-random number Rand io Even bits in the random number form an even-bit sub-random number Rand ie The method comprises the steps of carrying out a first treatment on the surface of the The odd bits in the public key are formed into an odd bit sub-public key Pub io The even number bits in the public key are formed into an even number bit sub-public key Pub ie
Note that: to ensure uniqueness of the hash values, the input values should be unique, such as the MAC address of the node
2. The initiating node will Hash i 、Rand io 、Pub io Storing into an index server;
3. the originating node hashes via an out-of-band connection (here, other communication means than the DID connection being established, such as email, SMS, phone, etc.) i 、Rand ie 、Pub ie Transmitting to a target node;
4. the target node passes through Hash i Querying an index server for Rand io 、Pub io The path and the out-of-band transmission are two paths which are different, and the double paths transmit the sub-random number and the sub-public key, so that the risk of man-in-the-middle attack can be reduced;
5. the initiating node, the target node and the index server establish point-to-point TCP connection by means of the existing NAT penetration technology;
6. The target node will Rand io And Rand ie Restoring original random number Rand i Pub is to io And Pub ie Restoring original public key Pub i
7. The target node generates and stores Did in the wallet using its proxy o (also available as idle DID in proxy wallet), then corresponding Did _doc o And received Rand i With public key Pub i Encryption mode is Did _doc o Cascaded Rand i The encryption result is then used with the corresponding Did _priv o Signing, attaching the signature to the encryption result and then sending the signature to the initiating node;
8. priv for initiating node i Decrypting and extracting from the decrypted dataDid _doc of fetching target node o And random number Rand i Then using Did _doc o In (a) public key Did _pub o Verifying the signature and then verifying the received random number Rand i And (2) whether the random numbers generated in the step (1) are matched. After these have been found to be all problematic, the received Did _doc is checked again o If there is a problem, did _doc is added if there is no problem o Deposit into self-acting wallet
Note that: can be according to DID specification pair Did _doc o Checking;
9. the originating node generates and stores Did in the wallet using its proxy i (also available with idle DID in proxy wallet) and then using the received Did _doc of the target node o In (a) public key Did _pub o Encrypt the corresponding Did _doc i Re-using the corresponding Did _priv i Signing, attaching the signature to the encryption result, and then sending the signature to the target node;
10. after the target node receives the data, the target node uses the own private key Did _priv o Decrypting, extracting Did _doc of starting node from decrypted data i Then using Did _doc i Did _pub of (a) i And verifying the signature. After all these have been found to be problematic, did _doc is checked again i If there is a problem, the money is stored in the purse of the agent. So far, the point-to-point DID connection is established, and the subsequent service based on the DID connection (such as credential issuing and verification) can be performed;
note that: can be according to DID specification pair Did _doc i An inspection is performed.
In summary, first, aiming at the problem that the decentralization degree of the distributed digital identity is weakened by connecting the cloud proxy for communication, the application establishes the distributed identity connection of the point-to-point, removes the index server, enhances the decentralization degree of the distributed digital identity network, and realizes the point-to-point direct communication; secondly, for each interaction, the cloud proxy needs to authenticate the digital identity, and an asymmetric encryption and decryption algorithm for authentication is time-consuming, so that the burden of the cloud proxy server is increased, and the throughput of the cloud proxy server is affected. Although the problem can be alleviated by deploying more cloud agents, the cost is greatly increased by a large number of cloud agent servers, and the asymmetric encryption and decryption process is completed by nodes without an index server or a cloud agent, so that the problem that the throughput is influenced (the network throughput is improved) due to the fact that the server pressure of the index server or the cloud agent is high is avoided, or the problem of deploying the cloud agent servers in a large number is avoided; thirdly, aiming at the problems that the complexity of the network is increased and complex routing is required to be processed by adding a cloud agent, the distributed identity connection of the point-to-point is established, and the network topology is simplified.
Note that each identification data is as follows:
Pub i : the public key of the originating node (originating public key);
Pub io : an odd bit sub-public key of the originating node (odd bit originating public key);
Pub ie : an even bit sub-public key of the originating node (even bit originating public key);
Priv i : the private key of the originating node (originating private key);
Did i : DID (second distributed digital identity) of the initiating node;
Did_doc i : DID document of the originating node (second document);
Did_pub i : a public key (second public key) in the DID document of the originating node;
Did_priv i : the DID private key of the initiating node (second private key);
Did o : DID (first distributed digital identity) of the target node;
Did_doc o : DID document (first document) of the target node;
Did_pub o : a public key (first public key) in the DID document of the target node;
Did_priv o : the DID private key (first private key) of the target node;
Rand i : a random number (reference random number) generated by the initiating node;
Rand io : odd-bit sub-random numbers (odd-bit reference random) generated by the originating nodeA number);
Rand ie : an even sub-random number (even reference random number) generated by the initiating node;
Hash i : the unique hash value generated by the originating node.
Referring to fig. 7, an embodiment of the application discloses a point-to-point distributed digital identity connection establishment device, which is applied to a point-to-point distributed digital identity connection establishment system, wherein the point-to-point distributed digital identity connection establishment system comprises an index server, an initiating node and a target node, and the device comprises:
A generating module 11, configured to generate a hash value through the initiating node;
a TCP connection establishment module 12, configured to establish a TCP connection between the originating node and the destination node based on the hash value and data transmission between the originating node, the index server, and the destination node;
a first obtaining module 13, configured to control the target node to obtain and store a first distributed digital identity of the target node;
a first sending module 14, configured to send, to the originating node, a first document corresponding to the first distributed digital identity based on the TCP connection;
a second obtaining module 15, configured to control the originating node to obtain and store the first document sent by the target node, and then obtain and store a second distributed digital identity of the originating node;
a second sending module 16, configured to send, based on the TCP connection, a second document corresponding to the second distributed digital identity to the target node;
and a third obtaining module 17, configured to control the target node to obtain and store the second document sent by the initiating node, so as to establish a point-to-point distributed digital identity connection between the target node and the initiating node.
The more specific working process of each module may refer to the corresponding content disclosed in the foregoing embodiment, and will not be described herein.
As can be seen, the present application generates a hash value through the initiating node; establishing a TCP connection between the initiating node and the target node based on the data transmission between the initiating node, the index server and the target node and the hash value; controlling the target node to acquire and store a first distributed digital identity of the target node, and sending a first document corresponding to the first distributed digital identity to the initiating node based on the TCP connection; the initiating node is controlled to acquire and store the first document sent by the target node, then acquire and store a second distributed digital identity of the initiating node, and send a second document corresponding to the second distributed digital identity to the target node based on the TCP connection; and controlling the target node to acquire and store the second document sent by the initiating node so as to establish point-to-point distributed digital identity connection between the target node and the initiating node. Therefore, the TCP connection between the initiating node and the target node is established, the first document corresponding to the first distributed digital identity of the target node is sent to the initiating node, and the second document corresponding to the second distributed identity of the initiating node is sent to the target node, so that the connection between the target node and the initiating node is established, the use of an index server is reduced, the use of a cloud proxy is reduced, the network complexity is reduced, the decentralization degree of the distributed digital identity is enhanced, the throughput of the cloud proxy or the index server is reduced, and the cost is reduced.
Further, the embodiment of the present application further provides an electronic device, and fig. 8 is a structural diagram of the electronic device 20 according to an exemplary embodiment, where the content of the drawing is not to be considered as any limitation on the scope of use of the present application.
Fig. 8 is a schematic structural diagram of an electronic device 20 according to an embodiment of the present application. The electronic device 20 may specifically include: at least one processor 21, at least one memory 22, a power supply 23, an input-output interface 24, a communication interface 25, and a communication bus 26. Wherein the memory 22 is adapted to store a computer program to be loaded and executed by the processor 21 for implementing the relevant steps of the point-to-point distributed digital identity connection establishment method disclosed in any of the previous embodiments.
In this embodiment, the power supply 23 is configured to provide an operating voltage for each hardware device on the electronic device 20; the communication interface 25 can create a data transmission channel between the electronic device 20 and an external device, and the communication protocol to be followed is any communication protocol applicable to the technical solution of the present application, which is not specifically limited herein; the input/output interface 24 is used for obtaining external input data or outputting external output data, and the specific interface type thereof may be selected according to the specific application needs, which is not limited herein.
The memory 22 may be a carrier for storing resources, such as a read-only memory, a random access memory, a magnetic disk, or an optical disk, and the memory 22 may be a nonvolatile memory including a random access memory as a running memory and a storage purpose for an external memory, and the storage resources include an operating system 221, a computer program 222, and the like, and the storage may be temporary storage or permanent storage.
The operating system 221 is used to manage and control various hardware devices on the electronic device 20 and the computer program 222 on the source host, and the operating system 221 may be Windows, unix, linux or the like. The computer program 222 may further comprise a computer program capable of performing other specific tasks in addition to the computer program capable of performing the point-to-point distributed digital identity connection establishment method performed by the electronic device 20 as disclosed in any of the previous embodiments.
In this embodiment, the input/output interface 24 may specifically include, but is not limited to, a USB interface, a hard disk read interface, a serial interface, a voice input interface, a fingerprint input interface, and the like.
Further, the embodiment of the application also discloses a computer readable storage medium for storing a computer program; the computer program, when executed by the processor, implements the point-to-point distributed digital identity connection establishment method disclosed above.
For specific steps of the method, reference may be made to the corresponding contents disclosed in the foregoing embodiments, and no further description is given here.
The computer readable storage medium as referred to herein includes random access Memory (Random Access Memory, RAM), memory, read-Only Memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, magnetic or optical disk, or any other form of storage medium known in the art. The computer program, when executed by the processor, implements the aforementioned point-to-point distributed digital identity connection establishment method. For specific steps of the method, reference may be made to the corresponding contents disclosed in the foregoing embodiments, and no further description is given here.
In this specification, each embodiment is described in a progressive manner, and each embodiment is mainly described in a different point from other embodiments, so that the same or similar parts between the embodiments are referred to each other. For the device disclosed in the embodiment, the description is simpler because the device corresponds to the point-to-point distributed digital identity connection establishment method disclosed in the embodiment, and the relevant points are referred to in the description of the method section.
Those of skill would further appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both, and that the various illustrative elements and steps are described above generally in terms of functionality in order to clearly illustrate the interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
The steps of an algorithm described in connection with the embodiments disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. The software modules may be disposed in Random Access Memory (RAM), memory, read Only Memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art.
Finally, it is further noted that relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
The above describes in detail a method, apparatus, device and medium for establishing a point-to-point distributed digital identity connection, and specific examples are applied to illustrate the principles and embodiments of the present invention, where the above description of the examples is only for helping to understand the method and core ideas of the present invention; meanwhile, as those skilled in the art will have variations in the specific embodiments and application scope in accordance with the ideas of the present invention, the present description should not be construed as limiting the present invention in view of the above.

Claims (10)

1. The method is characterized by being applied to a point-to-point distributed digital identity connection establishment system, wherein the point-to-point distributed digital identity connection establishment system comprises an index server, an initiating node and a target node, and the method comprises the following steps:
generating a hash value by the initiating node;
establishing a TCP connection between the initiating node and the target node based on the data transmission between the initiating node, the index server and the target node and the hash value;
controlling the target node to acquire and store a first distributed digital identity of the target node, and sending a first document corresponding to the first distributed digital identity to the initiating node based on the TCP connection;
The initiating node is controlled to acquire and store the first document sent by the target node, then acquire and store a second distributed digital identity of the initiating node, and send a second document corresponding to the second distributed digital identity to the target node based on the TCP connection;
and controlling the target node to acquire and store the second document sent by the initiating node so as to establish point-to-point distributed digital identity connection between the target node and the initiating node.
2. The method for establishing a point-to-point distributed digital identity connection according to claim 1, wherein the generating, by the originating node, a hash value includes:
generating a hash value, a reference random number and an initiation public key through the initiation node, dividing the initiation public key into an odd bit initiation public key and an even bit initiation public key, and dividing the reference random number into an odd bit reference random number and an even bit reference random number;
accordingly, the establishing a TCP connection between the initiating node and the target node based on the data transmission between the initiating node, the index server and the target node and the hash value includes:
The originating node is controlled to send the hash value, the odd-bit reference random number and the odd-bit originating public key to the index server, so that the index server obtains the first node address of the originating node, and sends the hash value, the even-bit reference random number and the even-bit originating public key to the target node;
controlling the target node and acquiring the odd-bit reference random number and the odd-bit originating public key from the index server based on the hash value so that the index server acquires the second node address of the target node, then acquiring the reference random number based on the odd-bit reference random number and the even-bit reference random number, and acquiring the originating public key based on the even-bit originating public key and the odd-bit originating public key;
and establishing a TCP connection between the initiating node and the target node through the index server and based on the first node address and the second node address.
3. The method for establishing a point-to-point distributed digital identity connection according to claim 2, wherein the controlling the target node to acquire and store the first distributed digital identity of the target node, and transmitting, based on the TCP connection, a first document corresponding to the first distributed digital identity to the originating node includes:
Controlling the target node to acquire and store a first distributed digital identity of the target node, and encrypting a first document corresponding to the first distributed digital identity and the reference random number by using the initiating public key to obtain first encryption information;
and controlling the target node to sign the first encrypted information by using a first private key corresponding to the first distributed digital identity to obtain a first signature, and sending the first signature and the first encrypted information to the initiating node based on the TCP connection.
4. A method for establishing a point-to-point distributed digital identity connection according to claim 3, wherein the generating, by the originating node, a hash value, a reference random number, and an originating public key comprises:
generating a hash value, a reference random number, an initiating public key and an initiating private key through the initiating node;
correspondingly, the controlling the initiating node to acquire and store the first document includes:
the initiating node is controlled to acquire a target signature and target encryption information, and the target encryption information is decrypted by utilizing the initiating private key;
if the target identity document and the target random number are obtained, controlling the initiating node to check the target signature by using a target public key in the target identity document;
If the signature verification is successful, judging whether the target random number is the same as the reference random number;
if the target identity documents are the same, the target identity documents are the first documents, the target label names are the first signatures, and then the initiating node is controlled to store the first documents.
5. The method for establishing a point-to-point distributed digital identity connection according to claim 4, wherein the obtaining and storing the second distributed digital identity of the originating node and sending the second document corresponding to the second distributed digital identity to the target node based on the TCP connection includes:
the initiating node is controlled to acquire and store a second distributed digital identity of the initiating node, and a second document corresponding to the second distributed digital identity is encrypted by using a first public key in the first document to obtain second encrypted information;
and controlling the initiating node to sign the second encrypted information by using a second private key corresponding to the second distributed digital identity to obtain a second signature, and sending the second encrypted information and the second signature to the target node.
6. The method for establishing a point-to-point distributed digital identity connection according to claim 5, wherein said controlling the target node to acquire and save the second document sent by the originating node to establish a point-to-point distributed digital identity connection between the target node and the originating node includes:
Controlling the target node to acquire the reference encryption information and the reference signature;
decrypting the reference encrypted information using the first private key corresponding to the first distributed digital identity;
if the reference identity document is obtained, controlling the target node to check the reference signature by using a reference public key in the reference identity document;
and if the signature verification is successful, the reference identity document is the second document, the reference signature is the second signature, and the target node is controlled to store the second document.
7. The point-to-point distributed digital identity connection establishment method according to any one of claims 1 to 6, further comprising:
if the TCP connection between the target node and the initiating node is disconnected, resulting in disconnection of the distributed digital identity connection of the point-to-point between the target node and the initiating node, jumping to the generation of a hash value by the initiating node to reestablish the distributed digital identity connection of the point-to-point between the target node and the initiating node.
8. A point-to-point distributed digital identity connection establishment device, which is applied to a point-to-point distributed digital identity connection establishment system, wherein the point-to-point distributed digital identity connection establishment system comprises an index server, an initiating node and a target node, and the device comprises:
The generation module is used for generating a hash value through the initiating node;
a TCP connection establishment module, configured to establish a TCP connection between the initiator node and the target node based on the data transmission between the initiator node, the index server, and the target node, and the hash value;
the first acquisition module is used for controlling the target node to acquire and store a first distributed digital identity of the target node;
a first sending module, configured to send, based on the TCP connection, a first document corresponding to the first distributed digital identity to the originating node;
the second acquisition module is used for controlling the initiating node to acquire and store the first document sent by the target node and then acquire and store a second distributed digital identity of the initiating node;
the second sending module is used for sending a second document corresponding to the second distributed digital identity to the target node based on the TCP connection;
and the third acquisition module is used for controlling the target node to acquire and store the second document sent by the initiating node so as to establish point-to-point distributed digital identity connection between the target node and the initiating node.
9. An electronic device comprising a processor and a memory; wherein the processor, when executing the computer program stored in the memory, implements a point-to-point distributed digital identity connection establishment method as claimed in any one of claims 1 to 7.
10. A computer-readable storage medium storing a computer program; wherein the computer program, when executed by a processor, implements a point-to-point distributed digital identity connection establishment method as claimed in any one of claims 1 to 7.
CN202310240048.9A 2023-03-06 2023-03-06 Point-to-point distributed digital identity connection establishment method, device, equipment and medium Pending CN116232737A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310240048.9A CN116232737A (en) 2023-03-06 2023-03-06 Point-to-point distributed digital identity connection establishment method, device, equipment and medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310240048.9A CN116232737A (en) 2023-03-06 2023-03-06 Point-to-point distributed digital identity connection establishment method, device, equipment and medium

Publications (1)

Publication Number Publication Date
CN116232737A true CN116232737A (en) 2023-06-06

Family

ID=86576722

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310240048.9A Pending CN116232737A (en) 2023-03-06 2023-03-06 Point-to-point distributed digital identity connection establishment method, device, equipment and medium

Country Status (1)

Country Link
CN (1) CN116232737A (en)

Similar Documents

Publication Publication Date Title
RU2542911C2 (en) Low-latency peer-to-peer session establishment
US7039713B1 (en) System and method of user authentication for network communication through a policy agent
CN107113319B (en) Method, device and system for responding in virtual network computing authentication and proxy server
US20210037083A1 (en) Cloud Authenticated Offline File Sharing
WO2019178942A1 (en) Method and system for performing ssl handshake
CN108768979B (en) Method for accessing intranet, device and system for accessing intranet
KR20130076798A (en) Method and system for reliable protocol tunneling over http
CN108401011A (en) The accelerated method of handshake request, equipment and fringe node in content distributing network
JP3944182B2 (en) Security communication method
CN110808834B (en) Quantum key distribution method and quantum key distribution system
Marino et al. PKIoT: A public key infrastructure for the Internet of Things
KR101952329B1 (en) Method for generating address information used in transaction of cryptocurrency based on blockchain, electronic apparatus and computer readable recording medium
CN103716280B (en) data transmission method, server and system
CN107104938B (en) Method for establishing secure data exchange channel, client and computer readable medium
CN114173328A (en) Key exchange method and device and electronic equipment
CN107222504B (en) P2P communication method and system
CN117353932A (en) P2P-based cross-platform clip data sharing method
EP3220604B1 (en) Methods for client certificate delegation and devices thereof
CN110049024B (en) Data transmission method, transfer server and access network point server
CN112217862A (en) Data communication method, device, terminal equipment and storage medium
CN109462605B (en) IM communication system and communication method thereof
CN108900584B (en) Data transmission method and system for content distribution network
US20090144436A1 (en) Reverse network authentication for nonstandard threat profiles
CN109450849B (en) Cloud server networking method based on block chain
CN110944052A (en) File transmission method, device, system, electronic equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination