CN101764791B - User identity verification method, equipment and system in business chain - Google Patents
User identity verification method, equipment and system in business chain Download PDFInfo
- Publication number
- CN101764791B CN101764791B CN 200810220345 CN200810220345A CN101764791B CN 101764791 B CN101764791 B CN 101764791B CN 200810220345 CN200810220345 CN 200810220345 CN 200810220345 A CN200810220345 A CN 200810220345A CN 101764791 B CN101764791 B CN 101764791B
- Authority
- CN
- China
- Prior art keywords
- business chain
- service node
- user
- identity
- user identity
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
- Telephonic Communication Services (AREA)
Abstract
The embodiment of the invention discloses a user identity verification method, equipment and a system in a business chain, wherein the method comprises the following steps: receiving business chain calling requests containing business chain user identity marks by business nodes in the business chain; sending user identity analysis requests which comprise the business chain user identity marks and the business node marks of the business nodes to a business chain management device by the business nodes; and making sure that users corresponding to the business chain user identity marks pass the identity verification when the business nodes receive first identity analysis result information which is sent by the business chain management device and comprises the account and logging authentication information of the users corresponding to the business chain user identity marks to visit the business nodes. When being adopted, the invention has the advantage that the user identity verification can be realized by adopting a simple process flow.
Description
Technical field
The present invention relates to the communications field, relate in particular to a kind of user ID authentication method, identify label request to create method, equipment and system.
Background technology
Along with the enhancing of communication network ability, need create business by third party or even general service user.If any one business all needs from the beginning to develop, this will cause very low efficient.
To this, open service framework standard Parlay api interface has been proposed, shield the complexity of bottom communication network agreement by this interface, made third party's service developer under the prerequisite that does not need to be grasped professional communication network knowledge, also have the business that the basic telecommunication network capabilities is used in exploitation.In addition, along with the Web technology rapid development, service-oriented framework (SOA, Service-oriented architecture) becomes the development trend of operation system.The professional interface that externally exposes separates fully with its inner realization, by the mode of standard, calls mutually between the different business and finishes specific service logic jointly, combinations of services technology that Here it is.
Combinations of services refers to several existing business to be combined into a new business by layout and integrated.Combinations of services can be divided into two kinds of centralized system and distributed way.Central controlled combine engine of the general existence of centralized system is called each business respectively with these combinations of services together by this combine engine.And distributed way, there is not central controlled combine engine in combinations of services, but each business calls between the service node each other as a service node, forms calling service chain (being called business chain) and with these combinations of services together.On a business chain, previous service node is service requester, and a back service node then is the corresponding service supplier.
Current a kind of mode to Operational Visit is anonymous access, namely need not authentication, and Any user can both access service.Another mode, service needed is differentiated user's identity, checking is by just using professional by authorized user afterwards.For a business chain, if the user has account number and corresponding account number logging on authentication respectively on each service node, then this user is when calling this business chain, and each service node needs that this user is carried out the checking of identity account number and just can be called in the business chain.When actual calling, the user directly calls first service node of business chain by subscription client, but business chain afterwards calls, and all is to call back one service node by last service node, rather than is directly called by this user client.
From first service node of business chain, for the user is provided the authentication to follow-up service node, the user can inform this service node its user account number and logging on authentication at one service node place, back in advance, then directly with user's identity, i.e. the user account number of its acquisition and logging on authentication visit follow-up service node to this service node.This mode can realize the business chain authentication, but flow process is but very loaded down with trivial details, each service node needs to know the user at account number and the logging on authentication at one service node place, back, and in the business chain invoked procedure, visit different business node need use user's different account numbers and logging on authentication.And also there is very big potential safety hazard in this method, because need the user to expose its account number and logging on authentication to service node, even then this service node also can be visited a service node thereafter with user identity when non-business chain is called, can't guarantee that the user uses service security.
In another method, from first service node of business chain, the user just informs its user account number at one service node place, back of this service node in advance, and this service node is visited follow-up service node with user account number.For this user account number is carried out authentication, by this follow-up service node directly and the user communicate alternately, directly provide logging on authentication by the user to this follow-up service node.A kind of method before comparing, this method has reduced potential safety hazard, because each service node is called, finally all needs the user to provide logging on authentication after confirming, has avoided user's business illegally to be used.But each service node needs still to know that the user is in the account number at one service node place, back, in the business chain invoked procedure, visit different business node need use user's different account numbers, the user will communicate alternately frequently, the logging on authentication of each service node of login is provided, handling process is still very loaded down with trivial details, and brings great inconvenience to the user.
Summary of the invention
Given this, the embodiment of the invention provides a kind of user ID authentication method, identify label request to create method, equipment and system, can adopt simple process flow to realize subscriber authentication.
User ID authentication method in a kind of business chain that the embodiment of the invention provides comprises:
Service node receives the business chain call request that comprises the business chain User Identity;
Described service node sends the user identity analysis request to the business chain manager, and described user identity analysis request comprises the service node sign of described business chain User Identity and described service node;
The first identity analysis result information that described service node sends according to the described business chain manager that receives, determine the user of described business chain User Identity correspondence by authentication, the described first identity analysis result information comprises that described user visits account number and the logging on authentication information of described service node.
User ID authentication method in the another kind of business chain that the embodiment of the invention provides comprises:
Receive the user identity analysis request that service node sends, described user identity analysis request comprises the service node sign of described business chain User Identity and described service node;
Visit the account number of described service node according to the user of described business chain User Identity and the described business chain User Identity correspondence of described service node sign inquiry, obtain the logging on authentication information of described account number correspondence according to the described account number that inquires, and comprise the first identity analysis result information of described account number and logging on authentication information to described service node transmission; So that described service node determines that according to the described first identity analysis result information that receives the user of described business chain User Identity correspondence is by authentication.
User ID authentication method in the another kind of business chain that the embodiment of the invention provides comprises:
Send the business chain call request that comprises the business chain User Identity to service node; So that described service node sends the user identity analysis request of the service node sign that comprises described business chain User Identity and described service node to the business chain manager, the first identity analysis result information according to the described business chain manager transmission that receives, determine the user of described business chain User Identity correspondence by authentication, the described first identity analysis result information comprises that described user visits account number and the logging on authentication information of described service node.
Service node in a kind of business chain that the embodiment of the invention provides comprises:
Receiving element is used for receiving the business chain call request that comprises the business chain User Identity and receives the identity analysis result information that the business chain manager sends;
Identity analysis request unit is used for sending the user identity analysis request to the business chain manager, and described user identity analysis request comprises the service node sign of described business chain User Identity and described service node;
Checking is determining unit as a result, during the first identity analysis result information that is used for sending according to the described business chain manager that described receiving element receives, determine the user of described business chain User Identity correspondence by authentication, the described first identity analysis result information comprises that described user visits account number and the logging on authentication information of described service node.
A kind of business chain manager that the embodiment of the invention provides comprises:
Receiving element is used for receiving the user identity analysis request that service node sends, and described user identity analysis request comprises the service node sign of described business chain User Identity and described service node;
Identity is resolved administrative unit, be used for visiting according to the user of described business chain User Identity and the described business chain User Identity correspondence of described service node sign inquiry the account number of described service node, and when inquiring described account number, obtain the logging on authentication information of described account number correspondence;
Transmitting element is used for sending the first identity analysis result information to described service node, and the described first identity analysis result information comprises that described user visits account number and the logging on authentication information of described service node.
A kind of business chain communication system that the embodiment of the invention provides comprises: form a plurality of service nodes and the business chain manager of business chain, wherein:
Described service node, be used for to receive comprise the business chain call request of business chain User Identity after, send the user identity analysis request to the business chain manager, described user identity analysis request comprises the service node sign of described business chain User Identity and described service node; And when receiving the first identity analysis result information of described business chain manager transmission, determine the user of described business chain User Identity correspondence by authentication, the described first identity analysis result information comprises that described user visits account number and the logging on authentication information of described service node.
Described business chain manager, after being used for receiving the described user identity analysis request of service node transmission, obtain account number and the logging on authentication information that described user visits described service node according to described business chain User Identity and described service node sign, and send the first identity analysis result information to described service node.The embodiment of the invention, when service node receives when calling the call request of described service node by the business chain User Identity, resolved from business chain manager request user identity by described service node, when described service node obtains described user at the user account number at described service node place and logging on authentication from described business chain manager, determine that described subscriber authentication passes through, owing to carry out subscriber authentication all based on unified business chain User Identity, and unification is carried out the user identity parsing by the business chain manager, compare with the prior art scheme, simplified flow process.
Description of drawings
In order to be illustrated more clearly in the embodiment of the invention or technical scheme of the prior art, to do to introduce simply to the accompanying drawing of required use in embodiment or the description of the Prior Art below, apparently, accompanying drawing in describing below only is some embodiments of the present invention, for those of ordinary skills, under the prerequisite of not paying creative work, can also obtain other accompanying drawing according to these accompanying drawings.
Fig. 1 is an embodiment schematic flow sheet of the method for the subscriber authentication in the business chain in the embodiment of the invention;
Fig. 1 .1 is the another embodiment schematic flow sheet of the method for resolving of the user identity in the business chain in the embodiment of the invention;
Fig. 1 .2 is an embodiment schematic flow sheet again of the method for resolving of the user identity in the business chain in the embodiment of the invention;
Fig. 2 is another embodiment schematic flow sheet of the method for the subscriber authentication in the business chain in the embodiment of the invention;
Fig. 3 is that the framework of an embodiment of the business chain communication system in the embodiment of the invention is formed schematic diagram;
Fig. 4 is that an example structure of the service node in the embodiment of the invention is formed schematic diagram;
Fig. 5 is that an example structure of the business chain manager in the embodiment of the invention is formed schematic diagram;
Fig. 6 is an embodiment schematic flow sheet of the method for the user's access service chain in the embodiment of the invention;
Fig. 7 is the business chain manager is created the business chain User Identity for the user embodiment schematic flow sheet of method;
Fig. 8 is an embodiment schematic flow sheet of the method for business chain manager deletion business chain User Identity.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the invention, the technical scheme in the embodiment of the invention is clearly and completely described, obviously, described embodiment only is the present invention's part embodiment, rather than whole embodiment.Based on the embodiment among the present invention, those of ordinary skills belong to the scope of protection of the invention not making the every other embodiment that obtains under the creative work prerequisite.
The embodiment of the invention is in the invoked procedure to same business chain, subscription client and each service node all adopt same business chain User Identity to call service node in the business chain, resolved from business chain manager request user identity by described service node, when described service node obtains described user and visits the user account number at described service node place and logging on authentication from described business chain manager, determine that described subscriber authentication passes through.Being example with a service node in the business chain to the method for subscriber authentication below describes the method for the embodiment of the invention.
Fig. 1 is an embodiment schematic flow sheet of the method for the subscriber authentication in the business chain in the embodiment of the invention; As shown in Figure 1, the method for present embodiment comprises:
Step S100, service node receive the business chain call request that comprises the business chain User Identity; In the specific implementation, described business chain User Identity can be used for business chain user identity of unique differentiation, such as being a business chain user ID, and can be that the user creates by the business chain manager.In the specific implementation, service node can receive the business chain call request that comprises the business chain User Identity that subscription client sends in the business chain; Or, can receive the business chain call request that comprises the business chain User Identity that the business chain manager sends; Maybe can receive the business chain call request that comprises the business chain User Identity that another service node (the last service node in the business chain) sends.
Step S102, described service node sends the user identity analysis request to the business chain manager, and described user identity analysis request comprises the service node sign of described business chain User Identity and described service node; In the specific implementation, described service node sign can be used for service node of unique differentiation, such as the service node title.
Step S104, the first identity analysis result information that described service node sends according to the described business chain manager that receives, determine the user of described business chain User Identity correspondence by authentication, the described first identity analysis result information comprises that the user of described business chain User Identity correspondence visits account number and the logging on authentication information of described service node.Concrete, find to comprise described account number and logging on authentication information in the described first identity analysis result information when described service node, can determine that then the user of described business chain user's chain identify label correspondence is by authentication.In the specific implementation, described logging on authentication information can be the required encrypted message of user's access service node, perhaps digital signature information etc.
Present embodiment is when service node receives when calling the call request of described service node by the business chain User Identity, resolved from business chain manager request user identity by described service node, when described service node obtains described user at the user account number at described service node place and logging on authentication from described business chain manager, determine that described subscriber authentication passes through, owing to carry out subscriber authentication all based on unified business chain User Identity, and unification is carried out the user identity parsing by the business chain manager, compare with the prior art scheme, simplified flow process.And the service node in the business chain only obtains the user at account number and the logging on authentication at described service node place from the business chain manager, and does not know that the user is at account number and the logging on authentication at other service node place.Identity association when having avoided the user to visit different business has effectively realized the isolation of a plurality of identity account numbers of user.
Fig. 1 .1 is the another embodiment schematic flow sheet of the method for resolving of the user identity in the business chain in the embodiment of the invention; Shown in Fig. 1 .1, the method for present embodiment comprises:
Step S110, business chain manager receive the user identity analysis request that service node sends, and described user identity analysis request comprises the service node sign of described business chain User Identity and described service node;
Step S112, described business chain manager identifies the account number that the user who inquires about described business chain User Identity correspondence visits described service node according to described business chain User Identity and described service node, obtains the logging on authentication information of described account number correspondence according to the described account number that inquires;
Step S114 sends the first identity analysis result information that comprises described account number and logging on authentication information to described service node; So that described service node determines that according to the described first identity analysis result information that receives the user of described business chain User Identity correspondence is by authentication.
Present embodiment, after business chain is managed the request of the request user identity parsing that receives the service node transmission, carrying out user identity resolves, after analysis result is sent to the corresponding service node, determine that by described service node whether described user is by authentication, compare with the prior art scheme, need not the user and participate in the authentication flow process, simplified flow process.
Fig. 1 .2 is an embodiment schematic flow sheet again of the method for resolving of the user identity in the business chain in the embodiment of the invention; Shown in Fig. 1 .2, the method for present embodiment comprises S121, and user terminal sends the business chain call request that comprises the business chain User Identity to service node; So that described service node sends the user identity analysis request of the service node sign that comprises described business chain User Identity and described service node to the business chain manager, the first identity analysis result information according to the described business chain manager transmission that receives, determine the user of described business chain User Identity correspondence by authentication, the described first identity analysis result information comprises that described user visits account number and the logging on authentication information of described service node.
Fig. 2 is another embodiment schematic flow sheet of the method for the subscriber authentication in the business chain in the embodiment of the invention; As shown in Figure 2, the method for present embodiment comprises:
Step S200, service node receives the business chain call request that comprises the business chain User Identity in the business chain;
Step S202, described service node sends the user identity analysis request to the business chain manager, and described user identity analysis request comprises the service node sign of described business chain User Identity and described service node;
Step S204, described business chain manager be according to the business chain User Identity that receives, and inquiry determines to call the user's of described business chain user name;
In the specific implementation, but the storage service chain uses information in the business chain manager, described business chain use information is used to indicate the business chain User Identity that uses when each user visits each business chain and each user to the state that calls of each business chain, comprise user name, the business chain sign, business chain User Identity and call corresponding relation between state, concrete described business chain uses information can adopt diagrammatic form to store, following table 1 is one and is used to indicate the business chain use table that business chain is used information
Table 1
Wherein, described user name is used for user of unique differentiation; Described business chain name is called the business chain sign; Described business chain user ID is the business chain User Identity; Described ID use state is used for characterizing the state of described business chain user ID, concrete described ID use state comprises states such as normal condition that the described business chain user ID of indication can use, the disabled time-out of the described business chain user ID of indication, and described ID use state is the optional content of described business chain use table; The described state that calls is used to indicate the user to the situation of calling of certain specific transactions chain, such as, the state that calls of the business chain A of active user User1 is to have called service node S1 and service node S2 among the business chain A, and be to call service node S1 earlier to call service node S2 again.But the described expression mode sequence mode of calling state is namely described the calling sequence between the invoked service node, for example form of S1->S2 in the current invoked procedure of business chain.Another kind is the set mode, namely describes the set of invoked service node in the current invoked procedure of business chain, and the invoked number of times of each service node.Certainly, can also adopt the state representation of calling of other form.
Like this at step S204, described business chain manager is according to the business chain User Identity that receives, inquire about above-mentioned business chain use information and determine to call the user's of described business chain user name, such as, associative list 1, when the business chain User Identity is Ua, determine to call the user User1 by name of business chain A behind the question blank 1.
Step S206, described business chain manager is inquired about described user to the state that calls of described business chain according to the business chain User Identity of described reception; In the specific implementation, when a certain business chain of user's never call, the business chain manager is the call state of the empty described user of initialization of coming to described business chain by the user is set to the state that calls of described business chain.Therefore, when first service node in user's access service chain, at step S206, the result of inquiry is described user to the state that calls of described business chain for empty, is " NULL " sign of representative sky such as Query Result.
Accordingly, at step S206, described business chain manager further inquiry business chain use information determines that the user is to the state that calls of business chain, such as associative list 1, at step S206, can inquire about the current state that calls of determining the business chain A of user User1 according to Ua is S1->S2.
Step S208, described business chain manager identifies, describedly calls state and predefined business chain is called rule according to described service node, whether judgement meets described predefined business chain to calling of described service node is called rule, when judged result when being, execution in step S210; When judged result for not the time, execution in step S220;
In the specific implementation, can store predefined business chain in the business chain manager and call rule, described business chain is called rule and is used to indicate the call relation between each service node in the business chain, comprise business chain sign and call relation definition, and also can comprise usage policy alternatively, described call relation definition namely is used to indicate the call relation between each service node in the described business chain, can adopt the sequence mode, complete calling sequence between the service node of whole service chain is namely described, for example the form of S1->S2->S3->S4.Also can adopt the set mode, namely describe the service node set of whole service chain, and the invoked number of times of each service node.Certainly, can also adopt the call relation definition of other form.Usage policy then is some strategies that this business chain is used, and for example which user can use this business chain etc.
Concrete described business chain is called rule and also can be adopted the form of chart to store, and following table 2 is one and is used to indicate the business chain description list that business chain is called rule.
Table 2
Step S210, the business chain manager adds the described state that calls with described service node;
Associative list 1 and table 2 couple step S208 and step S210 describe.Such as, in the process that the business chain A of active user User1 employing Ua calls, service node S1 adopts Ua to send the business chain call request to service node S2, described service node S2 receives after the described call request, send the identity analysis request to the business chain manager, comprise Ua and service node sign S2 in the described identity analysis request, be located at that the current state that calls to business chain A is S1 in the table 1, know that according to the state that calls user User1's ought time calling of business chain A finish calling service node S1 at the described business chain manager of step S208, know that according to the service node sign that receives the current service node that calls is S2, definition namely should be called S2 after checking and knowing S1 according to the call relation of table 2, therefore can draw and be judged as the judged result that is, like this at step S210, S2 joins the state of calling with service node, so far, the state that calls of generation becomes S1->S2 namely by S1.
Step S212, the business chain manager identifies according to the user's that described inquiry is determined user name and described service node, and inquiry determines that described user visits the account number of described service node, and generates logging on authentication information according to described account number;
In the specific implementation, can store the customer service account in the business chain manager, be used to indicate the account number of each user in each service node, comprise user name, service node sign, account number.
Concrete described customer service account also can adopt the form of chart to store, and following table 3 is a service account tabulation that is used to indicate the customer service account.
Table 3
Accordingly, at step S212, but described business chain manager inquiring user service account information is determined user's account number in service node, such as, associative list 3 determines that according to user name User1 and service node title S1 inquiry the account number of User1 in S1 is Id1.
Step S214, described business chain manager sends the first identity analysis result information to described service node, and the described first identity analysis result information comprises that the user of described business chain User Identity correspondence visits account number and the logging on authentication information of described service node;
Step S216, when described service node receives the first identity analysis result information of described business chain manager transmission, determine the user of described business chain User Identity correspondence by authentication, described service node is finished to the flow process of subscriber authentication in the back;
Step S220, described business chain manager send the second identity analysis result information of subscriber authentication failure to described service node;
Step S222, when described service node receives the second identity analysis result information of described business chain manager transmission, determine the user of described business chain User Identity correspondence not by authentication, the authentication failure, the invoked procedure of described business chain is finished in the back.
Receive when calling the call request of described service node by the business chain User Identity when service node in the present embodiment, resolved from business chain manager request user identity by described service node, when described service node obtains described user at the user account number at described service node place and logging on authentication from described business chain manager, determine that described subscriber authentication passes through, owing to carry out subscriber authentication all based on unified business chain User Identity, and unification is carried out the user identity parsing by the business chain manager, compare with the prior art scheme, simplified flow process.And the service node in the business chain only obtains the user at account number and the logging on authentication at described service node place from the business chain manager, and does not know that the user is at account number and the logging on authentication at other service node place.Identity association when having avoided the user to visit different business has effectively realized the isolation of a plurality of identity account numbers of user.And present embodiment business chain manager is when carrying out the identity parsing, verify whether calling of business chain meets the rule of calling of business chain, only meet call the rule situation under just send the user at user account number and the logging on authentication at corresponding service node place, guaranteed the validity that service node calls.
Accordingly, the embodiment of the invention provides service node and a kind of business chain manager in a kind of business chain communication system, a kind of business chain, below in conjunction with Fig. 3 to Fig. 5 the device of the embodiment of the invention is described.
Fig. 3 is that the framework of an embodiment of the business chain communication system in the embodiment of the invention is formed schematic diagram, as shown in Figure 3, the system of present embodiment comprises that a plurality of service nodes of forming business chain are (in the specific implementation, can comprise a plurality of business chain in the business chain communication system, present embodiment only illustrates with a business chain) and business chain manager, subscription client respectively with described business chain in service node (first node) link to each other with described business chain manager.Present embodiment is in the invoked procedure to same business chain, and subscription client and each service node all adopt same business chain User Identity to call service node in the business chain, and be concrete,
Described service node, be used for to receive comprise the business chain call request of business chain User Identity after, send the user identity analysis request to the business chain manager, described user identity analysis request comprises the service node sign of described business chain User Identity and described service node; And when receiving the first identity analysis result information of described business chain manager transmission, determine the user of described business chain User Identity correspondence by authentication, the described first identity analysis result information comprises that the user of described business chain User Identity correspondence visits account number and the logging on authentication information of described service node.
Described business chain manager, after being used for receiving the described user identity analysis request of service node transmission, identify account number and the logging on authentication information that the user who obtains described business chain User Identity correspondence visits described service node according to described business chain User Identity and described service node, and send the first identity analysis result information to described service node.
Employing business chain User Identity calls the service node in the business chain in the present embodiment, resolved from business chain manager request user identity by described service node, when described service node obtains described user at the user account number at described service node place and logging on authentication from described business chain manager, determine that described subscriber authentication passes through, owing to adopt same business chain User Identity to call, and the unified user identity that carries out to business chain manager place is resolved, compare with the prior art scheme, adopt simple process flow to realize subscriber authentication.And the service node in the business chain only obtains the user at account number and the logging on authentication at described service node place from the business chain manager, and does not know that the user is at account number and the logging on authentication at other service node place.Identity association when having avoided the user to visit different business has effectively realized the isolation of a plurality of identity account numbers of user.
Fig. 4 be in the embodiment of the invention service node (such as, can be service node 1 among Fig. 3, service node 2 or service node 3) example structure form schematic diagram, as shown in Figure 4, the service node of present embodiment comprises receiving element 40, identity analysis request unit 42 and checking determining unit 44 as a result, wherein:
Described receiving element 40 is used for receiving the business chain call request that comprises the business chain User Identity; In the specific implementation, service node can receive the business chain call request that comprises the business chain User Identity (the first node in the business chain is such as the service node 1 among Fig. 3) that subscription client sends in the business chain; Or, can receive the business chain call request that comprises the business chain User Identity (the first node in the business chain replaces the user to initiate business chain by the business chain manager and calls) that the business chain manager sends; Maybe can receive the business chain call request that comprises the business chain User Identity that another service node (the last service node in the business chain receives the business chain call request that service node 1 sends such as the service node 2 among Fig. 3) sends.
Described identity analysis request unit 42 is used for sending the user identity analysis request to the business chain manager, and described user identity analysis request comprises the service node sign of described business chain User Identity and described service node;
Described checking is determining unit 44 as a result, be used for when receiving the first identity analysis result information of described business chain manager transmission, determine the user of described business chain User Identity correspondence by authentication, the described first identity analysis result information comprises that the user of described business chain User Identity correspondence visits account number and the logging on authentication information of described service node.
Employing business chain User Identity calls the service node in the business chain in the present embodiment, resolved from business chain manager request user identity by described service node, when described service node obtains described user at the user account number at described service node place and logging on authentication from described business chain manager, determine that described subscriber authentication passes through, owing to adopt same business chain User Identity to call, and the unified user identity that carries out to business chain manager place is resolved, compare with the prior art scheme, adopt simple process flow to realize subscriber authentication.And the service node in the business chain only obtains the user at account number and the logging on authentication at described service node place from the business chain manager, and does not know that the user is at account number and the logging on authentication at other service node place.Identity association when having avoided the user to visit different business has effectively realized the isolation of a plurality of identity account numbers of user.
Fig. 5 is that an example structure of the business chain manager in the embodiment of the invention is formed schematic diagram, and as shown in Figure 5, the business chain manager of present embodiment comprises receiving element 50, identity parsing administrative unit 52, transmitting element 54, wherein:
Described receiving element 50 is used for receiving the user identity analysis request that service node sends, and described user identity analysis request comprises the service node sign of described business chain User Identity and described service node;
Described identity is resolved administrative unit 52, be used for visiting according to the user of described business chain User Identity and the described business chain User Identity correspondence of described service node sign inquiry the account number of described service node, and when inquiring described account number, obtain the logging on authentication information of described account number correspondence;
Described transmitting element 54 is used for sending the first identity analysis result information to described service node, and the described first identity analysis result information comprises that the user of described business chain User Identity correspondence visits account number and the logging on authentication information of described service node.
Further, described identity is resolved administrative unit 52 and is comprised memory cell 520, the first Identity Management unit 522, the second Identity Management unit 524 and voucher generation unit 526, wherein:
Described memory cell 520, be used for the storage service chain and use information, customer service account, wherein, described business chain use information is used to indicate the business chain User Identity that uses when each user visits each business chain and each user to the state that calls of each business chain; Described customer service account is used to indicate the account number of each user in each service node; Business chain in the present embodiment uses information consistent with preceding method with file layout with the particular content that the customer service account comprises, does not give unnecessary details at this.
The described first Identity Management unit 522 is used for the business chain User Identity according to described receiving element 50 receptions, and the business chain of inquiring about in the described memory cell 520 is used information, determines to call the user of described business chain;
The described second Identity Management unit 524, be used for according to the described first verification management unit, the 522 determined users' of inquiry user name and the described service node sign of described receiving element 50 receptions, inquire about the customer service account in the described memory cell 520, determine that described user visits the account number of described service node;
Described voucher generation unit 526 is used for generating logging on authentication information according to the account number that the described second Identity Management unit, 524 inquiries are determined.
Optionally, the memory cell 520 of present embodiment also is used for the predefined business chain of storage and calls rule, and described business chain is called rule and is used to indicate the call relation between each service node in the business chain; It is consistent with preceding method with file layout that business chain in the present embodiment is called the particular content that rule comprises, do not give unnecessary details at this.
Described identity is resolved administrative unit 52 and is also comprised:
Tiers e'tat administrative unit 523 is used for inquiring about the business chain use information that described memory cell 520 is stored according to the business chain User Identity that described receiving element 50 receives, and determines that described user is to the state that calls of described business chain; And the predefined business chain of storing in the service node sign that receives according to described receiving element 50, the state that calls that described inquiry is determined and the described memory cell is called rule, whether judgement meets the predefined rule of calling to calling of described service node, when judged result when being, described service node is added the described state that calls;
The described second Identity Management unit 524 in the judged result of described tiers e'tat administrative unit 523 when being, according to the described first verification management unit, the 522 determined users' of inquiry user name and the described service node sign of described receiving element 50 receptions, inquire about the customer service account in the described memory cell 520, determine that described user visits the account number of described service node.
Optionally, the transmitting element 54 of present embodiment also be used for when the judged result of described tiers e'tat administrative unit 523 for not the time, send the second identity analysis result information that subscriber authentication is failed to described service node.
Optionally, the business chain manager of present embodiment also comprises:
Business chain Identity Management unit 56 is used for management service chain User Identity.Can comprise a business chain User Identity creating unit in this business chain Identity Management unit 56, be used to the user to create the business chain User Identity, in addition, described business chain Identity Management unit also can the business chain User Identity of creating be suspended, bookkeepings such as recovery and deletion.
Optionally, the business chain manager of present embodiment also comprises:
Call the state initialization unit, be sky for the state that calls of described user to described business chain is set.
In the specific implementation, the receiving element 50 of present embodiment and transmitting element 54 can integratedly be set to an interface module, are used for being responsible for the communication interaction of business chain manager and other equipment, receive and send various requests and response message.The described first Identity Management unit 522, the second Identity Management unit 524 and tiers e'tat administrative unit 523 and described business chain Identity Management unit 56 can integratedly be set to an Identity Management module.
The complete example that calls below by a business chain comes the embodiment of the invention is further described.
Fig. 6 is an embodiment schematic flow sheet of the method for the user's access service chain in the embodiment of the invention; It is example that present embodiment calls business chain A with user User1, and associative list 1, table 2 and table 3 describe, and as shown in Figure 6, the method for present embodiment comprises:
Step S600, the user is by the user name User1 registering service chain manager of subscription client with him, business chain A of request call.
Step S601, the business chain manager receives the call request of this business chain A by interface module, and according to user name User1, the title A inquiry business chain of business chain A uses table, determines that corresponding service chain user ID is Ua by the Identity Management module.If inquire a plurality of business chain user ID, then determine that by the user this time business chain calls employed this Ua.If the ID use state of Ua be normal, it then is set, and to call state be NULL, represent User1 with business chain user ID Ua initialization the invoked procedure of a business chain A.Notify User1 can carry out calling of this time business chain A then.Otherwise notice User1 can not carry out this time business chain and call.
Step S602, if can carry out, the client-requested of user User1 is called business chain A with Ua, this request is sent to first service node S1 of business chain A.
Step S603, service node S1 sends the user identity analysis request to the business chain manager, and this request comprises business chain user ID Ua and service node title S1.If S1 does not know its follow-up service node in business chain A, then simultaneously to business chain manager request its follow-up service node and access mode thereof.
Step S604, the business chain manager receives this request by interface module, uses table by the Identity Management module according to business chain user ID Ua inquiry business chain, and the user who determines to call by Ua business chain A is User1.
Step S605, Identity Management module inquiry business chain description list obtains the call relation definition of business chain A.Judge by inquiry business chain use table whether the state that calls of Ua meets the call relation definition of business chain A then.Owing to be initial call, so this moment, business chain used that the state that calls of the business chain A of Ua is NULL in the table, the service node that the current request identity is resolved is S1, for the call relation definition of sequence mode, if S1 is that first service node then meets the call relation definition in the sequence.For the call relation definition of set mode, if belonging to node set, S1 then meets the call relation definition.
Step S606, as if the call relation definition that calling of S1 is met business chain A, then Identity Management module inquiry business Accounts List knows that the account number of User1 in S1 is Id1, back execution in step S607.If S1 does not meet the call relation definition, then the business chain manager is refused this time identity analysis request, sends the second identity analysis result information of subscriber authentication failure to S1.Be the second identity analysis result information when what send at step S606, then following step S607, S608 and S609 all do not carry out, directly execution in step S610.
Step S607, it is the account number checking authority Auth (Id1) that the account number Id1 of User1 in S1 generates login S1 that the Identity Management module is called the voucher generation unit, comprises user account number Id1 and logging on authentication in S1 among the described Auth (Id1).
Step S608, the Identity Management module is increased to calling in the state of Ua with S1.For the sequence mode, be about to the service node that S1 increases to first modulated usefulness.For the set mode, namely increase S1 to the service node set of modulated usefulness.
Step S609, interface module verifies that with account number authority Auth (Id1) sends to S1 as the first identity analysis result.If S1 does not know its follow-up service node in business chain A, then also will specify follow-up service node and the access mode (such as the node name S2 that comprise service node 2 and the access mode of calling service node 2) thereof of S1 in business chain A in the first identity analysis result.
Step S610, when S1 receives Auth (Id1), can determine that User1 passes through in the authentication of the account number Id1 at S1 place, then S1 normally carries out service logic, call next service node S2 that business chain A goes up S1 with Ua then, that is, send the business chain call request that comprises Ua to S2, S2 becomes this time of user and calls the service node that is called new in the process of business chain A.If S1 receives the second identity analysis result information of authentication failed, the checking that then determines one's identity can not be passed through, and S1 does not carry out service logic, and business chain A carries out flow process and will be terminated herein, and subsequent step all can not carried out.
Step S611, service node S2 sends the identity analysis request to the business chain manager, and this request comprises business chain user ID Ua and service node title S2.If S2 does not know its follow-up service node in business chain A, then ask its follow-up service node and access mode thereof simultaneously.
Step S612, the business chain manager receives this request by interface module, and is same, uses table by the Identity Management module according to business chain user ID Ua inquiry business chain, and the user who determines to call by Ua business chain A is User1.
Step S613, Identity Management module inquiry business chain use table judge whether the state that calls of Ua meets the call relation definition of business chain A.Call state and be called for having only S1 this moment, and the service node that the current request identity is resolved is S2, for the call relation definition of sequence mode, if S2 is that the follow-up service node of S1 then meets the call relation definition in the sequence.For the call relation definition of set mode, if belonging to node set, S2 then meets the call relation definition.
Step S614, as if the call relation definition that calling of S2 is met business chain A, then Identity Management module inquiry business Accounts List knows that the account number of User1 in S2 is Id2, then execution in step S615.If S2 does not meet the call relation definition, then the business chain manager is refused this time identity analysis request, sends the second identity analysis result information that subscriber authentication is failed to S1, and then following step S615, S616 and S617 all do not carry out, and leap to step S618.
Step S615, it is the account number checking authority Auth (Id2) that the account number Id2 of User1 in S2 generates login S2 that the Identity Management module is called the voucher generation unit, comprises user account number Id2 and logging on authentication in S2 among the described Auth (Id2).
Step S616, the Identity Management module is increased to calling in the state of Ua with S2.For the sequence mode, be about to S2 and increase to the follow-up modulated service node of using of S1.For the set mode, namely increase S2 to the service node set of modulated usefulness.
Step S617, interface module verifies that with account number authority Auth (Id2) sends to S2 as the first identity analysis result.If S2 does not know its follow-up service node in business chain A, then also will specify follow-up service node and the access mode thereof of S2 in business chain A in the first identity analysis result.
Follow-up, when S2 receives Auth (Id2), can determine that User1 passes through in the authentication of the account number Id2 at S2 place, then S2 normally carries out service logic, call next service node that business chain A goes up S2 with Ua then, this service node becomes this time of user and calls the service node that is called new in the process of business chain A.If S2 receives the second identity analysis result information of authentication failed, the checking that then determines one's identity can not be passed through, and S2 does not carry out service logic, and business chain A carries out flow process and will be terminated herein, and subsequent step all can not carried out.
This time of user called in the process of business chain A, and each service node all will be resolved to business chain manager request user identity successively, comprises business chain user ID Ua and service node title in the request.If service node is not known its follow-up service node in business chain A, then ask its follow-up service node and access mode thereof simultaneously, up to last service node of carrying out business chain A.
And the business chain manager carries out similar processing procedure: if service node meets the call relation definition of business chain A, be that user User1 generates the account number checking authority of registering service node in the account number of service node, and increase this service node the calling in the state of Ua in the business chain use table.For the sequence mode, be about to the service node tail of sequence that service node is increased to modulated usefulness, for the set mode, namely increase service node to the service node set of modulated usefulness, or increase the modulated number of times of using of service node.In addition, if service node do not know its follow-up service node in business chain A, then in the first identity analysis result also with follow-up service node and the access mode thereof of specified services node in business chain A.Final last service node that arrives business chain A, Ua's calls state equivalent in the call relation definition of business chain A in the business chain use this moment table, all service nodes of expression business chain A all were called, and then this of User1 time business chain A's calls normal termination.
Fig. 7 is an embodiment schematic flow sheet of the business chain manager method of creating the business chain User Identity for the user; As shown in Figure 7, this embodiment comprises:
Step S700, user User registering service chain manager, the business chain user ID of asking to create into it business chain A.
Step S701, the business chain manager receives this request by interface module.If business chain A meets the relevant strategy that can call in business chain user ID mode, then the Identity Management module business chain that can inquire business chain A in the business chain description list is described.If user User meets the usage policy in the business chain description, then the Identity Management module is User distribution service chain user ID, perhaps also can generate satisfactory business chain user ID by user User oneself.
Step S702, Identity Management module accesses business chain is used table, increases a record in the table for User uses in business chain, the user name of registration User, the title of business chain A be the business chain user ID of User distribution, and the ID use state of this business chain user ID of mark is normal.
Step S703, interface module is notified user User the result of its business chain user ID constructive process; If create the business chain user ID of successfully then returning generation, otherwise notice User creates failure.
Accordingly, the embodiment of the invention also provides a kind of business chain user to identify the request to create method at one's side, comprise: user terminal sends business chain User Identity request to create to the business chain manager, create the business chain user and identify at one's side so that described business chain manager is described user, and when receiving the user identity analysis request of service node transmission, visit the account number of described service node according to the user of described business chain User Identity and the described business chain User Identity correspondence of described service node sign inquiry, obtain the logging on authentication information of described account number correspondence according to the described account number that inquires, and comprise the first identity analysis result information of described account number and logging on authentication information to described service node transmission; Described user identity analysis request comprises the service node sign of described business chain User Identity and described service node.
Fig. 8 is an embodiment schematic flow sheet of the method for business chain manager deletion business chain User Identity; As shown in Figure 8, this embodiment comprises:
Step S800, user User registering service chain manager, certain business chain user ID of request deletion.
Step S801, the business chain manager receives this request by interface module, used the record of this business chain user ID correspondence in the table by Identity Management module inquiry business chain: the deletion business chain is used this record in the table, and then this business chain user ID can not be continued to use.
Step S802, interface module is notified this time of user User processing of request result.In the specific implementation, to the business chain user ID suspend, operation such as recovery is identical with deletion action, difference is, for suspending request, it is to suspend that the ID that this record then is set uses state.For the business chain user ID of halted state, business chain manager refusal is to its all identity analysis request; For recovery request, the ID use state of this record then is set for normal; And for deletion action, then delete this record in the business chain use table, then this business chain user ID can not be continued to use.
One of ordinary skill in the art will appreciate that all or part of flow process that realizes in above-described embodiment method, be to instruct relevant hardware to finish by computer program, described program can be stored in the computer read/write memory medium, this program can comprise the flow process as the embodiment of above-mentioned each side method when carrying out.Wherein, described storage medium can be magnetic disc, CD, read-only storage memory body (Read-Only Memory, ROM) or at random store memory body (Random Access Memory, RAM) etc.
Above disclosed is preferred embodiment of the present invention only, can not limit the present invention's interest field certainly with this, and therefore the equivalent variations of doing according to claim of the present invention still belongs to the scope that the present invention is contained.
Claims (24)
1. the user ID authentication method in the business chain is characterized in that, comprising:
Service node receives the business chain call request that comprises the business chain User Identity;
Described service node sends the user identity analysis request to the business chain manager, and described user identity analysis request comprises the service node sign of described business chain User Identity and described service node;
The first identity analysis result information that described service node sends according to the described business chain manager that receives, determine the user of described business chain User Identity correspondence by authentication, the described first identity analysis result information comprises that described user visits account number and the logging on authentication information of described service node.
2. the method for claim 1 is characterized in that, before the first identity analysis result information of described service node according to the described business chain manager transmission that receives, also comprises:
The business chain manager is according to the business chain User Identity that receives, and the user name of described business chain User Identity correspondence is determined in inquiry;
Described business chain manager is according to described service node sign and the definite described user name of described inquiry, and inquiry determines that described user visits the account number of described service node, and generates logging on authentication information according to described account number;
Described business chain manager sends the first identity analysis result information of carrying described account number and logging on authentication information to described service node.
3. method as claimed in claim 2 is characterized in that, described business chain manager is according to described service node sign and the definite described user name of described inquiry, and inquiry determines that described user visits before the account number of described service node, also comprises:
Described business chain manager is inquired about described user to the state that calls of described business chain according to the business chain User Identity of described reception;
According to described service node sign, describedly call state and predefined business chain is called rule, whether judgement meets the predefined rule of calling to calling of described service node, when judged result when being, described service node is added the described state that calls.
4. method as claimed in claim 3 is characterized in that, also comprises:
When a certain business chain of user's never call, described business chain manager arrange the user to the state that calls of described business chain for empty.
5. method as claimed in claim 3, it is characterized in that, when according to described service node sign, describedly call state and predefined described business chain is called rule, whether judgement meets the predefined judged result of calling rule for not the time to calling of described service node, and described business chain manager sends the second identity analysis result information of subscriber authentication failure to described service node.
6. the user ID authentication method in the business chain as claimed in claim 5 is characterized in that: when described service node receives the described second identity analysis result information, determine described subscriber authentication failure, and finish the invoked procedure of described business chain.
7. the method for claim 1 is characterized in that, service node receives the business chain call request that comprises the business chain User Identity and comprises in the described business chain:
Service node receives the business chain call request that comprises the business chain User Identity that subscription client sends in the business chain; Or,
Service node receives the business chain call request that comprises the business chain User Identity that the business chain manager sends in the business chain; Or
Service node receives the business chain call request that comprises the business chain User Identity that another service node sends in the business chain.
8. the user ID authentication method in the business chain is characterized in that, comprising:
The business chain manager receives the user identity analysis request that service node sends, and described user identity analysis request comprises the service node sign of described business chain User Identity and described service node;
Described business chain manager is visited the account number of described service node according to the user of described business chain User Identity and the described business chain User Identity correspondence of described service node sign inquiry, obtain the logging on authentication information of described account number correspondence according to the described account number that inquires, and comprise the first identity analysis result information of described account number and logging on authentication information to described service node transmission; So that described service node determines that according to the described first identity analysis result information that receives the user of described business chain User Identity correspondence is by authentication.
9. method as claimed in claim 8, it is characterized in that, described user according to described business chain User Identity and the described business chain User Identity correspondence of described service node sign inquiry visits the account number of described service node, and the logging on authentication information that obtains described account number correspondence comprises:
The business chain manager is according to the business chain User Identity that receives, and inquiry determines to call the user's of described business chain user name;
Described business chain manager is according to described service node sign and the definite user name of described inquiry, and inquiry determines that described user visits the account number of described service node, and generates logging on authentication information according to described account number.
10. method as claimed in claim 9 is characterized in that, described business chain manager is according to described service node sign and the definite described user name of described inquiry, and inquiry determines that described user visits before the account number of described service node, also comprises:
Described business chain manager is inquired about described user to the state that calls of described business chain according to the business chain User Identity of described reception;
According to described service node sign, describedly call state and predefined business chain is called rule, whether judgement meets the predefined rule of calling to calling of described service node, when judged result when being, described service node is added the described state that calls.
11. method as claimed in claim 10 is characterized in that, also comprises:
When a certain business chain of user's never call, described business chain manager arrange described user to the state that calls of described business chain for empty.
12. method as claimed in claim 10, it is characterized in that, when according to described service node sign, describedly call state and predefined described business chain is called rule, whether judgement meets the predefined judged result of calling rule for not the time to calling of described service node, and described business chain manager sends the second identity analysis result information of subscriber authentication failure to described service node.
13. method as claimed in claim 8 is characterized in that, described receiving before the user identity analysis request that service node sends also comprises:
According to the business chain User Identity request to create of user's transmission, for described user creates the business chain User Identity.
14. the user ID authentication method in the business chain is characterized in that, comprising:
User terminal sends the business chain call request that comprises the business chain User Identity to service node; So that described service node sends the user identity analysis request of the service node sign that comprises described business chain User Identity and described service node to the business chain manager, the first identity analysis result information according to the described business chain manager transmission that receives, determine the user of described business chain User Identity correspondence by authentication, the described first identity analysis result information comprises that described user visits account number and the logging on authentication information of described service node.
15. method as claimed in claim 14 is characterized in that, this method further comprises:
User terminal sends business chain User Identity request to create to the business chain manager, creates the business chain user and identifies at one's side so that described business chain manager is described user; And the user identity analysis request that receives the service node transmission.
16. the service node in the business chain is characterized in that, comprising:
Receiving element is used for receiving the business chain call request that comprises the business chain User Identity and receives the identity analysis result information that the business chain manager sends;
Identity analysis request unit is used for sending the user identity analysis request to the business chain manager, and described user identity analysis request comprises the service node sign of described business chain User Identity and described service node;
Checking is determining unit as a result, during the first identity analysis result information that is used for sending according to the described business chain manager that described receiving element receives, determine the user of described business chain User Identity correspondence by authentication, the described first identity analysis result information comprises that described user visits account number and the logging on authentication information of described service node.
17. the service node in the business chain as claimed in claim 16, it is characterized in that, described checking determining unit as a result also is used for determining that the user of described business chain User Identity correspondence is by authentication when described receiving element receives the second identity analysis result information of indication subscriber authentication failure.
18. a business chain manager is characterized in that, comprising:
Receiving element is used for receiving the user identity analysis request that service node sends, and described user identity analysis request comprises the service node sign of described business chain User Identity and described service node;
Identity is resolved administrative unit, be used for visiting according to the user of described business chain User Identity and the described business chain User Identity correspondence of described service node sign inquiry the account number of described service node, and when inquiring described account number, obtain the logging on authentication information of described account number correspondence;
Transmitting element is used for sending the first identity analysis result information to described service node, and the described first identity analysis result information comprises that described user visits account number and the logging on authentication information of described service node.
19. business chain manager as claimed in claim 18 is characterized in that, described identity is resolved administrative unit and is comprised:
Memory cell is used for the storage service chain and uses information, customer service account, and wherein, described business chain use information is used to indicate the business chain User Identity that uses when each user visits each business chain and each user to the state that calls of each business chain; Described customer service account is used to indicate the account number of each user in each service node;
The first Identity Management unit is used for the business chain User Identity according to described receiving element reception, and the business chain of inquiring about in the described memory cell is used information, determines to call the user of described business chain;
The second Identity Management unit, be used for inquiring about determined user's user name and the described service node sign that described receiving element receives according to the described first Identity Management unit, inquire about the customer service account in the described memory cell, determine that described user visits the account number of described service node;
The voucher generation unit is used for generating logging on authentication information according to the account number that the inquiry of the described second Identity Management unit is determined.
20. business chain manager as claimed in claim 19 is characterized in that, described memory cell also is used for the predefined business chain of storage and calls rule, and described business chain is called rule and is used to indicate the call relation between each service node in the business chain;
Described identity is resolved administrative unit and is also comprised:
The tiers e'tat administrative unit is used for inquiring about the business chain use information that described memory cell is stored according to the business chain User Identity that described receiving element receives, and determines that described user is to the state that calls of described business chain; And the predefined business chain of storing in the service node sign that receives according to described receiving element, the state that calls that described inquiry is determined and the described memory cell is called rule, whether judgement meets the predefined rule of calling to calling of described service node, when judged result when being, described service node is added the described state that calls;
The described second Identity Management unit in the judged result of described tiers e'tat administrative unit when being, inquire about determined user's user name and the described service node sign that described receiving element receives according to the described first Identity Management unit, inquire about the customer service account in the described memory cell, determine that described user visits the account number of described service node.
21. business chain manager as claimed in claim 20, it is characterized in that, described transmitting element also be used for when the judged result of described tiers e'tat administrative unit for not the time, send the second identity analysis result information that subscriber authentication is failed to described service node.
22. business chain manager as claimed in claim 18 is characterized in that, also comprises:
Business chain User Identity creating unit is used to the user to create the business chain User Identity.
23. business chain manager as claimed in claim 20 is characterized in that, also comprises:
Call the state initialization unit, be sky for the state that calls of described user to described business chain is set.
24. a business chain communication system is characterized in that, comprising: form a plurality of service nodes and the business chain manager of business chain, wherein:
Described service node, be used for to receive comprise the business chain call request of business chain User Identity after, send the user identity analysis request to the business chain manager, described user identity analysis request comprises the service node sign of described business chain User Identity and described service node; And when receiving the first identity analysis result information of described business chain manager transmission, determine the user of described business chain User Identity correspondence by authentication, the described first identity analysis result information comprises that described user visits account number and the logging on authentication information of described service node;
Described business chain manager, after being used for receiving the described user identity analysis request of service node transmission, obtain account number and the logging on authentication information that described user visits described service node according to described business chain User Identity and described service node sign, and send the first identity analysis result information to described service node; Described business chain manager identifies the account number that the user who inquires about described business chain User Identity correspondence visits described service node according to described business chain User Identity and described service node, obtains the logging on authentication information of described account number correspondence according to the described account number that inquires; And send the first identity analysis result information that comprises described account number and logging on authentication information to described service node; So that described service node determines that according to the described first identity analysis result information that receives the user of described business chain User Identity correspondence is by authentication.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200810220345 CN101764791B (en) | 2008-12-24 | 2008-12-24 | User identity verification method, equipment and system in business chain |
| PCT/CN2009/075961 WO2010072158A1 (en) | 2008-12-24 | 2009-12-24 | Method, device and system for authenticating user identity in service chain |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200810220345 CN101764791B (en) | 2008-12-24 | 2008-12-24 | User identity verification method, equipment and system in business chain |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101764791A CN101764791A (en) | 2010-06-30 |
| CN101764791B true CN101764791B (en) | 2013-08-28 |
Family
ID=42286910
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 200810220345 Active CN101764791B (en) | 2008-12-24 | 2008-12-24 | User identity verification method, equipment and system in business chain |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN101764791B (en) |
| WO (1) | WO2010072158A1 (en) |
Families Citing this family (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103797751B (en) * | 2012-07-27 | 2017-01-25 | 华为技术有限公司 | Method and device for querying for user online state |
| CN104811326A (en) * | 2014-01-24 | 2015-07-29 | 中兴通讯股份有限公司 | Service chain management method, service chain management system, and devices |
| CN112769834B (en) * | 2016-08-30 | 2023-09-26 | 创新先进技术有限公司 | Identity verification system, method and platform |
| CN109495432B (en) * | 2017-09-13 | 2021-05-25 | 腾讯科技(深圳)有限公司 | Authentication method of anonymous account and server |
| CN117596593A (en) * | 2023-12-06 | 2024-02-23 | 广西电网有限责任公司贵港供电局 | Security authentication method based on wireless communication |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP1816797A1 (en) * | 2004-11-15 | 2007-08-08 | Huawei Technologies Co., Ltd. | A method for invoking the service in the intelligent network |
| CN101136747A (en) * | 2006-08-30 | 2008-03-05 | 中兴通讯股份有限公司 | Information checking system and method |
| CN101160906A (en) * | 2005-04-14 | 2008-04-09 | 国际商业机器公司 | Method and system for access authorization involving group membership across a distributed directory |
| CN101262342A (en) * | 2007-03-05 | 2008-09-10 | 松下电器产业株式会社 | Distributed authorization and validation method, device and system |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1635738A (en) * | 2003-12-26 | 2005-07-06 | 鸿富锦精密工业(深圳)有限公司 | General authentication authorization service system and method |
| CN101212792B (en) * | 2006-12-27 | 2010-12-08 | 中国移动通信集团公司 | Billing information processing method for convergence services |
-
2008
- 2008-12-24 CN CN 200810220345 patent/CN101764791B/en active Active
-
2009
- 2009-12-24 WO PCT/CN2009/075961 patent/WO2010072158A1/en active Application Filing
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP1816797A1 (en) * | 2004-11-15 | 2007-08-08 | Huawei Technologies Co., Ltd. | A method for invoking the service in the intelligent network |
| CN101160906A (en) * | 2005-04-14 | 2008-04-09 | 国际商业机器公司 | Method and system for access authorization involving group membership across a distributed directory |
| CN101136747A (en) * | 2006-08-30 | 2008-03-05 | 中兴通讯股份有限公司 | Information checking system and method |
| CN101262342A (en) * | 2007-03-05 | 2008-09-10 | 松下电器产业株式会社 | Distributed authorization and validation method, device and system |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2010072158A1 (en) | 2010-07-01 |
| CN101764791A (en) | 2010-06-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11743699B2 (en) | Method of discovering services provided by a network repository function | |
| CN110443704B (en) | Method and device for sending resources in cross-link mode | |
| CN110311790B (en) | Method and device for sending authenticable message in cross-link mode | |
| CN109561226B (en) | API (application program interface) mixed multi-tenant routing method and system and API gateway | |
| US8738741B2 (en) | Brokering network resources | |
| CN110069941A (en) | A kind of interface access authentication method, apparatus and computer-readable medium | |
| US7836484B2 (en) | Method and apparatus for providing access to an identity service | |
| CN101764791B (en) | User identity verification method, equipment and system in business chain | |
| CN101127606A (en) | Method and device for transmitting data object | |
| JP7084427B2 (en) | Network entities and methods for identifier assignment and / or identifier mapping for network services | |
| WO2000048110B1 (en) | Personalized access to web sites | |
| WO2022262397A1 (en) | Interface display method and electronic device | |
| CN110022536A (en) | Verification information processing method, communication equipment, business platform and storage medium | |
| CN108696864B (en) | Virtual number request and transmission method, device and storage medium | |
| US20050060399A1 (en) | Method and system for managing programs for web service system | |
| CN114285859B (en) | Data processing method, device, equipment and storage medium for middle layer block chain service | |
| US6990184B2 (en) | Method and device for co-ordinating telecommunications services | |
| CN112350982B (en) | Resource authentication method and device | |
| KR101317403B1 (en) | Private information management system on trust level and method thereof | |
| CN110048926B (en) | User circulation method, system, medium and electronic device based on WeChat public number | |
| CN112069181B (en) | User data asset transfer method and operator network system | |
| US20050136957A1 (en) | Mobile connection broker | |
| CN110535957B (en) | Data calling method of service application platform and service application platform system | |
| EP1082847A1 (en) | Method for submitting user profiles to a telecommunications network | |
| CN117749806A (en) | Service management method and device based on block chain network, equipment and medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |