CN103595733B - Realize the system and method for Next Generation Internet NID generation - Google Patents

Realize the system and method for Next Generation Internet NID generation Download PDF

Info

Publication number
CN103595733B
CN103595733B CN201310630389.3A CN201310630389A CN103595733B CN 103595733 B CN103595733 B CN 103595733B CN 201310630389 A CN201310630389 A CN 201310630389A CN 103595733 B CN103595733 B CN 103595733B
Authority
CN
China
Prior art keywords
code
network electronic
electronic identity
derives
identity
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201310630389.3A
Other languages
Chinese (zh)
Other versions
CN103595733A (en
Inventor
杨明慧
汪志鹏
邹翔
胡永涛
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Third Research Institute of the Ministry of Public Security
Original Assignee
Third Research Institute of the Ministry of Public Security
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Third Research Institute of the Ministry of Public Security filed Critical Third Research Institute of the Ministry of Public Security
Priority to CN201310630389.3A priority Critical patent/CN103595733B/en
Publication of CN103595733A publication Critical patent/CN103595733A/en
Application granted granted Critical
Publication of CN103595733B publication Critical patent/CN103595733B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Abstract

The present invention relates to a kind of system realizing Next Generation Internet NID generation, derive code data base including network electronic identity;Network electronic identity derives code request processing module;Network electronic identity derives code generation module, derives code in order to utilize hash function compression to generate network electronic identity on the basis of network electronic Identity Code;Network electronic identity derives code clash handle module, clashes and is processed in order to check whether the derivative code of newly-generated network electronic Identity Code derives code with the network electronic identity having existed.Realize the system and method for Next Generation Internet NID generation using this kind, can realize solving user identity personation, the not retrospective problem of internet message in Next Generation Internet, it is loaded with network electronic identity and derive code in IPv6 amplifying message head, generate network electronic identity derive code have simplify, unique, irreversible advantage, there is wider range of application.

Description

Realize the system and method for Next Generation Internet NID generation
Technical field
The present invention relates to managing network identities and information security field, more particularly, to network electronic identity derive code compiling Code field, specifically refers to a kind of system and method realizing Next Generation Internet NID generation.
Background technology
Cut-off global ip v4 address in 2011 has been assigned.The current Internet penetration of China has reached 44%, reach To 70% popularity rate of developed country, need IP address new in a large number.IP address shortage problem seriously constrains China the Internet Development, commercialization is the internet development road that China must select to IPv6 on a large scale.
IPv6 is IETF(Internet Engineering Task group, Internet Engineering Task Force)The use of design In replacement current edition IP agreement(IPv4)Next Generation Internet IP agreement, have bigger address space(Address size For 128), flexible header form and higher safety.
For user identity personation problem in the Internet, provide the network electronic identity based on true address (Electronic IDentity, abbreviation eID)With authentication techniques solution, China is set up credible can pipe of future generation mutually Networking has very important significance.Using motility and the extensibility of IPv6 header, by user real identification, true Address is connected by message, designs one towards identification code Next Generation Internet, can representing user real identification, It is the basis of Networked RAID.
Network electronic identity(eID)It is on the basis of existing residential identity management system, signed with cryptographic technique, numeral Based on name technology, with intelligent card chip as carrier, citizen is signed and issued to for remotely confirming on network by Public Security Organss' unification The network electronic identity document of personal identification, has the characteristics that authority, uniformity, universality.The eID of China applies at present In fields such as E-Government, ecommerce, Third-party payment, social networkies.
However, network electronic Identity Code(eID_code)Length be 48 bytes it is impossible to be carried in the extension of IPv6 In header.Further, since eID is to be generated through a series of conversion by information such as user certificate piece number, names, use can be represented The true identity at family, simultaneously coding itself do not show personally identifiable information, can be prevented effectively from subscriber identity information need not Disclose.
Content of the invention
The purpose of the present invention is the shortcoming overcoming above-mentioned prior art, there is provided one kind is capable of generating and expands in IPv6 In exhibition header, load networks electronic identifications derive code, avoid user identity personation and network in Next Generation Internet to disappear Breath can not be reviewed problem, have the system and method realizing Next Generation Internet NID generation of broader applications scope.
To achieve these goals, the present invention realize Next Generation Internet NID generation system and method have as follows Constitute:
This is realized Next Generation Internet network electronic identity and derives the system that code generates, and it is mainly characterized by, described System include:
Network electronic identity derives code data base, in order to store network electronic identity derive code generate request and The network electronic identity having generated derives code;
Network electronic identity derives code request processing module, in order to process the network from user or internet, applications Electronic identifications derive code and generate request and parsed and send the solicited message of parsing to network electronic identity Code generation module is to generate network electronic Identity Code;
Network electronic identity derives code generation module, in order on the basis of described network electronic Identity Code Compressed using hash function and generate the derivative code of network electronic identity;
Network electronic identity derives code clash handle module, in order to check newly-generated network electronic Identity Code Whether derivative code derives, with described network electronic identity, the network electronic identity having existed in code data base is spread out Raw code clashes and is processed.
It is preferred that described network electronic identity derives the binary string that code is 32 for length, described Hash Function is the RG32 function in RadioGat ú n algorithm.
The invention still further relates to a kind of realize the derivative code of Next Generation Internet network electronic identity based on described system The method generating is it is characterised in that described method comprises the following steps:
(1)Described network electronic identity derives code request processing module and processes from user or internet, applications Network electronic identity derives code generation asks and is parsed;
(2)Described network electronic Identity Code generation module generates network electronic identity according to the solicited message of parsing Identification code;
(3)Described network electronic identity derives the base in described network electronic Identity Code for the code generation module Utilize hash function compression to generate described network electronic identity on plinth and derive code.
It is preferred that described network electronic identity derives the process of code request processing module answering from user or the Internet With network electronic identity derive code generate ask and parsed, comprise the following steps:
(11)Described network electronic identity derives the described network electronic identity of code request processing module initialization The derivative code data base of mark;
(12)Described network electronic identity derives code request processing module and receives from user or internet, applications Network electronic identity derive code generate request;
(13)Described network electronic identity derives code request processing module and judges the described type generating request, If from the batch demand file of internet, applications, then continuing step(14), if being derived from the single request of user, then Continue step(18);
(14)Described network electronic identity derives code request processing module and judges that described batch demand file is No it is present in described network electronic identity and derives in code data base, if it is, continuing step(15), otherwise continue Step(16);
(15)Described network electronic identity derives code request processing module and judges described batch demand file shape Whether state is to complete, and completes result if it is, returning request and processing, then terminates to exit, otherwise continues step(17);
(16)It is undone literary composition that described network electronic identity derive code request processing module to increase a bar state newly Part record;
(17)Described network electronic identity derives in the described batch demand file of code request processing module parsing Next outstanding requests record, then proceed to step(2);
(18)Described network electronic identity derives the described single request of code request processing module parsing and obtains The relevant information of user, then proceedes to step(2).
More preferably, described step(1)With(2)Between, further comprising the steps of:
(20)Described network electronic identity derives the relevant information of the user that code generation module obtains according to parsing Judge described network electronic identity derives in code data base whether there is this user corresponding active block electronics body The derivative code of part mark, if it is, described network electronic identity derives code generation module in described network electronic body Find corresponding active block electronic identifications in the derivative code data base of part mark to derive code and directly return active block Electronic identifications derive code, then terminate to exit, and otherwise continue step(2).
Further, the relevant information of the user that described parsing obtains includes the name of user, perfect instrument type With user certificate number.
It is preferred that described network electronic identity derives code generation module in described network electronic Identity Code On the basis of generate described network electronic identity using hash function compression and derive code, comprise the following steps:
(31)Described network electronic identity derives code generation module in described network electronic Identity Code On the basis of call RG32 function in RadioGat ú n algorithm to generate described network electronic identity to derive code;
(32)Described network electronic identity derives the newly-generated network electronic identity of code clash handle module check Identification code derives whether code derives, with described network electronic identity, the network electronic identity having existed in code data base The derivative code of mark clashes and is processed.
More preferably, described step(32)Afterwards, further comprising the steps of:
(41)Described network electronic identity derives code request processing module and judges the described type generating request, If from the batch demand file of internet, applications, then continuing step(42), if being derived from the single request of user, then Continue step(44);
(42)Described network electronic identity derives code request processing module and adds 1 by file record number, judges whether All of file record is all disposed, if it is, continuing step(43), otherwise continue step(17);
(43)Described network electronic identity derives code request processing module by described demand file recording status It is set to complete, then proceed to step(44);
(44)Described network electronic identity derives the network electronic identity that code request processing module will generate Derivative code is stored in described network electronic identity and derives code data base and derive described network electronic identity Code returns to request and initiates user.
Further, described network electronic identity derives the newly-generated network electricity of code clash handle module check Sub- Identity Code is derived code and whether is derived the network electricity having existed in code data base with described network electronic identity Sub- identity derives code and clashes and processed, specially:
(321)Network electronic identity derives the newly-generated network electronic Identity Code of code clash handle module check Whether derivative code derives, with described network electronic identity, the network electronic identity having existed in code data base is spread out Raw code clashes, if it is, continuing step(322), otherwise continue step(41);
(322)Described network electronic Identity Code generation module increases on the basis of former network electronic Identity Code Plus the network electronic Identity Code that a generating random number is new, then proceed to step(31).
Employ the system and method realizing Next Generation Internet NID generation in this invention, have the advantages that:
(1)Uniqueness:Network electronic identity derives code NID, based on having the eID_code of uniqueness, utilize RG32 Hash algorithm generates.According to RG32 algorithm and NID anti-collision processing method it can be ensured that the uniqueness of effective NID.
(2)Privacy:NID itself does not contain any subscriber identity information(As effective identification card number, type, name Deng)It is therefore prevented that the leakage of citizenship privacy information.
(3)Irreversibility:NID is to be generated according to RG32 hash algorithm, and the reverse calculating of this hash algorithm has infeasible Property, therefore, the NID being generated has irreversibility.
(4)It is applied to IPv6 network:NID length is 32 it is easy to be carried in IPv6 amplifying message head it is adaptable to IPv6 Network, has wider range of application.
Brief description
Fig. 1 is the structural representation of the system realizing Next Generation Internet NID generation of the present invention.
Fig. 2 is that the network electronic identity of the present invention derives the flow chart that code request is processed.
Fig. 3 is the algorithm flow chart of the RG32 function of the present invention.
Fig. 4 is that the network electronic identity of the present invention derives the flow chart that code generates.
Specific embodiment
In order to more clearly describe the technology contents of the present invention, to carry out further with reference to specific embodiment Description.
Explanation of nouns:
Network electronic identity(eID):EID is the abbreviation of electronic IDentity, is in existing residential identity On the basis of management system, based on cryptographic technique, digital signature technology, with intelligent card chip as carrier, united by Public Security Organss One is signed and issued to citizen for the network electronic identity document confirming personal identification long-range on network, have authority, uniformity, The feature of universality.
Network electronic Identity Code(eID_code):It is one section of network identity identifier, is stored in eID, with citizen Identity corresponds, and itself does not contain any subscriber identity information.The length of eID_code is 48 bytes, type string, Numeral between each byte is sequentially connected, not space and any other character(For example _ ,~, ,/, &, etc.).
Network electronic identity derives code(NID):NID is the abbreviation of interNet IDentity, is towards the next generation The Internet(Mainly IPv6 network)The network electronic identification identifier of middle application, is the binary string that a segment length is 32, It is derived by eID, the true identity of user can not only be represented, and can be embedded in IPv6 amplifying message head, with message Transmission.NID itself do not contain any subscriber identity information, have simplify, unique, irreversible the features such as.
RadioGat ú n algorithm race:RadioGat ú n algorithm race is in August, 2006 in American National Standard and technical research Institute(NIST)Propose first in the Second Committee cryptographic Hash seminar held.Its algorithm realizes function shape such as:z=RadioGatún [lw](x).Wherein:X is the arbitrary input string of length;Lw is word length parameter, is worth for 1 to 64bit, each value one letter of correspondence Number;Z is the output stream of indefinite length, by the front lh position intercepting, can serve as exporting the hash function that length is lh.
RG32:One of RadioGat ú n algorithm race realizes function, and its returning result is the cryptographic Hash of 32.RG32 is One Iteration Contraction function employing belt-and-mill structure, this structure, as the internal state of iteration, comprises 58 Word, the iteration of each wheel all refers to 4 linear and nonlinear map functions.RG32 has anti-collision, irreversible, computing cost Little the features such as.
The purpose of the present invention be in Next Generation Internet user identity personation, internet message can not review the problems such as, Provide and in a kind of amplifying message head in IPv6, be loaded with the code generating method that network electronic identity derives code.At present In Next Generation Internet Identity Management field, still there is no associated solutions.Therefore the present invention has completely originality, simultaneously The privacy of protection user.
The present invention by the research that existing managing network identities aspect is worked, in conjunction with the characteristic of Next Generation Internet IPv6 With demand, based on eID, devise unified NID generation method, and give NID and generate subsystem.NID adopts RadioGat ú RG32 algorithm in n algorithm race generates, and is the Hash coding that length is 32, it is easy to embedded the features such as have unique, irreversible IPv6 amplifying message head.
RadioGat ú n cryptographic hashing algorithm is different according to the word length being adopted, and comprises 64 different functions.These letters Number can export the output stream of infinite in length, by the front n position intercepting, you can as the hash function for n for the output length.RG32 Exactly one of output length is the hash function of 32.
NID is compressed through special algorithm by eID code and generates, and therefore NID is a kind of derivative mark of user real identification, can For ensureing the verity of user identity and trackability in Next Generation Internet application, also can play protection privacy of user simultaneously Effect.
As shown in figure 1, NID generates generation and the storage system that subsystem is NID, its major function includes processing from individual The NID of people or internet, applications generates request, NID generates, NID clash handle, comprises accordingly as lower module:At NID request Reason module, NID generation module, NID clash handle module, and NID data base.Additionally due to NID is to be generated based on eID , therefore also need to call eID coding to generate the eID coding generation module in subsystem.The concrete function of each module is as follows:
NID generate subsystem both can respond unique user NID request it is also possible to response internet, applications send batch Amount NID request.Batch request is sent to NID from internet, applications in the form of a file and generates subsystem.For example, it is possible to by file Naming rule is set to:" THDX "+file batch number+" N "+entry number.
NID generation module is responsible for parsing the information of needs from request record, calls eID coding generation module, and On the basis of the eID coding generating, generate the NID of 32.Individually be given after concrete grammar.
EID coding generation module is using the information parsing, it then follows information security national standard《Network electronic identity format Specification》Generate corresponding eID coding.
NID clash handle module mainly be responsible for newly-generated NID is audited, check whether with NID data base in The NID existing sends conflict, and handles accordingly.
NID data base is responsible for storing NID demand file, and the NID generating.
The method realizing Next Generation Internet NID generation of the present invention comprises the following steps:
(1)NID request processing module processes to generate from the NID of user or internet, applications and asks and parsed;
Including following eight sub-steps:
(11)NID request processing module initializes NID data base;
(12)NID request processing module receives and generates request from the NID of user or internet, applications;
(13)NID request processing module judges to generate the type of request, if the batch request from internet, applications File, then continue step(14), if from the single request of user, then continuing step(18);
(14)NID request processing module judges whether batch demand file is present in NID data base, if it is, Continue step(15), otherwise continue step(16);
(15)NID request processing module judges whether batch demand file state is to complete, if it is, returning request Process completes result, then terminates to exit, and otherwise continues step(17);
(16)It is undone file record that NID request processing module increases a bar state newly;
(17)NID request processing module parses next the outstanding requests record in batch demand file, then proceedes to Step(2);
(18)NID request processing module parses single request and obtains the relevant information of user, then proceedes to step(2).
(20)The relevant information of the user that NID generation module obtains according to parsing judges whether exist in NID data base The corresponding effective NID of this user, if it is, NID generation module finds corresponding effective NID simultaneously directly in NID data base Meet the effective NID of return, then terminate to exit, otherwise continue step(2).
(2)Network electronic Identity Code generation module generates network electronic identity according to the solicited message of parsing Code;
(31)NID generation module utilizes hash function compression to generate NID on the basis of network electronic Identity Code;
(32)The newly-generated network electronic Identity Code of NID clash handle module check derive code whether with NID data The NID having existed in storehouse clashes, if it is, continuing step(31), otherwise continue step(41);
Specifically include following two sub-steps:
(321)Network electronic identity derives the newly-generated network electronic Identity Code of code clash handle module check Whether derivative code derives, with described network electronic identity, the network electronic identity having existed in code data base is spread out Raw code clashes, if it is, continuing step(322), otherwise continue step(41);
(322)Described network electronic Identity Code generation module increases on the basis of former network electronic Identity Code Plus the network electronic Identity Code that a generating random number is new, then proceed to step(31).
(41)NID request processing module judges to generate the type of request, if the batch request from internet, applications File, then continue step(42), if from the single request of user, then continuing step(44);
(42)File record number is added 1 by NID request processing module, judges whether that all of file record is all disposed, If it is, continuation step(43), otherwise continue step(17);
(43)Demand file recording status is set to complete by NID request processing module, then proceedes to step(44);
(44)NID request processing module by the NID of generation be stored in NID data base and by NID return to request initiate use Family.
First, it is illustrated in figure 2 the flow chart that NID generates the request of subsystem processes NID.
When receiving NID request, NID request processing module first determines whether that the type of this request is single request or criticizes Amount demand file.
The batch demand file sending for internet, applications, NID request processing module judges whether this document exists In NID data base.If it is present needing to judge whether this document state is to complete again, if completed, directly tie Bundle is processed, otherwise next outstanding requests record in resolution file.If the demand file receiving is not in NID data base In, then increase a file record wherein newly, setting state is undone.Then call NID generation module(Here is needed to call EID encodes generation module), NID clash handle module processes request record therein successively and is disposed until all records, Afterwards this document recording status is set to complete, the NID of generation is stored to NID data base, and result will be generated also with literary composition The form of part returns to internet, applications.
The single NID request sending for user, NID request processing module parses this request record, then directly invokes NID generation module(Here is needed to call eID coding generation module), this request record of NID clash handle resume module, finally will give birth to The NID becoming stores to NID data base, returns to request simultaneously and initiates user.
Step1.NID request processing module initializes NID data base.
Step2.NID request processing module receives NID request.
Step3.NID request processing module judges NID request type.If the batch request literary composition that internet, applications send Part, then turn Step4;If the single request that user sends, then turn Step13.
Step4.NID request processing module judges whether this document is present in NID data base.If it is present turning Step5;Otherwise, turn Step6.
Step5.NID request processing module judges whether this document state is to complete.If it is, directly returning corresponding Result, to internet, applications, turns Step18;Otherwise, turn Step7.
Step6.NID request processing module increases a file record newly, and state is undone.
Step7. next outstanding requests record in resolution file.
Step8. obtain the relevant information of user.
Step9. NID generation module is called to generate corresponding NID(Here need to call eID coding generation module).
Step10. record number adds 1, judges whether that all records are all disposed.If it is, turning Step11;Otherwise turn Step7.
Step11. demand file recording status is set to complete.By the NID information Store producing in NID data base.
Step12. generate destination file, return to internet, applications.Turn Step18.
Step13.NID request processing module analysis request record.
Step14. obtain the relevant information of user.
Step15. NID generation module is called to generate corresponding NID(Here need to call eID coding generation module).
Step16. by the NID information Store producing in NID data base.
Step17. NID result is returned to request and initiate user.
Step18. flow process terminates.
2nd, the generation of NID
The generation of NID, based on eID coding, carries out Hash using the RG32 function in RadioGat ú n algorithm race and obtains Arrive.
1st, RG32 function
RadioGat ú n algorithm realizes function shape such as:z=RadioGatún[lw](x).Wherein:X arbitrarily inputs for length String;lwFor word length parameter, it is worth for 1-64bit, each value one function of correspondence;Z is the output stream of indefinite length, by intercepting Front lhPosition, can serve as exporting length is lhHash function.
RG32 is that one of them realizes function, and returning result is the cryptographic Hash of 32.RG32 is one and employs belt- The Iteration Contraction function of and-mill structure.Belt-and-mill is the intermediate structure during RG32 hash conversion.Wherein, Mill structure comprises 19 words;Belt structure comprises 13 row, 3 words of each column;Structure comprises altogether 58 words.This structure is RG32 Function often takes turns the internal state of iteration.Often the input block of wheel iteration comprises 3 words, and IOB comprises two words.Often take turns iteration Transforming function transformation function is related to following 4 operations:
Mill function:One reversible nonlinear function acting on mill structure.
Belt function:One reversible simple linear function acting on belt structure.
Milt function:Some bit positions in mill structure and belt structure carry out linear operation.
Bell function:Some bit positions in belt structure and mill structure carry out linear operation.
As shown in figure 3, the substantially process of RG32 function execution is as follows:
Fill up input x first(This fills up reversible):First add one 1 at x end, then all supplement 0 so that x just It is input block size(3 words)Multiple.X after filling up is divided into npBlock.
Then internal state is initialized(Belt-and-mill structure is zeroed).
Then to each input block, execute following process:Input block is mapped to internal state structure(belt-and- Mill structure)In, obtain temporary interna state with previous internal state addition without carry, then conversion is executed to this temporary interna state R, generates new internal state.
To the internal state execution n processing after all input blocksbBye converts(Do not need in conjunction with input, only internally The conversion that portion's state directly executes, nb=16).
Finally internal state is mapped as exporting z, intercepts first 32 needing, the cryptographic Hash returning as function.
2nd, eID coding generates
NID is generated through RG32 compression algorithm by eID code.And eID code is to be through one by information such as user certificate piece number, names Rank transformation generates.
Make the version number that eID_version represents eID;Eid_code_rvb represents reserved place;BHash_Value represents miscellaneous Gather value, by address name(name), perfect instrument type(type), user certificate number(IDnumber), random string (random_eid_hash)Enter row operation to draw, computing formula is:
BHash_Value=Base64{SM3[append(name|IDnumber|type|random_eid_hash)]}
Then eID_code computing formula is as follows:
eID_code=append(eID_version||BHash_Value||eID_code_rvb)
3rd, NID generates
In eID coding(eID_code)On the basis of call above-mentioned RG32 function H_rg32 (), generate the NID of 32.I.e.:
NID=H_rg32(eID_code)
Three .NID conflict processing methods
NID is the Hash coding employing RG32 function.For preventing the NID generating from producing collision, needing to audit new NID is No existed:If existing, needing to this NID value again through H_rg32 () hash conversion, generating new NID, Audit again;This NID value until generating is unique, then product process terminates, and returns NID value.
Step1.NID generation module receives NID and generates request record, parses address name from request record (name), perfect instrument type(type), user certificate number(IDnumber)Etc. relevant information.
Step2. in order to ensure the uniqueness of user NID, NID generation module starts review procedure, in examination & verification NID data base Whether there is the corresponding effective NID of this user.If it does not, examination & verification is passed through, turn Step3;Otherwise, server directly returns Corresponding effective NID, flow process terminates.
Step3.NID generation module using information such as name, type, the IDnumber parsing, using information security state Family's standard《Network electronic identity format specification》Generate corresponding eID_code.
Step4. call RG32 function H_rg32 () on the basis of eID_code, generate the NID of 32.I.e.
NID=H_rg32(eID_code)
Step5. it is to prevent the NID generating from producing collision, whether the new NID of NID clash handle module examination & verification has existed. If existed, examination & verification is not passed through, and turns Step6;Otherwise examination & verification is passed through, and turns Step7.
Step6. former eID_code adds the new eID_code, i.e. eID_code=eID_code+ of a generating random number random.Turn Step4.
Step7. return newly-generated NID value.Flow process terminates.
Employ the system and method realizing Next Generation Internet NID generation in this invention, have the advantages that:
(1)Uniqueness:Network electronic identity derives code NID, based on having the eID_code of uniqueness, utilize RG32 Hash algorithm generates.According to RG32 algorithm and NID anti-collision processing method it can be ensured that the uniqueness of effective NID.
(2)Privacy:NID itself does not contain any subscriber identity information(As effective identification card number, type, name Deng)It is therefore prevented that the leakage of citizenship privacy information.
(3)Irreversibility:NID is to be generated according to RG32 hash algorithm, and the reverse calculating of this hash algorithm has infeasible Property, therefore, the NID being generated has irreversibility.
(4)It is applied to IPv6 network:NID length is 32 it is easy to be carried in IPv6 amplifying message head it is adaptable to IPv6 Network, has wider range of application.
In this description, the present invention is described with reference to its specific embodiment.But it is clear that still can make Various modifications and alterations are without departing from the spirit and scope of the present invention.Therefore, specification and drawings be considered as illustrative And it is nonrestrictive.

Claims (8)

1. a kind of realize Next Generation Internet network electronic identity and derive the system that code generates it is characterised in that described System includes:
Network electronic identity derives code data base, derives code generation request with order to store network electronic identity The network electronic identity generating derives code;
Network electronic identity derives code request processing module, in order to process the network electronic from user or internet, applications Identity derives code and generates request and parsed and send the solicited message of parsing to the life of network electronic Identity Code Become module to generate network electronic Identity Code;
Network electronic identity derives code generation module, in order to utilize on the basis of described network electronic Identity Code Hash function compression generates network electronic identity and derives code;
Network electronic identity derives code clash handle module, derivative in order to check newly-generated network electronic Identity Code Whether code derives, with described network electronic identity, the network electronic identity having existed in code data base and derives code Clash and processed;
Described process is derived from user or the network electronic identity of internet, applications derives code generation request and parsed, It is specially:
(11) the network electronic identity described in derives the described network electronic identity of code request processing module initialization Derivative code data base;
(12) the network electronic identity described in derives code request processing module and receives the net from user or internet, applications Network electronic identifications derive code and generate request;
(13) the network electronic identity described in derives code request processing module and judges the described type generating request, if It is the batch demand file from internet, applications, then continues step (14), if from the single request of user, then continuing Step (18);
(14) the network electronic identity described in derives whether code request processing module judges described batch demand file Being present in described network electronic identity to derive in code data base, if it is, continuing step (15), otherwise continuing step (16);
(15) the network electronic identity described in derives code request processing module and judges that described batch demand file state is No for completing, if it is, return request process complete result, then terminate to exit, otherwise continue step (17);
(16) it is undone file note that the network electronic identity described in derive code request processing module to increase a bar state newly Record;
(17) under the network electronic identity described in derives in the described batch demand file of code request processing module parsing Article one, outstanding requests record, then proceedes to step (2);
(18) the network electronic identity described in derives the described single request of code request processing module parsing and obtains user Relevant information, then proceed to step (2).
2. the system realizing Next Generation Internet network electronic identity derivative code generation according to claim 1, its It is characterised by, described network electronic identity derives the binary string that code is 32 for length, and described hash function is RG32 function in RadioGat ú n algorithm.
3. a kind of based on the system described in claim 1 or 2 realize Next Generation Internet network electronic identity derive code life The method becoming is it is characterised in that described method comprises the following steps:
(1) the network electronic identity described in derives code request processing module and processes the network from user or internet, applications Electronic identifications derive code generation asks and is parsed;
(2) the network electronic Identity Code generation module described in generates network electronic identity according to the solicited message of parsing Code;
(3) the network electronic identity described in derives code generation module on the basis of described network electronic Identity Code Generate described network electronic identity using hash function compression and derive code;
Described network electronic identity derives code request processing module and processes the network electricity from user or internet, applications Sub- identity derives code generation asks and is parsed, and comprises the following steps:
(11) the network electronic identity described in derives the described network electronic identity of code request processing module initialization Derivative code data base;
(12) the network electronic identity described in derives code request processing module and receives the net from user or internet, applications Network electronic identifications derive code and generate request;
(13) the network electronic identity described in derives code request processing module and judges the described type generating request, if It is the batch demand file from internet, applications, then continues step (14), if from the single request of user, then continuing Step (18);
(14) the network electronic identity described in derives whether code request processing module judges described batch demand file Being present in described network electronic identity to derive in code data base, if it is, continuing step (15), otherwise continuing step (16);
(15) the network electronic identity described in derives code request processing module and judges that described batch demand file state is No for completing, if it is, return request process complete result, then terminate to exit, otherwise continue step (17);
(16) it is undone file note that the network electronic identity described in derive code request processing module to increase a bar state newly Record;
(17) under the network electronic identity described in derives in the described batch demand file of code request processing module parsing Article one, outstanding requests record, then proceedes to step (2);
(18) the network electronic identity described in derives the described single request of code request processing module parsing and obtains user Relevant information, then proceed to step (2).
4. the method realizing Next Generation Internet network electronic identity derivative code generation according to claim 3, its It is characterised by, between described step (1) and (2), further comprising the steps of:
(20) relevant information that the network electronic identity described in derives the user that code generation module obtains according to parsing judges Described network electronic identity derives in code data base whether there is this user corresponding active block electronic identity mark Know derivative code, if it is, described network electronic identity derives code generation module in described network electronic identity mark Know and find the derivative code of corresponding active block electronic identifications in derivative code data base and directly return active block electronics Identity derives code, then terminates to exit, and otherwise continues step (2).
5. the method realizing Next Generation Internet network electronic identity derivative code generation according to claim 4, its It is characterised by, the relevant information of the user that described parsing obtains includes the name of user, perfect instrument type and user certificate Number.
6. the method realizing Next Generation Internet network electronic identity derivative code generation according to claim 3, its It is characterised by, described network electronic identity derives code generation module on the basis of described network electronic Identity Code Upper utilization hash function compression generates described network electronic identity and derives code, comprises the following steps:
(31) the network electronic identity described in derives code generation module on the basis of described network electronic Identity Code On call RG32 function in RadioGat ú n algorithm to generate described network electronic identity to derive code;
(32) the network electronic identity described in derives the newly-generated network electronic identity of code clash handle module check Whether the derivative code of code derives, with described network electronic identity, the network electronic identity having existed in code data base Derivative code clashes and is processed.
7. the method realizing Next Generation Internet network electronic identity derivative code generation according to claim 6, its It is characterised by, after described step (32), further comprising the steps of:
(41) the network electronic identity described in derives code request processing module and judges the described type generating request, if It is the batch demand file from internet, applications, then continues step (42), if from the single request of user, then continuing Step (44);
(42) the network electronic identity described in derives code request processing module and adds 1 by file record number, judges whether own File record be all disposed, if it is, continue step (43), otherwise continue step (17);
(43) the network electronic identity described in derives code request processing module and arranges described demand file recording status For completing, then proceed to step (44);
(44) the network electronic identity described in derives code request processing module and derives the network electronic identity of generation Code is stored in described network electronic identity and derives code data base and return derivative for described network electronic identity code Return to request and initiate user.
8. the method realizing Next Generation Internet network electronic identity derivative code generation according to claim 7, its It is characterised by, described network electronic identity derives the newly-generated network electronic identity of code clash handle module check Whether the derivative code of code derives, with described network electronic identity, the network electronic identity having existed in code data base Derivative code clashes and is processed, specially:
(321) network electronic identity derives the newly-generated network electronic Identity Code of code clash handle module check and derives Whether code derives, with described network electronic identity, the network electronic identity having existed in code data base and derives code Clashing, if it is, continuing step (322), otherwise continuing step (41);
(322) the network electronic Identity Code generation module described in increases by one on the basis of former network electronic Identity Code The new network electronic Identity Code of individual generating random number, then proceedes to step (31).
CN201310630389.3A 2013-12-02 2013-12-02 Realize the system and method for Next Generation Internet NID generation Active CN103595733B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201310630389.3A CN103595733B (en) 2013-12-02 2013-12-02 Realize the system and method for Next Generation Internet NID generation

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201310630389.3A CN103595733B (en) 2013-12-02 2013-12-02 Realize the system and method for Next Generation Internet NID generation

Publications (2)

Publication Number Publication Date
CN103595733A CN103595733A (en) 2014-02-19
CN103595733B true CN103595733B (en) 2017-03-08

Family

ID=50085715

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201310630389.3A Active CN103595733B (en) 2013-12-02 2013-12-02 Realize the system and method for Next Generation Internet NID generation

Country Status (1)

Country Link
CN (1) CN103595733B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105554018B (en) * 2015-12-31 2019-04-12 兴唐通信科技有限公司 Genuine cyber identification verification method
CN109067702B (en) * 2018-06-25 2021-05-04 兴唐通信科技有限公司 Method for generating and protecting real-name system network identity

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101552676A (en) * 2009-05-06 2009-10-07 阿里巴巴集团控股有限公司 Host module legitimacy verification method, system and device using a card module
EP2405409A1 (en) * 2010-07-06 2012-01-11 Gemalto SA Interconnected standalone multiprocessor devices, and adapted customisation method
CN102420834A (en) * 2011-12-29 2012-04-18 公安部第三研究所 Generation and verification control method for network identity code in electronic network identity card
CN102696677A (en) * 2012-06-15 2012-10-03 郑州郑氏化工产品有限公司 Medicament composition for preventing maize rough dwarf disease

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101552676A (en) * 2009-05-06 2009-10-07 阿里巴巴集团控股有限公司 Host module legitimacy verification method, system and device using a card module
EP2405409A1 (en) * 2010-07-06 2012-01-11 Gemalto SA Interconnected standalone multiprocessor devices, and adapted customisation method
CN102420834A (en) * 2011-12-29 2012-04-18 公安部第三研究所 Generation and verification control method for network identity code in electronic network identity card
CN102696677A (en) * 2012-06-15 2012-10-03 郑州郑氏化工产品有限公司 Medicament composition for preventing maize rough dwarf disease

Also Published As

Publication number Publication date
CN103595733A (en) 2014-02-19

Similar Documents

Publication Publication Date Title
JP7159183B2 (en) Device and method for sharing matrices for use in cryptographic protocols
CN105593872B (en) The method and apparatus of data authentication
CN107292181A (en) Database Systems based on block chain and the application method using the system
CN108769111A (en) A kind of server connection method, computer readable storage medium and terminal device
CN111709058B (en) Data integrity checking method based on identity and ring signature
JP2016505960A5 (en)
CN111541666B (en) Certificateless cloud end data integrity auditing method with privacy protection function
CN110324151A (en) Safety chip and application method, system and medium based on PUF and zero-knowledge proof
CN106603246A (en) SM2 digital signature segmentation generation method and system
CN106910066A (en) A kind of payment encryption storage system and method based on block chain technology
CN107104793B (en) A kind of digital signature generation method and system
CN103595733B (en) Realize the system and method for Next Generation Internet NID generation
WO2020259375A1 (en) Service discovery method and network device
CN108520189B (en) Elliptic curve radio frequency identification authentication method based on resource limited label
CN106411501B (en) Rights token generation method, system and its equipment
CN102769677B (en) Towards IPv6 address setting method and the server of real user identity information
CN111934854A (en) Data determination method and device, storage medium and electronic device
CN103595710A (en) Method for generating connection identifiers in integrated identification network
CN102970134B (en) Method and system for encapsulating PKCS#7 (public-key cryptography standard #7) data by algorithm of hardware password equipment
JP2010166549A (en) Method and apparatus of generating finger print data
JP4884456B2 (en) Data integrity verification method, apparatus, and system
CN117176742A (en) Universal digital twin service access method and system based on block chain
CN104881615B (en) A kind of efficient secret protection ciphertext connected reference operation demonstration method under cloud environment
CN116633701A (en) Information transmission method, apparatus, computer device and storage medium
EP3001346B1 (en) Directory service device, client device, key cloud system, method thereof, and program

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant