CN110557259A - identity management method, device and system based on multiple identities - Google Patents
identity management method, device and system based on multiple identities Download PDFInfo
- Publication number
- CN110557259A CN110557259A CN201910753311.8A CN201910753311A CN110557259A CN 110557259 A CN110557259 A CN 110557259A CN 201910753311 A CN201910753311 A CN 201910753311A CN 110557259 A CN110557259 A CN 110557259A
- Authority
- CN
- China
- Prior art keywords
- user
- identity
- application
- authentication
- credential
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000007726 management method Methods 0.000 title claims abstract description 86
- 238000000034 method Methods 0.000 claims abstract description 16
- 238000004590 computer program Methods 0.000 claims description 11
- 230000007246 mechanism Effects 0.000 claims description 11
- 238000010586 diagram Methods 0.000 description 13
- 238000004891 communication Methods 0.000 description 8
- 230000006870 function Effects 0.000 description 8
- 238000012545 processing Methods 0.000 description 5
- 230000003287 optical effect Effects 0.000 description 4
- 230000004048 modification Effects 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 230000008569 process Effects 0.000 description 3
- 230000008901 benefit Effects 0.000 description 2
- 239000000835 fiber Substances 0.000 description 2
- 230000008520 organization Effects 0.000 description 2
- 230000000644 propagated effect Effects 0.000 description 2
- 239000004065 semiconductor Substances 0.000 description 2
- 238000010276 construction Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 239000004973 liquid crystal related substance Substances 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/321—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
the invention discloses an identity management method, device and system based on multiple identities, and relates to the technical field of computers. One embodiment of the method comprises: receiving a registration request, wherein the registration request indicates an application to be registered by a user; determining one or more credential gateways associated with the application, sending an authentication request to the credential gateways regarding the user registering the application to generate an identification of the user for the application, wherein the credential gateways are associated with an authentication authority; associating the primary identity of the user with an application identity of the user for the application to cause the user to use the application in the primary identity. The embodiment can uniformly manage the identity information of the user and improve the login efficiency.
Description
Technical Field
the invention relates to the technical field of computers, in particular to an identity management method, device and system based on multiple identities.
background
with the development of computer technology, the types of applications are more and more, each application has different functions, and a user can process different online services by using different applications.
Generally, before using the function of an application, a user needs to log in by using the identity information of the user in the application, so the user needs to remember the identity information and the corresponding relationship between each identity information and the application to normally log in and use the application. And as the types of applications are more and more, the identity information required to be recorded by the user is more and more, so that the management difficulty of the user on the identity information is higher.
Disclosure of Invention
In view of this, embodiments of the present invention provide an identity management method, apparatus, and system based on multiple identities, which can perform unified management on identity information of a user, and improve login efficiency.
To achieve the above object, according to an aspect of the embodiments of the present invention, there is provided an identity management method based on multiple identities, including:
Receiving a registration request, wherein the registration request indicates an application to be registered by a user;
Determining one or more credential gateways associated with the application, sending an authentication request to the credential gateways regarding the user registering the application to generate an identification of the user for the application, wherein the credential gateways are associated with an authentication authority;
Associating the primary identity of the user with an application identity of the user for the application to cause the user to use the application in the primary identity.
optionally, the primary identity is created for the user when the user first sends the registration request.
optionally, an asymmetric key generation algorithm is used to generate a public key and a private key of the user as the master identity of the user.
Optionally, the authentication mechanism is provided by the application.
optionally, the identity management method further includes: associating the primary identity of the user with proof of identity of the user at one or more of the certification authorities.
According to a second aspect of the embodiments of the present invention, there is provided an identity management apparatus based on multiple identities, including: the system comprises a request receiving module, an authentication module and a management module; wherein,
The request receiving module is used for receiving a registration request, wherein the registration request indicates an application to be registered by a user;
The authentication module is used for determining one or more credential gateways related to the application, and sending an authentication request about the user registering the application to the credential gateways to generate the identity certification of the user for the application, wherein the credential gateways are associated with authentication mechanisms;
The management module is used for associating the primary identity of the user with the application identity of the user for the application so that the user uses the application in the primary identity.
Optionally, the request receiving module is further configured to create the primary identity for the user when the registration request occurs for the first time by the user.
Optionally, the request receiving module is configured to generate a public key and a private key of the user by using an asymmetric key generation algorithm, so as to serve as the principal identity of the user.
Optionally, the certification authority is provided by the application.
optionally, the management module is further configured to associate the primary identity of the user with an identification of the user at one or more of the certification authorities.
According to a third aspect of the embodiments of the present invention, there is provided an identity management system based on multiple identities, including: a credential gateway, the multiple identity-based identity management apparatus of any of the above first aspects, wherein,
the certificate gateway is used for receiving an authentication request which is sent by the identity management device and is about to register the application by the user, and generating the identity certificate of the user for the application when the authentication is successful, wherein the certificate gateway is associated with an authentication mechanism.
Optionally, the identity management system based on multiple identities further includes: a trusted authentication device, wherein the trusted authentication device is configured to receive the certification authority provided by the application.
According to a fourth aspect of the embodiments of the present invention, there is provided a server including:
One or more processors;
A storage device for storing one or more programs,
when executed by the one or more processors, cause the one or more processors to implement a method as in any one of the first aspects.
According to a fifth aspect of embodiments of the present invention, there is provided a computer readable medium, on which a computer program is stored, which program, when executed by a processor, performs the method according to any one of the first aspect.
one embodiment of the above invention has the following advantages or benefits: when a registration request of a user for an application to be registered is received, one or more credential gateways related to the application are determined, an authentication request of the user for registering the application is sent to the credential gateways to generate an identity certificate of the user for the application, and then a master identity of the user and an application identity of the user for the application are associated so that the user can use the application by utilizing the master identity. Because each application has an approved certification authority, the identity certificate generated by the approved certification authority of the application can enable the user to log in and use the application, namely, the user can directly log in the identity management device by using the master identity, and the identity management device can enable the user to use the application by using the corresponding application identity and the identity certificate according to the incidence relation between the master identity and the application identity, namely, the user does not need to log in the corresponding application by respectively corresponding identity information of each application, and can use the application only by logging in the identity management device by using the master identity, so that the master identity and the identity certificate of the user are uniformly managed by the identity management device, and the login efficiency of the user is improved. Moreover, the user can continuously add the identity certificates and the application identities corresponding to different applications according to the service requirements of the user, and the identity management device manages the application identities without recording a plurality of identity information, so that the difficulty of managing the identities by the user is reduced, and the user experience is improved.
Further effects of the above-mentioned non-conventional alternatives will be described below in connection with the embodiments.
Drawings
The drawings are included to provide a better understanding of the invention and are not to be construed as unduly limiting the invention. Wherein:
fig. 1 is a schematic diagram of a main flow for a multiple identity based identity management method according to a first embodiment of the present invention;
FIG. 2 is a schematic diagram of an application provisioning certification authority according to an embodiment of the present invention;
Fig. 3 is a schematic diagram of a main flow for a multiple identity based identity management method according to a second embodiment of the present invention;
FIG. 4 is a schematic diagram of a master identity and application identity association provided in accordance with an embodiment of the present invention;
FIG. 5 is a schematic diagram of the main modules of a multiple-identity based identity management apparatus according to an embodiment of the present invention;
FIG. 6 is a schematic diagram of a multiple identity based identity management system according to an embodiment of the present invention;
FIG. 7 is an exemplary system architecture diagram in which embodiments of the present invention may be employed;
fig. 8 is a schematic structural diagram of a computer system suitable for implementing a terminal device or a server according to an embodiment of the present invention.
Detailed Description
Exemplary embodiments of the present invention are described below with reference to the accompanying drawings, in which various details of embodiments of the invention are included to assist understanding, and which are to be considered as merely exemplary. Accordingly, those of ordinary skill in the art will recognize that various changes and modifications of the embodiments described herein can be made without departing from the scope and spirit of the invention. Also, descriptions of well-known functions and constructions are omitted in the following description for clarity and conciseness.
As shown in fig. 1, an embodiment of the present invention provides an identity management method based on multiple identities, where the method may include the following steps S101 to S103:
Step S101: a registration request is received, wherein the registration request indicates an application to be registered by a user.
here, the user may be an organization having characteristics such as organization name and unified credit code.
Step S102: determining one or more credential gateways associated with the application, sending an authentication request to the credential gateways regarding the user registering the application to generate an identification of the user for the application, wherein the credential gateways are associated with an authentication authority.
each certification authority has a corresponding credential gateway to enable communication between the multiple identity based identity management device and the certification authority. Each application has its approved certificate authority, and the application can provide its approved certificate authority to a multi-identity-based identity management device (hereinafter referred to as an identity management device), the identity management device can determine a credential gateway associated with the certificate authority according to the certificate authority approved by the application to be registered (i.e., the certificate authority associated with the application), and then send a registration request for the user to register the application to the credential gateway to generate an identification for the application.
in addition, each application 201 may also provide its own approved certificate authority to the trusted certificate authority 202, as shown in fig. 2, application a provides its own approved certificate authorities CA1 and CA2 to the trusted certificate authority, and application B provides its approved certificate authority CA3 to the trusted certificate authority, which collectively manages the certificate authorities provided by each application, for example, the trusted certificate authority may record the certificate authorities approved by each application through table 1 below, so as to quickly return the certificate authorities approved by the applications to be used by the user to the identity using device when receiving the query of the identity using device.
TABLE 1
Applications of | Authentication mechanism for application approval |
A | CA1、CA2 |
B | CA3 |
Based on this, the identity management device may query one or more certificate authorities associated with the application to be registered from the trusted certificate authority, and since each certificate authority has its associated credential gateway, the one or more credential gateways associated with the application to be registered may be determined.
for example, if the application to be registered indicated by the registration request is the application K, the identity management apparatus queries from the trusted authentication apparatus that the certificate authorities authorized by the application K are certificate authority a and certificate authority B, the identity management apparatus may determine that the certificate authority a and the certificate authority B are respectively associated with certificate gateway a and certificate gateway B, and then send an authentication request for registering the application K to the certificate gateway a and the certificate gateway B to generate the user's credentials PA and PB corresponding to the application, and then the user may subsequently use the application K using the credentials. Of course, the identity management apparatus may also send the authentication request only to the credential gateway corresponding to any certificate authority, for example, the identity management apparatus only sends the authentication request to the credential gateway a corresponding to the certificate authority a to generate the identity certificate PA, and then the user may use the application K using the PA subsequently.
step S103: associating the primary identity of the user with an application identity of the user for the application to cause the user to use the application in the primary identity.
And the identity management device creates the master identity M for the user when the user sends the registration request for the first time. When the master identity M is created, an asymmetric key generation algorithm may be used to generate a public key and a private key corresponding to the user, and the generated public key and private key are used as the master identity M of the user.
That is to say, the identity management method based on multiple identities provided in the embodiment of the present invention may include steps S301 to S305 shown in fig. 3:
Step S301: a registration request of a user is received, wherein the registration request indicates an application to be registered by the user.
Step S302: and judging whether the primary identity of the user exists, if so, executing the step S204, otherwise, executing the step S303.
Step S303: a primary identity of the user is generated and step S304 is performed.
Step S304: determining one or more credential gateways associated with the application, sending an authentication request to the credential gateways regarding the user registering the application to generate an identification of the user for the application, wherein the credential gateways are associated with an authentication authority.
Step S305: associating the primary identity of the user with an application identity of the user for the application to cause the user to use the application in the primary identity.
When the identity management device receives the identity generation result returned by the credential gateway, an application identity corresponding to the application is created for the user and is associated with the master identity of the user. For example, when the identity management apparatus receives a registration request for the application K1 and receives a generation result of an identification for the application K1 returned by the credential gateway, the identity management apparatus determines whether there is an application identity of the user for the application K1, if no application identity exists for application K1, then the application identity KD1 of the user for application K1 is created, and associates the user's master identity M with the application identity KD1, and, if there is an application identity for application K1, directly with the application identity KD1, so that the user can directly log in the identity management device by using the master identity when using the application K1, the identity management means then determines from the user's master identity the application identity KD1 for the user corresponding to application K1, and sends the application identity KD1, as well as the identity certificate, to the application K1 so that the user can use the application K1 according to the master identity.
It can be understood that, when the identity management apparatus creates application identities corresponding to a plurality of different applications for a user, the identity management apparatus associates the master identity with the application identities corresponding to the different applications, and performs unified management. For example, when the identity management device also creates an application identity KD2 for the application K2 for the user, the identity management device associates both the application identity KD1 and the application identity KD2 with the master identity M to uniformly manage the application identities. The correlation result may be stored in the form of a correlation map as shown in fig. 4, or may be stored in a table as shown in table 2 below:
TABLE 2
User principal identity | application identity |
M | KD1 |
M | KD2 |
in addition, the identity management device can also associate the main identity of the user with the identity certificates of the user in one or more authentication mechanisms so as to uniformly manage the main identity, the application identity and the identity certificates of the user, and the login efficiency is further improved.
As shown in fig. 5, an embodiment of the present invention provides an identity management apparatus 500 based on multiple identities, including: a request receiving module 501, an authentication module 502 and a management module 503; wherein,
The request receiving module 501 is configured to receive a registration request, where the registration request indicates an application to be registered by a user;
The authentication module 502 is configured to determine one or more credential gateways associated with the application, send an authentication request to the credential gateways regarding the user registering the application to generate an identification of the user for the application, wherein the credential gateways are associated with an authentication authority;
the management module 503 is configured to associate the primary identity of the user with the identification of the application by the user, so that the user uses the application in the primary identity.
Optionally, the request receiving module 501 is further configured to create the primary identity for the user when the registration request occurs for the first time.
optionally, the request receiving module 501 is configured to generate a public key and a private key of the user by using an asymmetric key generation algorithm, so as to serve as the primary identity of the user.
Optionally, the certification authority is provided by the application.
Optionally, the management module is further configured to associate the primary identity of the user with an identification of the user at one or more of the certification authorities.
As shown in fig. 6, an embodiment of the present invention further provides an identity management system based on multiple identities, including: the credential gateway 601, the multiple identity based identity management apparatus 500 according to any of the above embodiments, wherein,
The credential gateway 601 is configured to receive an authentication request sent by the identity management apparatus 500 for registering an application with a user, and generate an identity certificate of the user for the application when authentication is successful, where the credential gateway 601 is associated with an authentication authority.
In an embodiment of the present invention, the multiple identity-based identity management system 600 may further include: a trusted authentication device 602, wherein the trusted authentication device 602 is configured to receive the certification authority provided by the application.
Here, the trusted authentication device may receive the accreditation mechanisms approved by the plurality of different applications, respectively, and when receiving an inquiry of the accreditation mechanism approved by the application to be registered from the identity management device, transmit the accreditation mechanism approved by the application to be registered to the identity management device. It can be understood that the trusted authentication device and the identity management device may be integrated into a whole or may be separately provided.
An embodiment of the present invention further provides a server, including: one or more processors; storage means for storing one or more programs which, when executed by the one or more processors, cause the one or more processors to carry out a method according to any one of the embodiments described above.
An embodiment of the present invention further provides a computer-readable medium, on which a computer program is stored, where the computer program is configured to, when executed by a processor, implement a method according to any one of the above embodiments.
Fig. 7 illustrates an exemplary system architecture 700 to which the identity management method or identity management apparatus of embodiments of the present invention may be applied.
As shown in fig. 7, the system architecture 700 may include terminal devices 701, 702, 703, a network 704, and a server 705. The network 704 serves to provide a medium for communication links between the terminal devices 701, 702, 703 and the server 705. Network 704 may include various connection types, such as wired, wireless communication links, or fiber optic cables, to name a few.
a user may use the terminal devices 701, 702, 703 to interact with a server 705 over a network 704, to receive or send messages or the like. The terminal devices 701, 702, 703 may have installed thereon various communication client applications, such as a shopping-like application, a web browser application, a search-like application, an instant messaging tool, a mailbox client, social platform software, etc. (by way of example only).
the terminal devices 701, 702, 703 may be various electronic devices having a display screen and supporting web browsing, including but not limited to smart phones, tablet computers, laptop portable computers, desktop computers, and the like.
The server 705 may be a server providing various services, such as a background management server (for example only) providing support for shopping websites browsed by users using the terminal devices 701, 702, 703. The backend management server may analyze and perform other processing on the received data such as the product information query request, and feed back a processing result (for example, target push information, product information — just an example) to the terminal device.
it should be noted that the identity management method provided by the embodiment of the present invention is generally executed by the server 705, and accordingly, the identity management apparatus is generally disposed in the server 705.
It should be understood that the number of terminal devices, networks, and servers in fig. 7 is merely illustrative. There may be any number of terminal devices, networks, and servers, as desired for implementation.
referring now to FIG. 8, shown is a block diagram of a computer system 800 suitable for use with a terminal device implementing an embodiment of the present invention. The terminal device shown in fig. 8 is only an example, and should not bring any limitation to the functions and the scope of use of the embodiments of the present invention.
As shown in fig. 8, the computer system 800 includes a Central Processing Unit (CPU)801 that can perform various appropriate actions and processes in accordance with a program stored in a Read Only Memory (ROM)802 or a program loaded from a storage section 808 into a Random Access Memory (RAM) 803. In the RAM 803, various programs and data necessary for the operation of the system 800 are also stored. The CPU 801, ROM 802, and RAM 803 are connected to each other via a bus 804. An input/output (I/O) interface 805 is also connected to bus 804.
The following components are connected to the I/O interface 805: an input portion 806 including a keyboard, a mouse, and the like; an output section 807 including a signal such as a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and the like, and a speaker; a storage portion 808 including a hard disk and the like; and a communication section 809 including a network interface card such as a LAN card, a modem, or the like. The communication section 809 performs communication processing via a network such as the internet. A drive 810 is also connected to the I/O interface 805 as necessary. A removable medium 811 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is mounted on the drive 810 as necessary, so that a computer program read out therefrom is mounted on the storage section 808 as necessary.
in particular, according to the embodiments of the present disclosure, the processes described above with reference to the flowcharts may be implemented as computer software programs. For example, embodiments of the present disclosure include a computer program product comprising a computer program embodied on a computer readable medium, the computer program comprising program code for performing the method illustrated in the flow chart. In such an embodiment, the computer program can be downloaded and installed from a network through the communication section 809 and/or installed from the removable medium 811. The computer program executes the above-described functions defined in the system of the present invention when executed by the Central Processing Unit (CPU) 801.
it should be noted that the computer readable medium shown in the present invention can be a computer readable signal medium or a computer readable storage medium or any combination of the two. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples of the computer readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the present invention, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In the present invention, however, a computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: wireless, wire, fiber optic cable, RF, etc., or any suitable combination of the foregoing.
the flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present invention. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
the modules described in the embodiments of the present invention may be implemented by software or hardware. The described modules may also be provided in a processor, which may be described as: a processor includes a request receiving module, an authentication module, and a management module. The names of these modules do not in some cases constitute a limitation on the module itself, and for example, the request receiving module may also be described as a "module that receives a registration request".
As another aspect, the present invention also provides a computer-readable medium that may be contained in the apparatus described in the above embodiments; or may be separate and not incorporated into the device. The computer readable medium carries one or more programs which, when executed by a device, cause the device to comprise: receiving a registration request, wherein the registration request indicates an application to be registered by a user; determining one or more credential gateways associated with the application, sending an authentication request to the credential gateways regarding the user registering the application to generate an identification of the user for the application, wherein the credential gateways are associated with an authentication authority; associating the primary identity of the user with an application identity of the user for the application to cause the user to use the application in the primary identity.
according to the technical scheme of the embodiment of the invention, when a registration request of a user for an application to be registered is received, one or more credential gateways related to the application are determined, then an authentication request of the user for registering the application is sent to the credential gateways to generate an identity certificate of the user for the application, and then the main identity of the user and the application identity of the user for the application are associated to enable the user to use the application by utilizing the main identity. Because each application has an approved certification authority, the identity certificate generated by the approved certification authority of the application can enable the user to log in and use the application, namely, the user can directly log in the identity management device by using the master identity, and the identity management device can enable the user to use the application by using the corresponding application identity and the identity certificate according to the incidence relation between the master identity and the application identity, namely, the user does not need to log in the corresponding application by respectively corresponding identity information of each application, and can use the application only by logging in the identity management device by using the master identity, so that the master identity and the identity certificate of the user are uniformly managed by the identity management device, and the login efficiency of the user is improved. Moreover, the user can continuously add the identity certificates and the application identities corresponding to different applications according to the service requirements of the user, and the identity management device manages the application identities without recording a plurality of identity information, so that the difficulty of managing the identities by the user is reduced, and the user experience is improved.
The above-described embodiments should not be construed as limiting the scope of the invention. Those skilled in the art will appreciate that various modifications, combinations, sub-combinations, and substitutions can occur, depending on design requirements and other factors. Any modification, equivalent replacement, and improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.
Claims (14)
1. An identity management method based on multiple identities is characterized by comprising the following steps:
Receiving a registration request, wherein the registration request indicates an application to be registered by a user;
Determining one or more credential gateways associated with the application, sending an authentication request to the credential gateways regarding the user registering the application to generate an identification of the user for the application, wherein the credential gateways are associated with an authentication authority;
associating the primary identity of the user with an application identity of the user for the application to cause the user to use the application in the primary identity.
2. the method of claim 1,
And when the user sends the registration request for the first time, the primary identity is established for the user.
3. The method of claim 2,
And generating a public key and a private key of the user by using an asymmetric key generation algorithm to serve as the main identity of the user.
4. The method of claim 1,
the certification authority is provided by the application.
5. The identity management method of claim 1, further comprising: associating the primary identity of the user with proof of identity of the user at one or more of the certification authorities.
6. An identity management device based on multiple identities, comprising: the system comprises a request receiving module, an authentication module and a management module; wherein,
The request receiving module is used for receiving a registration request, wherein the registration request indicates an application to be registered by a user;
the authentication module is used for determining one or more credential gateways related to the application, and sending an authentication request about the user registering the application to the credential gateways to generate the identity certification of the user for the application, wherein the credential gateways are associated with authentication mechanisms;
the management module is used for associating the primary identity of the user with the application identity of the user for the application so that the user uses the application in the primary identity.
7. The identity management device of claim 6,
The request receiving module is further configured to create the primary identity for the user when the registration request occurs for the first time by the user.
8. the identity management device of claim 7,
The request receiving module is used for generating a public key and a private key of the user by using an asymmetric key generation algorithm to serve as the main identity of the user.
9. The identity management device of claim 6,
The certification authority is provided by the application.
10. The identity management device of claim 6,
the management module is further configured to associate the primary identity of the user with proof of identity of the user at one or more of the certification authorities.
11. A multiple-identity based identity management system, comprising: a credential gateway, the multiple-identity based identity management apparatus of any one of claims 6-9, wherein,
The certificate gateway is used for receiving an authentication request which is sent by the identity management device and is about to register the application by the user, and generating the identity certificate of the user for the application when the authentication is successful, wherein the certificate gateway is associated with an authentication mechanism.
12. The identity management system of claim 11, further comprising: a trusted authentication device, wherein,
The trusted authentication device is used for receiving the authentication mechanism provided by the application.
13. a server, comprising:
One or more processors;
A storage device for storing one or more programs,
when executed by the one or more processors, cause the one or more processors to implement the method of any one of claims 1-5.
14. A computer-readable medium, on which a computer program is stored, which, when being executed by a processor, carries out the method according to any one of claims 1-5.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910753311.8A CN110557259A (en) | 2019-08-15 | 2019-08-15 | identity management method, device and system based on multiple identities |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910753311.8A CN110557259A (en) | 2019-08-15 | 2019-08-15 | identity management method, device and system based on multiple identities |
Publications (1)
Publication Number | Publication Date |
---|---|
CN110557259A true CN110557259A (en) | 2019-12-10 |
Family
ID=68737512
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910753311.8A Pending CN110557259A (en) | 2019-08-15 | 2019-08-15 | identity management method, device and system based on multiple identities |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110557259A (en) |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102299936A (en) * | 2010-06-25 | 2011-12-28 | 腾讯科技(深圳)有限公司 | Method and device for accessing application websites |
CN104065616A (en) * | 2013-03-20 | 2014-09-24 | 中国移动通信集团公司 | Single sign-on method and system |
CN108134787A (en) * | 2017-12-21 | 2018-06-08 | 恒宝股份有限公司 | A kind of identity identifying method and authentication device |
-
2019
- 2019-08-15 CN CN201910753311.8A patent/CN110557259A/en active Pending
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102299936A (en) * | 2010-06-25 | 2011-12-28 | 腾讯科技(深圳)有限公司 | Method and device for accessing application websites |
CN104065616A (en) * | 2013-03-20 | 2014-09-24 | 中国移动通信集团公司 | Single sign-on method and system |
CN108134787A (en) * | 2017-12-21 | 2018-06-08 | 恒宝股份有限公司 | A kind of identity identifying method and authentication device |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP4287057A2 (en) | Generating and linking private transaction identifiers to distributed data repositories | |
US8898764B2 (en) | Authenticating user through web extension using token based authentication scheme | |
US20180374097A1 (en) | A distributed user profile identity verification system for e-commerce transaction security | |
CN106170964B (en) | User virtual identity based on different identity services | |
CN113271311B (en) | Digital identity management method and system in cross-link network | |
CN110247917B (en) | Method and apparatus for authenticating identity | |
EP4350556A1 (en) | Information verification method and apparatus | |
CN113193961A (en) | Digital certificate management method and device | |
WO2019175427A1 (en) | Method, device and medium for protecting work based on blockchain | |
CN111814131A (en) | Method and device for equipment registration and configuration management | |
CN111833066A (en) | Account authorization method, device and system | |
CN113129008B (en) | Data processing method, device, computer readable medium and electronic equipment | |
CN112489760B (en) | Prescription processing method and system based on distributed identity authentication | |
US11956639B2 (en) | Internet of things device provisioning | |
CN112905990A (en) | Access method, client, server and access system | |
US11032265B2 (en) | System and method for automated customer verification | |
CN117041959A (en) | Service processing method, device, electronic equipment and computer readable medium | |
CN111787044A (en) | Internet of things terminal platform | |
CN110602074B (en) | Service identity using method, device and system based on master-slave association | |
WO2018121164A1 (en) | Method, device, and system for creating service numbers | |
CN112966286B (en) | Method, system, device and computer readable medium for user login | |
CN113132115B (en) | Certificate switching method, device and system | |
US20230032867A1 (en) | Certificate revocation at datacenters | |
CN110611656B (en) | Identity management method, device and system based on master identity multiple mapping | |
CN110602076B (en) | Identity using method, device and system based on master identity multiple authentication |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20191210 |