CN103595733B - Realize the system and method for Next Generation Internet NID generation - Google Patents
Realize the system and method for Next Generation Internet NID generation Download PDFInfo
- Publication number
- CN103595733B CN103595733B CN201310630389.3A CN201310630389A CN103595733B CN 103595733 B CN103595733 B CN 103595733B CN 201310630389 A CN201310630389 A CN 201310630389A CN 103595733 B CN103595733 B CN 103595733B
- Authority
- CN
- China
- Prior art keywords
- code
- network electronic
- electronic identity
- derives
- identity
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Abstract
The present invention relates to a kind of system realizing Next Generation Internet NID generation, derive code data base including network electronic identity;Network electronic identity derives code request processing module;Network electronic identity derives code generation module, derives code in order to utilize hash function compression to generate network electronic identity on the basis of network electronic Identity Code;Network electronic identity derives code clash handle module, clashes and is processed in order to check whether the derivative code of newly-generated network electronic Identity Code derives code with the network electronic identity having existed.Realize the system and method for Next Generation Internet NID generation using this kind, can realize solving user identity personation, the not retrospective problem of internet message in Next Generation Internet, it is loaded with network electronic identity and derive code in IPv6 amplifying message head, generate network electronic identity derive code have simplify, unique, irreversible advantage, there is wider range of application.
Description
Technical field
The present invention relates to managing network identities and information security field, more particularly, to network electronic identity derive code compiling
Code field, specifically refers to a kind of system and method realizing Next Generation Internet NID generation.
Background technology
Cut-off global ip v4 address in 2011 has been assigned.The current Internet penetration of China has reached 44%, reach
To 70% popularity rate of developed country, need IP address new in a large number.IP address shortage problem seriously constrains China the Internet
Development, commercialization is the internet development road that China must select to IPv6 on a large scale.
IPv6 is IETF(Internet Engineering Task group, Internet Engineering Task Force)The use of design
In replacement current edition IP agreement(IPv4)Next Generation Internet IP agreement, have bigger address space(Address size
For 128), flexible header form and higher safety.
For user identity personation problem in the Internet, provide the network electronic identity based on true address
(Electronic IDentity, abbreviation eID)With authentication techniques solution, China is set up credible can pipe of future generation mutually
Networking has very important significance.Using motility and the extensibility of IPv6 header, by user real identification, true
Address is connected by message, designs one towards identification code Next Generation Internet, can representing user real identification,
It is the basis of Networked RAID.
Network electronic identity(eID)It is on the basis of existing residential identity management system, signed with cryptographic technique, numeral
Based on name technology, with intelligent card chip as carrier, citizen is signed and issued to for remotely confirming on network by Public Security Organss' unification
The network electronic identity document of personal identification, has the characteristics that authority, uniformity, universality.The eID of China applies at present
In fields such as E-Government, ecommerce, Third-party payment, social networkies.
However, network electronic Identity Code(eID_code)Length be 48 bytes it is impossible to be carried in the extension of IPv6
In header.Further, since eID is to be generated through a series of conversion by information such as user certificate piece number, names, use can be represented
The true identity at family, simultaneously coding itself do not show personally identifiable information, can be prevented effectively from subscriber identity information need not
Disclose.
Content of the invention
The purpose of the present invention is the shortcoming overcoming above-mentioned prior art, there is provided one kind is capable of generating and expands in IPv6
In exhibition header, load networks electronic identifications derive code, avoid user identity personation and network in Next Generation Internet to disappear
Breath can not be reviewed problem, have the system and method realizing Next Generation Internet NID generation of broader applications scope.
To achieve these goals, the present invention realize Next Generation Internet NID generation system and method have as follows
Constitute:
This is realized Next Generation Internet network electronic identity and derives the system that code generates, and it is mainly characterized by, described
System include:
Network electronic identity derives code data base, in order to store network electronic identity derive code generate request and
The network electronic identity having generated derives code;
Network electronic identity derives code request processing module, in order to process the network from user or internet, applications
Electronic identifications derive code and generate request and parsed and send the solicited message of parsing to network electronic identity
Code generation module is to generate network electronic Identity Code;
Network electronic identity derives code generation module, in order on the basis of described network electronic Identity Code
Compressed using hash function and generate the derivative code of network electronic identity;
Network electronic identity derives code clash handle module, in order to check newly-generated network electronic Identity Code
Whether derivative code derives, with described network electronic identity, the network electronic identity having existed in code data base is spread out
Raw code clashes and is processed.
It is preferred that described network electronic identity derives the binary string that code is 32 for length, described Hash
Function is the RG32 function in RadioGat ú n algorithm.
The invention still further relates to a kind of realize the derivative code of Next Generation Internet network electronic identity based on described system
The method generating is it is characterised in that described method comprises the following steps:
(1)Described network electronic identity derives code request processing module and processes from user or internet, applications
Network electronic identity derives code generation asks and is parsed;
(2)Described network electronic Identity Code generation module generates network electronic identity according to the solicited message of parsing
Identification code;
(3)Described network electronic identity derives the base in described network electronic Identity Code for the code generation module
Utilize hash function compression to generate described network electronic identity on plinth and derive code.
It is preferred that described network electronic identity derives the process of code request processing module answering from user or the Internet
With network electronic identity derive code generate ask and parsed, comprise the following steps:
(11)Described network electronic identity derives the described network electronic identity of code request processing module initialization
The derivative code data base of mark;
(12)Described network electronic identity derives code request processing module and receives from user or internet, applications
Network electronic identity derive code generate request;
(13)Described network electronic identity derives code request processing module and judges the described type generating request,
If from the batch demand file of internet, applications, then continuing step(14), if being derived from the single request of user, then
Continue step(18);
(14)Described network electronic identity derives code request processing module and judges that described batch demand file is
No it is present in described network electronic identity and derives in code data base, if it is, continuing step(15), otherwise continue
Step(16);
(15)Described network electronic identity derives code request processing module and judges described batch demand file shape
Whether state is to complete, and completes result if it is, returning request and processing, then terminates to exit, otherwise continues step(17);
(16)It is undone literary composition that described network electronic identity derive code request processing module to increase a bar state newly
Part record;
(17)Described network electronic identity derives in the described batch demand file of code request processing module parsing
Next outstanding requests record, then proceed to step(2);
(18)Described network electronic identity derives the described single request of code request processing module parsing and obtains
The relevant information of user, then proceedes to step(2).
More preferably, described step(1)With(2)Between, further comprising the steps of:
(20)Described network electronic identity derives the relevant information of the user that code generation module obtains according to parsing
Judge described network electronic identity derives in code data base whether there is this user corresponding active block electronics body
The derivative code of part mark, if it is, described network electronic identity derives code generation module in described network electronic body
Find corresponding active block electronic identifications in the derivative code data base of part mark to derive code and directly return active block
Electronic identifications derive code, then terminate to exit, and otherwise continue step(2).
Further, the relevant information of the user that described parsing obtains includes the name of user, perfect instrument type
With user certificate number.
It is preferred that described network electronic identity derives code generation module in described network electronic Identity Code
On the basis of generate described network electronic identity using hash function compression and derive code, comprise the following steps:
(31)Described network electronic identity derives code generation module in described network electronic Identity Code
On the basis of call RG32 function in RadioGat ú n algorithm to generate described network electronic identity to derive code;
(32)Described network electronic identity derives the newly-generated network electronic identity of code clash handle module check
Identification code derives whether code derives, with described network electronic identity, the network electronic identity having existed in code data base
The derivative code of mark clashes and is processed.
More preferably, described step(32)Afterwards, further comprising the steps of:
(41)Described network electronic identity derives code request processing module and judges the described type generating request,
If from the batch demand file of internet, applications, then continuing step(42), if being derived from the single request of user, then
Continue step(44);
(42)Described network electronic identity derives code request processing module and adds 1 by file record number, judges whether
All of file record is all disposed, if it is, continuing step(43), otherwise continue step(17);
(43)Described network electronic identity derives code request processing module by described demand file recording status
It is set to complete, then proceed to step(44);
(44)Described network electronic identity derives the network electronic identity that code request processing module will generate
Derivative code is stored in described network electronic identity and derives code data base and derive described network electronic identity
Code returns to request and initiates user.
Further, described network electronic identity derives the newly-generated network electricity of code clash handle module check
Sub- Identity Code is derived code and whether is derived the network electricity having existed in code data base with described network electronic identity
Sub- identity derives code and clashes and processed, specially:
(321)Network electronic identity derives the newly-generated network electronic Identity Code of code clash handle module check
Whether derivative code derives, with described network electronic identity, the network electronic identity having existed in code data base is spread out
Raw code clashes, if it is, continuing step(322), otherwise continue step(41);
(322)Described network electronic Identity Code generation module increases on the basis of former network electronic Identity Code
Plus the network electronic Identity Code that a generating random number is new, then proceed to step(31).
Employ the system and method realizing Next Generation Internet NID generation in this invention, have the advantages that:
(1)Uniqueness:Network electronic identity derives code NID, based on having the eID_code of uniqueness, utilize RG32
Hash algorithm generates.According to RG32 algorithm and NID anti-collision processing method it can be ensured that the uniqueness of effective NID.
(2)Privacy:NID itself does not contain any subscriber identity information(As effective identification card number, type, name
Deng)It is therefore prevented that the leakage of citizenship privacy information.
(3)Irreversibility:NID is to be generated according to RG32 hash algorithm, and the reverse calculating of this hash algorithm has infeasible
Property, therefore, the NID being generated has irreversibility.
(4)It is applied to IPv6 network:NID length is 32 it is easy to be carried in IPv6 amplifying message head it is adaptable to IPv6
Network, has wider range of application.
Brief description
Fig. 1 is the structural representation of the system realizing Next Generation Internet NID generation of the present invention.
Fig. 2 is that the network electronic identity of the present invention derives the flow chart that code request is processed.
Fig. 3 is the algorithm flow chart of the RG32 function of the present invention.
Fig. 4 is that the network electronic identity of the present invention derives the flow chart that code generates.
Specific embodiment
In order to more clearly describe the technology contents of the present invention, to carry out further with reference to specific embodiment
Description.
Explanation of nouns:
Network electronic identity(eID):EID is the abbreviation of electronic IDentity, is in existing residential identity
On the basis of management system, based on cryptographic technique, digital signature technology, with intelligent card chip as carrier, united by Public Security Organss
One is signed and issued to citizen for the network electronic identity document confirming personal identification long-range on network, have authority, uniformity,
The feature of universality.
Network electronic Identity Code(eID_code):It is one section of network identity identifier, is stored in eID, with citizen
Identity corresponds, and itself does not contain any subscriber identity information.The length of eID_code is 48 bytes, type string,
Numeral between each byte is sequentially connected, not space and any other character(For example _ ,~, ,/, &, etc.).
Network electronic identity derives code(NID):NID is the abbreviation of interNet IDentity, is towards the next generation
The Internet(Mainly IPv6 network)The network electronic identification identifier of middle application, is the binary string that a segment length is 32,
It is derived by eID, the true identity of user can not only be represented, and can be embedded in IPv6 amplifying message head, with message
Transmission.NID itself do not contain any subscriber identity information, have simplify, unique, irreversible the features such as.
RadioGat ú n algorithm race:RadioGat ú n algorithm race is in August, 2006 in American National Standard and technical research
Institute(NIST)Propose first in the Second Committee cryptographic Hash seminar held.Its algorithm realizes function shape such as:z=RadioGatún
[lw](x).Wherein:X is the arbitrary input string of length;Lw is word length parameter, is worth for 1 to 64bit, each value one letter of correspondence
Number;Z is the output stream of indefinite length, by the front lh position intercepting, can serve as exporting the hash function that length is lh.
RG32:One of RadioGat ú n algorithm race realizes function, and its returning result is the cryptographic Hash of 32.RG32 is
One Iteration Contraction function employing belt-and-mill structure, this structure, as the internal state of iteration, comprises 58
Word, the iteration of each wheel all refers to 4 linear and nonlinear map functions.RG32 has anti-collision, irreversible, computing cost
Little the features such as.
The purpose of the present invention be in Next Generation Internet user identity personation, internet message can not review the problems such as,
Provide and in a kind of amplifying message head in IPv6, be loaded with the code generating method that network electronic identity derives code.At present
In Next Generation Internet Identity Management field, still there is no associated solutions.Therefore the present invention has completely originality, simultaneously
The privacy of protection user.
The present invention by the research that existing managing network identities aspect is worked, in conjunction with the characteristic of Next Generation Internet IPv6
With demand, based on eID, devise unified NID generation method, and give NID and generate subsystem.NID adopts RadioGat ú
RG32 algorithm in n algorithm race generates, and is the Hash coding that length is 32, it is easy to embedded the features such as have unique, irreversible
IPv6 amplifying message head.
RadioGat ú n cryptographic hashing algorithm is different according to the word length being adopted, and comprises 64 different functions.These letters
Number can export the output stream of infinite in length, by the front n position intercepting, you can as the hash function for n for the output length.RG32
Exactly one of output length is the hash function of 32.
NID is compressed through special algorithm by eID code and generates, and therefore NID is a kind of derivative mark of user real identification, can
For ensureing the verity of user identity and trackability in Next Generation Internet application, also can play protection privacy of user simultaneously
Effect.
As shown in figure 1, NID generates generation and the storage system that subsystem is NID, its major function includes processing from individual
The NID of people or internet, applications generates request, NID generates, NID clash handle, comprises accordingly as lower module:At NID request
Reason module, NID generation module, NID clash handle module, and NID data base.Additionally due to NID is to be generated based on eID
, therefore also need to call eID coding to generate the eID coding generation module in subsystem.The concrete function of each module is as follows:
NID generate subsystem both can respond unique user NID request it is also possible to response internet, applications send batch
Amount NID request.Batch request is sent to NID from internet, applications in the form of a file and generates subsystem.For example, it is possible to by file
Naming rule is set to:" THDX "+file batch number+" N "+entry number.
NID generation module is responsible for parsing the information of needs from request record, calls eID coding generation module, and
On the basis of the eID coding generating, generate the NID of 32.Individually be given after concrete grammar.
EID coding generation module is using the information parsing, it then follows information security national standard《Network electronic identity format
Specification》Generate corresponding eID coding.
NID clash handle module mainly be responsible for newly-generated NID is audited, check whether with NID data base in
The NID existing sends conflict, and handles accordingly.
NID data base is responsible for storing NID demand file, and the NID generating.
The method realizing Next Generation Internet NID generation of the present invention comprises the following steps:
(1)NID request processing module processes to generate from the NID of user or internet, applications and asks and parsed;
Including following eight sub-steps:
(11)NID request processing module initializes NID data base;
(12)NID request processing module receives and generates request from the NID of user or internet, applications;
(13)NID request processing module judges to generate the type of request, if the batch request from internet, applications
File, then continue step(14), if from the single request of user, then continuing step(18);
(14)NID request processing module judges whether batch demand file is present in NID data base, if it is,
Continue step(15), otherwise continue step(16);
(15)NID request processing module judges whether batch demand file state is to complete, if it is, returning request
Process completes result, then terminates to exit, and otherwise continues step(17);
(16)It is undone file record that NID request processing module increases a bar state newly;
(17)NID request processing module parses next the outstanding requests record in batch demand file, then proceedes to
Step(2);
(18)NID request processing module parses single request and obtains the relevant information of user, then proceedes to step(2).
(20)The relevant information of the user that NID generation module obtains according to parsing judges whether exist in NID data base
The corresponding effective NID of this user, if it is, NID generation module finds corresponding effective NID simultaneously directly in NID data base
Meet the effective NID of return, then terminate to exit, otherwise continue step(2).
(2)Network electronic Identity Code generation module generates network electronic identity according to the solicited message of parsing
Code;
(31)NID generation module utilizes hash function compression to generate NID on the basis of network electronic Identity Code;
(32)The newly-generated network electronic Identity Code of NID clash handle module check derive code whether with NID data
The NID having existed in storehouse clashes, if it is, continuing step(31), otherwise continue step(41);
Specifically include following two sub-steps:
(321)Network electronic identity derives the newly-generated network electronic Identity Code of code clash handle module check
Whether derivative code derives, with described network electronic identity, the network electronic identity having existed in code data base is spread out
Raw code clashes, if it is, continuing step(322), otherwise continue step(41);
(322)Described network electronic Identity Code generation module increases on the basis of former network electronic Identity Code
Plus the network electronic Identity Code that a generating random number is new, then proceed to step(31).
(41)NID request processing module judges to generate the type of request, if the batch request from internet, applications
File, then continue step(42), if from the single request of user, then continuing step(44);
(42)File record number is added 1 by NID request processing module, judges whether that all of file record is all disposed,
If it is, continuation step(43), otherwise continue step(17);
(43)Demand file recording status is set to complete by NID request processing module, then proceedes to step(44);
(44)NID request processing module by the NID of generation be stored in NID data base and by NID return to request initiate use
Family.
First, it is illustrated in figure 2 the flow chart that NID generates the request of subsystem processes NID.
When receiving NID request, NID request processing module first determines whether that the type of this request is single request or criticizes
Amount demand file.
The batch demand file sending for internet, applications, NID request processing module judges whether this document exists
In NID data base.If it is present needing to judge whether this document state is to complete again, if completed, directly tie
Bundle is processed, otherwise next outstanding requests record in resolution file.If the demand file receiving is not in NID data base
In, then increase a file record wherein newly, setting state is undone.Then call NID generation module(Here is needed to call
EID encodes generation module), NID clash handle module processes request record therein successively and is disposed until all records,
Afterwards this document recording status is set to complete, the NID of generation is stored to NID data base, and result will be generated also with literary composition
The form of part returns to internet, applications.
The single NID request sending for user, NID request processing module parses this request record, then directly invokes
NID generation module(Here is needed to call eID coding generation module), this request record of NID clash handle resume module, finally will give birth to
The NID becoming stores to NID data base, returns to request simultaneously and initiates user.
Step1.NID request processing module initializes NID data base.
Step2.NID request processing module receives NID request.
Step3.NID request processing module judges NID request type.If the batch request literary composition that internet, applications send
Part, then turn Step4;If the single request that user sends, then turn Step13.
Step4.NID request processing module judges whether this document is present in NID data base.If it is present turning
Step5;Otherwise, turn Step6.
Step5.NID request processing module judges whether this document state is to complete.If it is, directly returning corresponding
Result, to internet, applications, turns Step18;Otherwise, turn Step7.
Step6.NID request processing module increases a file record newly, and state is undone.
Step7. next outstanding requests record in resolution file.
Step8. obtain the relevant information of user.
Step9. NID generation module is called to generate corresponding NID(Here need to call eID coding generation module).
Step10. record number adds 1, judges whether that all records are all disposed.If it is, turning Step11;Otherwise turn
Step7.
Step11. demand file recording status is set to complete.By the NID information Store producing in NID data base.
Step12. generate destination file, return to internet, applications.Turn Step18.
Step13.NID request processing module analysis request record.
Step14. obtain the relevant information of user.
Step15. NID generation module is called to generate corresponding NID(Here need to call eID coding generation module).
Step16. by the NID information Store producing in NID data base.
Step17. NID result is returned to request and initiate user.
Step18. flow process terminates.
2nd, the generation of NID
The generation of NID, based on eID coding, carries out Hash using the RG32 function in RadioGat ú n algorithm race and obtains
Arrive.
1st, RG32 function
RadioGat ú n algorithm realizes function shape such as:z=RadioGatún[lw](x).Wherein:X arbitrarily inputs for length
String;lwFor word length parameter, it is worth for 1-64bit, each value one function of correspondence;Z is the output stream of indefinite length, by intercepting
Front lhPosition, can serve as exporting length is lhHash function.
RG32 is that one of them realizes function, and returning result is the cryptographic Hash of 32.RG32 is one and employs belt-
The Iteration Contraction function of and-mill structure.Belt-and-mill is the intermediate structure during RG32 hash conversion.Wherein,
Mill structure comprises 19 words;Belt structure comprises 13 row, 3 words of each column;Structure comprises altogether 58 words.This structure is RG32
Function often takes turns the internal state of iteration.Often the input block of wheel iteration comprises 3 words, and IOB comprises two words.Often take turns iteration
Transforming function transformation function is related to following 4 operations:
Mill function:One reversible nonlinear function acting on mill structure.
Belt function:One reversible simple linear function acting on belt structure.
Milt function:Some bit positions in mill structure and belt structure carry out linear operation.
Bell function:Some bit positions in belt structure and mill structure carry out linear operation.
As shown in figure 3, the substantially process of RG32 function execution is as follows:
Fill up input x first(This fills up reversible):First add one 1 at x end, then all supplement 0 so that x just
It is input block size(3 words)Multiple.X after filling up is divided into npBlock.
Then internal state is initialized(Belt-and-mill structure is zeroed).
Then to each input block, execute following process:Input block is mapped to internal state structure(belt-and-
Mill structure)In, obtain temporary interna state with previous internal state addition without carry, then conversion is executed to this temporary interna state
R, generates new internal state.
To the internal state execution n processing after all input blocksbBye converts(Do not need in conjunction with input, only internally
The conversion that portion's state directly executes, nb=16).
Finally internal state is mapped as exporting z, intercepts first 32 needing, the cryptographic Hash returning as function.
2nd, eID coding generates
NID is generated through RG32 compression algorithm by eID code.And eID code is to be through one by information such as user certificate piece number, names
Rank transformation generates.
Make the version number that eID_version represents eID;Eid_code_rvb represents reserved place;BHash_Value represents miscellaneous
Gather value, by address name(name), perfect instrument type(type), user certificate number(IDnumber), random string
(random_eid_hash)Enter row operation to draw, computing formula is:
BHash_Value=Base64{SM3[append(name|IDnumber|type|random_eid_hash)]}
Then eID_code computing formula is as follows:
eID_code=append(eID_version||BHash_Value||eID_code_rvb)
3rd, NID generates
In eID coding(eID_code)On the basis of call above-mentioned RG32 function H_rg32 (), generate the NID of 32.I.e.:
NID=H_rg32(eID_code)
Three .NID conflict processing methods
NID is the Hash coding employing RG32 function.For preventing the NID generating from producing collision, needing to audit new NID is
No existed:If existing, needing to this NID value again through H_rg32 () hash conversion, generating new NID,
Audit again;This NID value until generating is unique, then product process terminates, and returns NID value.
Step1.NID generation module receives NID and generates request record, parses address name from request record
(name), perfect instrument type(type), user certificate number(IDnumber)Etc. relevant information.
Step2. in order to ensure the uniqueness of user NID, NID generation module starts review procedure, in examination & verification NID data base
Whether there is the corresponding effective NID of this user.If it does not, examination & verification is passed through, turn Step3;Otherwise, server directly returns
Corresponding effective NID, flow process terminates.
Step3.NID generation module using information such as name, type, the IDnumber parsing, using information security state
Family's standard《Network electronic identity format specification》Generate corresponding eID_code.
Step4. call RG32 function H_rg32 () on the basis of eID_code, generate the NID of 32.I.e.
NID=H_rg32(eID_code)
Step5. it is to prevent the NID generating from producing collision, whether the new NID of NID clash handle module examination & verification has existed.
If existed, examination & verification is not passed through, and turns Step6;Otherwise examination & verification is passed through, and turns Step7.
Step6. former eID_code adds the new eID_code, i.e. eID_code=eID_code+ of a generating random number
random.Turn Step4.
Step7. return newly-generated NID value.Flow process terminates.
Employ the system and method realizing Next Generation Internet NID generation in this invention, have the advantages that:
(1)Uniqueness:Network electronic identity derives code NID, based on having the eID_code of uniqueness, utilize RG32
Hash algorithm generates.According to RG32 algorithm and NID anti-collision processing method it can be ensured that the uniqueness of effective NID.
(2)Privacy:NID itself does not contain any subscriber identity information(As effective identification card number, type, name
Deng)It is therefore prevented that the leakage of citizenship privacy information.
(3)Irreversibility:NID is to be generated according to RG32 hash algorithm, and the reverse calculating of this hash algorithm has infeasible
Property, therefore, the NID being generated has irreversibility.
(4)It is applied to IPv6 network:NID length is 32 it is easy to be carried in IPv6 amplifying message head it is adaptable to IPv6
Network, has wider range of application.
In this description, the present invention is described with reference to its specific embodiment.But it is clear that still can make
Various modifications and alterations are without departing from the spirit and scope of the present invention.Therefore, specification and drawings be considered as illustrative
And it is nonrestrictive.
Claims (8)
1. a kind of realize Next Generation Internet network electronic identity and derive the system that code generates it is characterised in that described
System includes:
Network electronic identity derives code data base, derives code generation request with order to store network electronic identity
The network electronic identity generating derives code;
Network electronic identity derives code request processing module, in order to process the network electronic from user or internet, applications
Identity derives code and generates request and parsed and send the solicited message of parsing to the life of network electronic Identity Code
Become module to generate network electronic Identity Code;
Network electronic identity derives code generation module, in order to utilize on the basis of described network electronic Identity Code
Hash function compression generates network electronic identity and derives code;
Network electronic identity derives code clash handle module, derivative in order to check newly-generated network electronic Identity Code
Whether code derives, with described network electronic identity, the network electronic identity having existed in code data base and derives code
Clash and processed;
Described process is derived from user or the network electronic identity of internet, applications derives code generation request and parsed,
It is specially:
(11) the network electronic identity described in derives the described network electronic identity of code request processing module initialization
Derivative code data base;
(12) the network electronic identity described in derives code request processing module and receives the net from user or internet, applications
Network electronic identifications derive code and generate request;
(13) the network electronic identity described in derives code request processing module and judges the described type generating request, if
It is the batch demand file from internet, applications, then continues step (14), if from the single request of user, then continuing
Step (18);
(14) the network electronic identity described in derives whether code request processing module judges described batch demand file
Being present in described network electronic identity to derive in code data base, if it is, continuing step (15), otherwise continuing step
(16);
(15) the network electronic identity described in derives code request processing module and judges that described batch demand file state is
No for completing, if it is, return request process complete result, then terminate to exit, otherwise continue step (17);
(16) it is undone file note that the network electronic identity described in derive code request processing module to increase a bar state newly
Record;
(17) under the network electronic identity described in derives in the described batch demand file of code request processing module parsing
Article one, outstanding requests record, then proceedes to step (2);
(18) the network electronic identity described in derives the described single request of code request processing module parsing and obtains user
Relevant information, then proceed to step (2).
2. the system realizing Next Generation Internet network electronic identity derivative code generation according to claim 1, its
It is characterised by, described network electronic identity derives the binary string that code is 32 for length, and described hash function is
RG32 function in RadioGat ú n algorithm.
3. a kind of based on the system described in claim 1 or 2 realize Next Generation Internet network electronic identity derive code life
The method becoming is it is characterised in that described method comprises the following steps:
(1) the network electronic identity described in derives code request processing module and processes the network from user or internet, applications
Electronic identifications derive code generation asks and is parsed;
(2) the network electronic Identity Code generation module described in generates network electronic identity according to the solicited message of parsing
Code;
(3) the network electronic identity described in derives code generation module on the basis of described network electronic Identity Code
Generate described network electronic identity using hash function compression and derive code;
Described network electronic identity derives code request processing module and processes the network electricity from user or internet, applications
Sub- identity derives code generation asks and is parsed, and comprises the following steps:
(11) the network electronic identity described in derives the described network electronic identity of code request processing module initialization
Derivative code data base;
(12) the network electronic identity described in derives code request processing module and receives the net from user or internet, applications
Network electronic identifications derive code and generate request;
(13) the network electronic identity described in derives code request processing module and judges the described type generating request, if
It is the batch demand file from internet, applications, then continues step (14), if from the single request of user, then continuing
Step (18);
(14) the network electronic identity described in derives whether code request processing module judges described batch demand file
Being present in described network electronic identity to derive in code data base, if it is, continuing step (15), otherwise continuing step
(16);
(15) the network electronic identity described in derives code request processing module and judges that described batch demand file state is
No for completing, if it is, return request process complete result, then terminate to exit, otherwise continue step (17);
(16) it is undone file note that the network electronic identity described in derive code request processing module to increase a bar state newly
Record;
(17) under the network electronic identity described in derives in the described batch demand file of code request processing module parsing
Article one, outstanding requests record, then proceedes to step (2);
(18) the network electronic identity described in derives the described single request of code request processing module parsing and obtains user
Relevant information, then proceed to step (2).
4. the method realizing Next Generation Internet network electronic identity derivative code generation according to claim 3, its
It is characterised by, between described step (1) and (2), further comprising the steps of:
(20) relevant information that the network electronic identity described in derives the user that code generation module obtains according to parsing judges
Described network electronic identity derives in code data base whether there is this user corresponding active block electronic identity mark
Know derivative code, if it is, described network electronic identity derives code generation module in described network electronic identity mark
Know and find the derivative code of corresponding active block electronic identifications in derivative code data base and directly return active block electronics
Identity derives code, then terminates to exit, and otherwise continues step (2).
5. the method realizing Next Generation Internet network electronic identity derivative code generation according to claim 4, its
It is characterised by, the relevant information of the user that described parsing obtains includes the name of user, perfect instrument type and user certificate
Number.
6. the method realizing Next Generation Internet network electronic identity derivative code generation according to claim 3, its
It is characterised by, described network electronic identity derives code generation module on the basis of described network electronic Identity Code
Upper utilization hash function compression generates described network electronic identity and derives code, comprises the following steps:
(31) the network electronic identity described in derives code generation module on the basis of described network electronic Identity Code
On call RG32 function in RadioGat ú n algorithm to generate described network electronic identity to derive code;
(32) the network electronic identity described in derives the newly-generated network electronic identity of code clash handle module check
Whether the derivative code of code derives, with described network electronic identity, the network electronic identity having existed in code data base
Derivative code clashes and is processed.
7. the method realizing Next Generation Internet network electronic identity derivative code generation according to claim 6, its
It is characterised by, after described step (32), further comprising the steps of:
(41) the network electronic identity described in derives code request processing module and judges the described type generating request, if
It is the batch demand file from internet, applications, then continues step (42), if from the single request of user, then continuing
Step (44);
(42) the network electronic identity described in derives code request processing module and adds 1 by file record number, judges whether own
File record be all disposed, if it is, continue step (43), otherwise continue step (17);
(43) the network electronic identity described in derives code request processing module and arranges described demand file recording status
For completing, then proceed to step (44);
(44) the network electronic identity described in derives code request processing module and derives the network electronic identity of generation
Code is stored in described network electronic identity and derives code data base and return derivative for described network electronic identity code
Return to request and initiate user.
8. the method realizing Next Generation Internet network electronic identity derivative code generation according to claim 7, its
It is characterised by, described network electronic identity derives the newly-generated network electronic identity of code clash handle module check
Whether the derivative code of code derives, with described network electronic identity, the network electronic identity having existed in code data base
Derivative code clashes and is processed, specially:
(321) network electronic identity derives the newly-generated network electronic Identity Code of code clash handle module check and derives
Whether code derives, with described network electronic identity, the network electronic identity having existed in code data base and derives code
Clashing, if it is, continuing step (322), otherwise continuing step (41);
(322) the network electronic Identity Code generation module described in increases by one on the basis of former network electronic Identity Code
The new network electronic Identity Code of individual generating random number, then proceedes to step (31).
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310630389.3A CN103595733B (en) | 2013-12-02 | 2013-12-02 | Realize the system and method for Next Generation Internet NID generation |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310630389.3A CN103595733B (en) | 2013-12-02 | 2013-12-02 | Realize the system and method for Next Generation Internet NID generation |
Publications (2)
Publication Number | Publication Date |
---|---|
CN103595733A CN103595733A (en) | 2014-02-19 |
CN103595733B true CN103595733B (en) | 2017-03-08 |
Family
ID=50085715
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201310630389.3A Active CN103595733B (en) | 2013-12-02 | 2013-12-02 | Realize the system and method for Next Generation Internet NID generation |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN103595733B (en) |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105554018B (en) * | 2015-12-31 | 2019-04-12 | 兴唐通信科技有限公司 | Genuine cyber identification verification method |
CN109067702B (en) * | 2018-06-25 | 2021-05-04 | 兴唐通信科技有限公司 | Method for generating and protecting real-name system network identity |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101552676A (en) * | 2009-05-06 | 2009-10-07 | 阿里巴巴集团控股有限公司 | Host module legitimacy verification method, system and device using a card module |
EP2405409A1 (en) * | 2010-07-06 | 2012-01-11 | Gemalto SA | Interconnected standalone multiprocessor devices, and adapted customisation method |
CN102420834A (en) * | 2011-12-29 | 2012-04-18 | 公安部第三研究所 | Generation and verification control method for network identity code in electronic network identity card |
CN102696677A (en) * | 2012-06-15 | 2012-10-03 | 郑州郑氏化工产品有限公司 | Medicament composition for preventing maize rough dwarf disease |
-
2013
- 2013-12-02 CN CN201310630389.3A patent/CN103595733B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101552676A (en) * | 2009-05-06 | 2009-10-07 | 阿里巴巴集团控股有限公司 | Host module legitimacy verification method, system and device using a card module |
EP2405409A1 (en) * | 2010-07-06 | 2012-01-11 | Gemalto SA | Interconnected standalone multiprocessor devices, and adapted customisation method |
CN102420834A (en) * | 2011-12-29 | 2012-04-18 | 公安部第三研究所 | Generation and verification control method for network identity code in electronic network identity card |
CN102696677A (en) * | 2012-06-15 | 2012-10-03 | 郑州郑氏化工产品有限公司 | Medicament composition for preventing maize rough dwarf disease |
Also Published As
Publication number | Publication date |
---|---|
CN103595733A (en) | 2014-02-19 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP7159183B2 (en) | Device and method for sharing matrices for use in cryptographic protocols | |
CN105593872B (en) | The method and apparatus of data authentication | |
CN107292181A (en) | Database Systems based on block chain and the application method using the system | |
CN108769111A (en) | A kind of server connection method, computer readable storage medium and terminal device | |
CN111709058B (en) | Data integrity checking method based on identity and ring signature | |
JP2016505960A5 (en) | ||
CN111541666B (en) | Certificateless cloud end data integrity auditing method with privacy protection function | |
CN110324151A (en) | Safety chip and application method, system and medium based on PUF and zero-knowledge proof | |
CN106603246A (en) | SM2 digital signature segmentation generation method and system | |
CN106910066A (en) | A kind of payment encryption storage system and method based on block chain technology | |
CN107104793B (en) | A kind of digital signature generation method and system | |
CN103595733B (en) | Realize the system and method for Next Generation Internet NID generation | |
WO2020259375A1 (en) | Service discovery method and network device | |
CN108520189B (en) | Elliptic curve radio frequency identification authentication method based on resource limited label | |
CN106411501B (en) | Rights token generation method, system and its equipment | |
CN102769677B (en) | Towards IPv6 address setting method and the server of real user identity information | |
CN111934854A (en) | Data determination method and device, storage medium and electronic device | |
CN103595710A (en) | Method for generating connection identifiers in integrated identification network | |
CN102970134B (en) | Method and system for encapsulating PKCS#7 (public-key cryptography standard #7) data by algorithm of hardware password equipment | |
JP2010166549A (en) | Method and apparatus of generating finger print data | |
JP4884456B2 (en) | Data integrity verification method, apparatus, and system | |
CN117176742A (en) | Universal digital twin service access method and system based on block chain | |
CN104881615B (en) | A kind of efficient secret protection ciphertext connected reference operation demonstration method under cloud environment | |
CN116633701A (en) | Information transmission method, apparatus, computer device and storage medium | |
EP3001346B1 (en) | Directory service device, client device, key cloud system, method thereof, and program |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant |