CN111264045B - Interactive system and method based on heterogeneous identity - Google Patents

Interactive system and method based on heterogeneous identity Download PDF

Info

Publication number
CN111264045B
CN111264045B CN201780096222.XA CN201780096222A CN111264045B CN 111264045 B CN111264045 B CN 111264045B CN 201780096222 A CN201780096222 A CN 201780096222A CN 111264045 B CN111264045 B CN 111264045B
Authority
CN
China
Prior art keywords
identity
heterogeneous
subsystem
terminal device
physical
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201780096222.XA
Other languages
Chinese (zh)
Other versions
CN111264045A (en
Inventor
吴双
阮子瀚
雷浩
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei International Pte Ltd
Original Assignee
Huawei International Pte Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei International Pte Ltd filed Critical Huawei International Pte Ltd
Publication of CN111264045A publication Critical patent/CN111264045A/en
Application granted granted Critical
Publication of CN111264045B publication Critical patent/CN111264045B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The application provides an interaction system and method based on heterogeneous identity, wherein the system comprises M blockchain consensus nodes and M heterogeneous identity systems; the heterogeneous identity system comprises a heterogeneous identity subsystem, and the heterogeneous identity subsystem comprises terminal equipment. The first heterogeneous identity subsystem and the second heterogeneous identity subsystem respectively acquire the unified identities of the terminal equipment respectively, and the acquired unified identities are sent to the corresponding blockchain consensus nodes of the heterogeneous identity systems to which the first heterogeneous identity subsystem and the second heterogeneous identity subsystem belong so that the unified identities are shared among the M blockchain consensus nodes; the first heterogeneous identity subsystem and the second heterogeneous identity subsystem interact based on the unified identity of the first terminal device and the unified identity of the second terminal device. Thereby improving the reliability of the interactive system.

Description

Interactive system and method based on heterogeneous identity
Technical Field
The present application relates to the field of communications technologies, and in particular, to an interaction system and method based on heterogeneous identities.
Background
Along with the continuous development of the internet of things technology, the internet of things equipment presents the characteristic of diversity, and can be equipment in different identity systems. For example: the identity of some internet of things equipment in the affiliated identity system is an account number and a password of the internet of things equipment; the identity of some internet of things devices in the belonging identity system is (International Mobile Subscriber Identification Number, IMSI) of the internet of things device; still other internet of things devices have their identity in the belonging identity system as a certificate or an identity based digital signature (Identity Based Signature, IBS) or the like.
Because the internet of things devices of different identity systems have no unified standard interface and have no unified identity, interaction behaviors such as pairwise identity authentication, communication, transaction and the like can not be realized among the internet of things devices of different identity systems. The prior art adopts a mode of establishing an internet of things platform to solve the problem. That is, all the internet of things devices in the heterogeneous identity system trust the internet of things platform, and the unified identities provided for all the internet of things devices are interacted through the internet of things platform.
However, with the continuous development of the internet of things technology, the scale of the internet of things equipment is also continuously growing, and the scale of the internet of things equipment is increased to the billion level. Based on the method, the processing capacity and the storage capacity of the internet of things platform are challenged greatly, and the method is easy to cause single-point faults of the internet of things platform, so that the problem of low reliability of the whole interaction system is caused.
Disclosure of Invention
According to the interaction system and the interaction method based on the heterogeneous identity, different devices under the heterogeneous identity system can realize interaction without depending on a unified Internet of things platform, on one hand, the reliability of the interaction system can be improved, and more importantly, when intelligent devices in the global scope in the future generate the two-by-two interaction requirement, most probably because of the limitation of regions, a single Internet of things platform does not exist and can be used by all devices in the global scope. The present invention provides a solution to this scenario.
In a first aspect, the present application provides an interaction system based on heterogeneous identities, comprising: m block chain consensus nodes and M heterogeneous identity systems, wherein M is a positive integer greater than 1; the heterogeneous identity system comprises a heterogeneous identity subsystem, and the heterogeneous identity subsystem comprises terminal equipment. The first heterogeneous identity subsystem acquires the unified identity of the first terminal equipment in the interaction system, which is included in the first heterogeneous identity subsystem, and sends the unified identity of the first terminal equipment to the blockchain consensus node corresponding to the heterogeneous identity system to which the first heterogeneous identity subsystem belongs, so that the unified identity of the first terminal equipment is shared among the M blockchain consensus nodes; the second heterogeneous identity subsystem acquires the unified identity of the second terminal equipment in the interaction system, which is included in the second heterogeneous identity subsystem, and sends the unified identity of the second terminal equipment to the blockchain consensus node corresponding to the heterogeneous identity system to which the second heterogeneous identity subsystem belongs, so that the unified identity of the second terminal equipment is shared among the M blockchain consensus nodes; the first heterogeneous part subsystem and the second heterogeneous part subsystem interact based on the unified identity of the first terminal device and the unified identity of the second terminal device; the first heterogeneous identity subsystem and the second heterogeneous identity subsystem belong to two different heterogeneous identity systems in the M heterogeneous identity systems.
The beneficial effects of this application include: the heterogeneous identity subsystems can acquire the unified identity of the included terminal equipment and send the unified identity to the corresponding blockchain consensus nodes, so that the unified identity is among M blockchain consensus nodes, and interaction among the heterogeneous identity subsystems is realized. In this application, need not to set up independent thing networking platform. But M block chain consensus nodes are arranged, and information can be shared among the block chain consensus nodes, so that single-point faults of an Internet of things platform in the prior art are avoided, and the reliability of the whole interaction system is improved.
Optionally, the system further comprises: and a processing module. Based on the information, the first heterogeneous identity subsystem generates physical identity evidence of the first terminal equipment according to the unified identity of the first terminal equipment, and generates a summary of the physical identity evidence, wherein the physical identity evidence is used for proving the association relation between the unified identity of the first terminal equipment and the first terminal equipment; the processing module acquires and stores the physical identity, and generates a link of the physical identity; transmitting the link of the physical identity certification to the first heterogeneous identity subsystem; the first heterogeneous identity subsystem sends the abstract and the link to the block chain consensus node corresponding to the heterogeneous identity system to which the first heterogeneous identity subsystem belongs, so that the abstract and the link are shared among M block chain consensus nodes; the second heterogeneous part subsystem acquires the abstract and the link, verifies the physical identity according to the abstract and the link, and sends a message to the first heterogeneous part subsystem when the physical identity is verified successfully.
The beneficial effects of this application include: the heterogeneous identity subsystems can generate the physical identity of the terminal equipment included by the heterogeneous identity subsystems, other heterogeneous identity subsystems can verify the physical identity, when verification is successful, interaction can be performed among the heterogeneous identity subsystems, and when verification fails, interaction can not be performed among the heterogeneous identity subsystems, so that the reliability of the whole interaction system is improved.
Optionally, the unified identity of the first terminal device is a public key of a public-private key pair; the second heterogeneous identity subsystem acquires a public key of a heterogeneous identity system corresponding to the first terminal equipment, a public key of the first terminal equipment in the corresponding heterogeneous identity system and a public key of a public-private key pair; correspondingly, the second heterogeneous identity subsystem detects and acquires physical identity corresponding to the link in the processing module; the second isomer identity subsystem calculates the abstract of the physical identity; if the abstract of the physical identity certificate obtained through calculation is the same as the abstract of the physical identity certificate stored by the blockchain consensus node corresponding to the heterogeneous identity system to which the first heterogeneous identity subsystem belongs, the second heterogeneous identity subsystem verifies the physical identity certificate according to the public key of the heterogeneous identity system corresponding to the first terminal device, the public key of the first terminal device in the corresponding heterogeneous identity system and the public key of a public-private key pair.
The beneficial effects of this application include: when the unified identity of the first terminal equipment is the public key in a public-private key pair, the second heterogeneous subsystem can effectively verify the physical identity through the optional mode, so that the reliability of the whole interaction system is improved.
Optionally, if the heterogeneous identity system corresponding to the first terminal device is a public key infrastructure PKI-based system, the first heterogeneous identity subsystem obtains a PKI certificate of the first terminal device in the corresponding heterogeneous identity system and a signature of the PKI certificate; the first heterogeneous identity subsystem acquires a first signature obtained by signing a public key of the first terminal equipment in a corresponding heterogeneous identity system through a private key of a public-private key pair; the first heterogeneous identity subsystem acquires a second signature obtained by signing a public key of a public-private key pair through a private key of the first terminal equipment in a corresponding heterogeneous identity system; the first heterogeneous identification subsystem generates a physical identity of the first terminal device from the PKI certificate, the signature of the PKI certificate, the first signature and the second signature.
The beneficial effects of this application include: when the heterogeneous identity system corresponding to the first terminal equipment is a PKI-based system, the first heterogeneous identity subsystem can effectively generate the physical identity certification of the first terminal equipment through the alternative mode.
Optionally, the second heterogeneous identity subsystem verifies the PKI certificate signature according to the public key and the PKI certificate of the heterogeneous identity system corresponding to the first terminal device, and verifies the first signature and the second signature according to the public key of a public-private key pair and the public key of the first terminal device in the corresponding heterogeneous identity system; if the PKI signature, the first signature and the second signature are all verified to be successful, the second heterogeneous subsystem determines that the verification of the physical identity is successful.
The beneficial effects of this application include: based on the mode that the first heterogeneous identity subsystem generates the physical identity of the first terminal device, the second heterogeneous identity subsystem can effectively verify the physical identity through the optional mode, so that the reliability of the whole interaction system is improved.
Optionally, if the heterogeneous identity system corresponding to the first terminal device is an IBC-based system, the first heterogeneous identity subsystem obtains a first signature obtained by signing a public key of the first terminal device in the corresponding heterogeneous identity system with a private key of a public-private key pair; the first heterogeneous identity subsystem acquires a second signature obtained by signing a public key of a public-private key pair through a private key of the first terminal equipment in a corresponding heterogeneous identity system; the first heterogeneous identity subsystem generates a physical identity of the first terminal device in the identity, the first signature and the second signature of the corresponding heterogeneous identity system.
The beneficial effects of this application include: when the heterogeneous identity system corresponding to the first terminal equipment is an IBC-based system, the first heterogeneous identity subsystem can effectively generate the physical identity certification of the first terminal equipment through the optional mode.
Optionally, the second heterogeneous identity subsystem determines the public key of the first terminal device in the corresponding heterogeneous identity system according to the public key of the heterogeneous identity system corresponding to the first terminal device and the identity of the first terminal device in the corresponding heterogeneous identity system; the second heterogeneous identity subsystem verifies the first signature and the second signature according to the public key of a public-private key pair and the public key of the first terminal equipment in the corresponding heterogeneous identity system; if the first signature and the second signature are both verified successfully, the second heterogeneous subsystem determines that the verification of the physical identity is successful.
The beneficial effects of this application include: based on the mode that the first heterogeneous identity subsystem generates the physical identity of the first terminal device, the second heterogeneous identity subsystem can effectively verify the physical identity through the optional mode, so that the reliability of the whole interaction system is improved.
Optionally, the second heterogeneous identity subsystem acquires and stores the unified identity of the first terminal device and state indication information of the unified identity of the first terminal device, where the state indication information is used to indicate whether the unified identity of the first terminal device is in an enabled state or a non-enabled state; correspondingly, if the state indication information indicates that the state of the unified identity of the first terminal device is the starting state, the second heterogeneous identity subsystem detects and acquires physical identity certification corresponding to the link in the processing module.
The beneficial effects of this application include: if the state indication information indicates that the state of the unified identity of the terminal equipment is a non-starting state, the physical identity of the terminal equipment is not required to be detected. Thereby reducing the resource consumption of the interactive system.
Optionally, the system further comprises: a processing module and a physical identity generating device; the method comprises the steps that a physical identity generating device obtains a unified identity of a first terminal device, and generates a physical identity certificate of the first terminal device according to the unified identity of the first terminal device, wherein the physical identity certificate is used for proving the association relation between the unified identity of the first terminal device and the first terminal device; the first heterogeneous identity subsystem acquires physical identity evidence and generates a summary of the physical identity evidence; the processing module acquires and stores the physical identity, and generates a link of the physical identity; transmitting the link of the physical identity certification to the first heterogeneous identity subsystem; the first heterogeneous identity subsystem sends the abstract and the link to the block chain consensus node corresponding to the heterogeneous identity system to which the first heterogeneous identity subsystem belongs, so that the abstract and the link are shared among M block chain consensus nodes; the second heterogeneous part subsystem acquires the abstract and the link, verifies the physical identity according to the abstract and the link, and sends a message to the first heterogeneous part subsystem when the physical identity is verified successfully.
The beneficial effects of this application include: the physical identity generating device can generate physical identity evidence of terminal equipment included in the heterogeneous identity subsystems, other heterogeneous identity subsystems can verify the physical identity evidence, interaction can be performed among the heterogeneous identity subsystems when verification is successful, interaction cannot be performed among the heterogeneous identity subsystems when verification is failed, and therefore reliability of the whole interaction system is improved.
Optionally, the second heterogeneous identity subsystem acquires a public key of a heterogeneous identity system corresponding to the first terminal device; correspondingly, the second heterogeneous identity subsystem detects and acquires physical identity corresponding to the link in the processing module; the second isomer identity subsystem calculates the abstract of the physical identity; if the abstract of the physical identity certificate obtained through calculation is the same as the abstract of the physical identity certificate stored by the blockchain consensus node corresponding to the heterogeneous identity system to which the first heterogeneous identity subsystem belongs, the second heterogeneous identity subsystem verifies the physical identity certificate according to the public key of the heterogeneous identity system corresponding to the first terminal equipment.
The beneficial effects of this application include: the second heterogeneous identification subsystem can effectively verify physical identification through the optional mode, so that the reliability of the whole interaction system is improved.
Optionally, the unified identity of the first terminal device is a public key of a public-private key pair; the method comprises the steps that physical identity generating equipment obtains an identity mark of a first terminal equipment in a corresponding heterogeneous identity system and a public key in a public-private key pair; the physical identity generating device signs the identity mark of the first terminal device in the corresponding heterogeneous identity system and the public key in a public-private key pair according to the private key of the physical identity generating device to obtain a first signature; the physical identity generating device generates a physical identity certificate by using the identity identifier of the first terminal device in the corresponding heterogeneous identity system, the public key in a public-private key pair and the first signature.
The beneficial effects of this application include: the first heterogeneous identification subsystem can effectively generate the physical identification of the first terminal device through the alternative mode.
Optionally, the second heterogeneous identity subsystem acquires and stores the unified identity of the first terminal device and state indication information of the unified identity of the first terminal device, where the state indication information is used to indicate whether the unified identity of the first terminal device is in an enabled state or a non-enabled state; correspondingly, if the state indication information indicates that the state of the unified identity of the first terminal device is the starting state, the second heterogeneous identity subsystem detects and acquires physical identity certification corresponding to the link in the processing module.
The beneficial effects of this application include: if the state indication information indicates that the state of the unified identity of the terminal equipment is a non-starting state, the physical identity of the terminal equipment is not required to be detected. Thereby reducing the resource consumption of the interactive system.
Optionally, the first heterogeneous identity subsystem comprises only the first terminal device; or the first heterogeneous identity subsystem comprises a first terminal device, a first proxy server of the first terminal device and a first key escrow center; the second heterogeneous part subsystem only comprises second terminal equipment; alternatively, the second heterogeneous identity subsystem includes the second terminal device, a first proxy server of the second terminal device, and the first key escrow center.
The following describes a heterogeneous identity based interaction method, and its implementation principle and technical effects are similar to those of the system related to the first aspect and the optional manner of the first aspect, and are not repeated here.
In a second aspect, the present application provides a heterogeneous identity based interaction method, where the method is applied to a heterogeneous identity based interaction system, the system includes: m block chain consensus nodes and M heterogeneous identity systems, wherein M is a positive integer greater than 1; the heterogeneous identity system comprises a heterogeneous identity subsystem, and the heterogeneous identity subsystem comprises terminal equipment; correspondingly, the method comprises the following steps: the first heterogeneous identity subsystem acquires the unified identity of the first terminal equipment in the interaction system, which is included in the first heterogeneous identity subsystem, and sends the unified identity of the first terminal equipment to the blockchain consensus node corresponding to the heterogeneous identity system to which the first heterogeneous identity subsystem belongs, so that the unified identity of the first terminal equipment is shared among the M blockchain consensus nodes; the second heterogeneous identity subsystem acquires the unified identity of the second terminal equipment in the interaction system, which is included in the second heterogeneous identity subsystem, and sends the unified identity of the second terminal equipment to the blockchain consensus node corresponding to the heterogeneous identity system to which the second heterogeneous identity subsystem belongs, so that the unified identity of the second terminal equipment is shared among the M blockchain consensus nodes; the first heterogeneous part subsystem and the second heterogeneous part subsystem interact based on the unified identity of the first terminal device and the unified identity of the second terminal device; the first heterogeneous identity subsystem and the second heterogeneous identity subsystem belong to two different heterogeneous identity systems in the M heterogeneous identity systems.
The first heterogeneous part subsystem, the second heterogeneous part subsystem and the physical identity generating device are described below, and the principle and technical effects of the first heterogeneous part subsystem, the second heterogeneous part subsystem and the physical identity generating device may refer to the system related to the first aspect and the principle and technical effects of the optional modes of the first aspect, which are not described herein again.
In a third aspect, the present application provides a first heterogeneous identity subsystem, wherein the first heterogeneous identity subsystem comprises: the device comprises an acquisition module, a sending module and a receiving module.
The acquisition module is used for acquiring the unified identity of the first terminal equipment in the interaction system, which is included in the first heterogeneous identity subsystem, and the transmission module is used for transmitting the unified identity of the first terminal equipment to the blockchain consensus nodes corresponding to the heterogeneous identity system to which the first heterogeneous identity subsystem belongs, so that the unified identity of the first terminal equipment is shared among the M blockchain consensus nodes; the acquisition module is further configured to acquire a unified identity of the second terminal device, and the sending module is configured to send a message to a second heterogeneous part subsystem to which the second terminal device belongs based on the unified identity of the first terminal device and the unified identity of the second terminal device, or the receiving module is configured to receive the message sent by the second heterogeneous part subsystem.
In a fourth aspect, the present application provides a second heterogeneous identity subsystem, where the second heterogeneous identity subsystem includes an acquisition module, a sending module, and a receiving module;
the acquisition module is used for acquiring the unified identity of the second terminal equipment in the interaction system, which is included in the second heterogeneous identity subsystem, and the transmission module is used for transmitting the unified identity of the second terminal equipment to the blockchain consensus nodes corresponding to the heterogeneous identity system to which the second heterogeneous identity subsystem belongs, so that the unified identity of the second terminal equipment is shared among the M blockchain consensus nodes; the acquisition module is further used for acquiring the unified identity of the first terminal device, the sending module is further used for sending a message to the first heterogeneous part subsystem to which the first terminal device belongs based on the unified identity of the first terminal device and the unified identity of the second terminal device, or the receiving module is used for receiving the message sent by the first heterogeneous part subsystem.
In a fifth aspect, the present application provides a physical identity generating device, including: the device comprises an acquisition module and a generation module;
the acquisition module is used for acquiring the unified identity of the first terminal equipment; the generation module is used for generating physical identification of the first terminal equipment according to the unified identity of the first terminal equipment, and the physical identification is used for proving the association relation between the unified identity of the first terminal equipment and the first terminal equipment.
In a sixth aspect, the present application provides a first heterogeneous identity subsystem, wherein the first heterogeneous identity subsystem comprises: processor, transmitter and receiver.
The processor is used for acquiring the unified identity of the first terminal equipment in the interaction system, which is included in the first heterogeneous identity subsystem, and the transmitter is used for transmitting the unified identity of the first terminal equipment to the blockchain consensus node corresponding to the heterogeneous identity system to which the first heterogeneous identity subsystem belongs, so that the unified identity of the first terminal equipment is shared among the M blockchain consensus nodes; the processor is further configured to obtain a unified identity of the second terminal device, and the transmitter is configured to send a message to a second heterogeneous identity subsystem to which the second terminal device belongs based on the unified identity of the first terminal device and the unified identity of the second terminal device, or the receiver is configured to receive the message sent by the second heterogeneous identity subsystem.
In a seventh aspect, the present application provides a second heterogeneous identity subsystem, wherein the second heterogeneous identity subsystem comprises a processor, a transmitter, and a receiver;
the processor is used for acquiring the unified identity of the second terminal equipment in the interaction system, which is included in the second heterogeneous identity subsystem, and the transmitter is used for transmitting the unified identity of the second terminal equipment to the blockchain consensus node corresponding to the heterogeneous identity system to which the second heterogeneous identity subsystem belongs, so that the unified identity of the second terminal equipment is shared among the M blockchain consensus nodes; the processor is further configured to obtain a unified identity of the first terminal device, and the transmitter is further configured to send a message to a first heterogeneous subsystem to which the first terminal device belongs based on the unified identity of the first terminal device and the unified identity of the second terminal device, or the receiver is configured to receive the message sent by the first heterogeneous subsystem.
In an eighth aspect, the present application provides a physical identity generating apparatus, including: a processor and a memory for storing execution code of the processor to cause the processor to perform the following functions; and acquiring the unified identity of the first terminal equipment, and generating physical identity evidence of the first terminal equipment according to the unified identity of the first terminal equipment, wherein the physical identity evidence is used for proving the association relationship between the unified identity of the first terminal equipment and the first terminal equipment.
In a ninth aspect, the present application provides a computer storage medium for storing computer software instructions for use with the first heterogeneous identity subsystem according to the third or sixth aspect, comprising instructions for executing the program according to the third or sixth aspect.
In a tenth aspect, the present application provides a computer program product comprising instructions which, when executed by a computer, cause the computer to perform the functions performed by the first heterogeneous identity subsystem of the third or sixth aspect.
In an eleventh aspect, the present application provides a computer storage medium for storing computer software instructions for the second heterogeneous subsystem according to the fourth or seventh aspect, where the computer software instructions include a program for executing the fourth or seventh aspect.
In a twelfth aspect, the present application provides a computer program product comprising instructions which, when executed by a computer, cause the computer to perform the functions performed by the second heterogeneous identity subsystem of the fourth or seventh aspect.
In a thirteenth aspect, the present application provides a computer storage medium for storing computer software instructions for use with a physical identity generating apparatus as referred to in the fifth or eighth aspect above, comprising instructions for executing a program as referred to in the fifth or eighth aspect above.
In a fourteenth aspect, the present application provides a computer program product comprising instructions which, when executed by a computer, cause the computer to perform the functions performed by the physical identity generating device of the fifth or eighth aspect.
The application provides an interaction system and method based on heterogeneous identity, comprising the following steps: m block chain consensus nodes and M heterogeneous identity systems, wherein M is a positive integer greater than 1; the heterogeneous identity system comprises a heterogeneous identity subsystem, and the heterogeneous identity subsystem comprises terminal equipment. The first heterogeneous identity subsystem acquires the unified identity of the first terminal equipment in the interaction system, which is included in the first heterogeneous identity subsystem, and sends the unified identity of the first terminal equipment to the blockchain consensus node corresponding to the heterogeneous identity system to which the first heterogeneous identity subsystem belongs, so that the unified identity of the first terminal equipment is shared among the M blockchain consensus nodes; the second heterogeneous identity subsystem acquires the unified identity of the second terminal equipment in the interaction system, which is included in the second heterogeneous identity subsystem, and sends the unified identity of the second terminal equipment to the blockchain consensus node corresponding to the heterogeneous identity system to which the second heterogeneous identity subsystem belongs, so that the unified identity of the second terminal equipment is shared among the M blockchain consensus nodes; the first heterogeneous part subsystem and the second heterogeneous part subsystem interact based on the unified identity of the first terminal device and the unified identity of the second terminal device; the first heterogeneous identity subsystem and the second heterogeneous identity subsystem belong to two different heterogeneous identity systems in the M heterogeneous identity systems. In the application, an independent internet of things platform does not need to be arranged. But M block chain consensus nodes are arranged, and information can be shared among the block chain consensus nodes, so that single-point faults of an Internet of things platform in the prior art are avoided, and the reliability of the whole interaction system is improved.
Drawings
FIG. 1 is a schematic diagram of an interactive system 10 based on heterogeneous identities according to an embodiment of the present application;
FIG. 2 is a schematic diagram illustrating a heterogeneous identity-based interaction system according to an embodiment of the present application;
FIG. 3 is a schematic diagram illustrating a heterogeneous identity-based interaction system according to another embodiment of the present application;
FIG. 4 is an interaction flow chart of an interaction method based on heterogeneous identity according to an embodiment of the present application;
FIG. 5 is an interaction flow chart of an interaction method based on heterogeneous identity according to another embodiment of the present application;
FIG. 6 is an interaction flow chart of an interaction method based on heterogeneous identity according to still another embodiment of the present application;
FIG. 7 is an interaction flow chart of an interaction method based on heterogeneous identity according to still another embodiment of the present application;
fig. 8 is a schematic structural diagram of a first heterogeneous subsystem 80 according to an embodiment of the present application;
fig. 9 is a schematic structural diagram of a second heterogeneous subsystem 90 according to an embodiment of the present application;
FIG. 10 is a schematic diagram of a physical identity generating apparatus 100 according to an embodiment of the present application;
fig. 11 is a schematic structural diagram of a first heterogeneous subsystem 110 according to an embodiment of the present application;
Fig. 12 is a schematic structural diagram of a second heterogeneous subsystem 120 according to an embodiment of the present application;
fig. 13 is a schematic structural diagram of a physical identity generating device 130 according to an embodiment of the present application.
Detailed Description
In the following, some specialized terms in the present application are explained for the convenience of those skilled in the art.
Public key cryptography (Public Key Cryptography): also known as asymmetric cryptography, is a type of cryptographic algorithm that requires two separate keys, one of which is a secret private key (private key) and the other of which is a public key (public key). The two parts of the public and private keys are mathematically linked together. The public key is used for encrypting plaintext or verifying digital signature; and the private key is used to decrypt the ciphertext or create a digital signature.
Digital signature (Digital Signature): mathematical schemes for demonstrating the authenticity of digital messages or documents. A valid digital signature may allow the recipient to determine that the message was created by a known sender (authentication), who cannot deny that the message was signed (non-repudiation). While verifying the digital signature may also confirm that the message was not altered in transmission (integrity).
Certificate (Certificate) and Certificate authority (Certificate Authority, CA): in cryptography, a certificate authority CA center is an entity that issues digital certificates. The digital certificate certifies the ownership of the public key through the specified subject matter of the certificate. This allows other (relying party) to rely on the signature or assertion of a private key corresponding to the authenticated public key. In this trust relationship model, the CA is a trusted third party, trusted by the principal of the certificate (the owner) and the party relying on the certificate. Many public key infrastructure (Public Key Infrastructure, PKI) schemes employ CA.
The transport layer security protocol (Transport Layer Security, TLS) is a security protocol that aims to provide security and data integrity assurance for internet communications. The method is mainly applied to application programs such as a browser, an email, instant messaging, a network fax and the like. TLS supports both parties to perform functions such as authentication, key agreement, encrypted communication, etc. through certificates.
PKI certificate principle of operation
Assuming Alice and Bob authenticate with a digital signature (one of the uses of the asymmetric algorithm), bob needs to ensure that the exact public key used is Alice. Since the public key is a nonsensical string derived from a randomly chosen private key, there is no recognizable real feature. There is a need for a mechanism to ensure Bob and owner are sure that the public key is indeed Alice.
PKI certificate system: and establishing a trusted third-party CA, wherein the user needs to apply certificates for one or more CAs, the CA issues certificates for the public key of the user, and the possession of the public key by the user is guaranteed. While verifying the public key certificate is actually verifying the signature of the certificate by the CA.
The general flow of the user applying for the certificate is as follows: the user generates a public and private key pair, sends the public key and identity information to the CA, and after necessary verification, the CA generates a certificate for the public key of the user so as to bind the public key and the identity information of the user. Wherein the certificate is a signature of the CA to the user's public key and identity information by its own public key. The public key of the CA is acknowledged, and no further guarantee is needed, so that the certificate and the public key of the user can be verified by other parties.
IBS identity authentication working principle
Identity-based cryptography (Identity-Based Cryptography, IBC) includes Identity-based signature techniques (Identity Based Signature, IBS) and Identity-based encryption techniques (Identity Based Encryption, IBE).
IBS is a special public key cryptography technique that uses the Identity (ID) of the user as its own public key, thus eliminating the need for a digital certificate to bind the public key to the user's ID. But requires a trusted key generation center (Key Generation Center, KGC) to generate the private key of the user.
Blockchain (Block Chain): is a distributed database that maintains an ever-increasing list of ordered records known as chunks. Each block contains a time stamp and a link to the previous block. The blockchain is naturally provided with the function of tamper-resistant data, which once recorded in the blockchain cannot be unilaterally modified. By using a Peer-to-Peer (P2P) network and a distributed timestamp server, automatic management of data on the blockchain can be achieved. Blockchains are "an open distributed ledger that can effectively record transactions and other various information between two parties and permanently record in a verifiable manner.
Blockchain consensus nodes (peers), consensus algorithm (Consensus Algorithm): the blockchain consists of a plurality of blockchain consensus nodes, and each blockchain consensus node can be a physical machine or a virtual machine of a cloud, a container and other logic nodes. Each blockchain consensus node will save the complete data and code in the blockchain. And the consistency of the block chain data is realized among the block chain consensus nodes through a consensus algorithm.
The terminal device referred to herein may be referred to as an internet of things (Internet of thing, ioT) device, which may be a computer, a cell phone, a printer, a refrigerator, a robot, a sensor, an electricity meter, a water meter, etc., that may access the IoT.
The method and the device solve the problem of low reliability of the interaction system in the prior art based on the related technology.
Specifically, fig. 1 is a schematic diagram of an interaction system 10 based on heterogeneous identities according to an embodiment of the present application, where an application scenario of the system is: when two heterogeneous identity terminal devices need to perform interaction actions such as identity authentication, communication, transaction and the like, the two heterogeneous identity terminal devices need to be realized based on the interaction system. Specifically, as shown in FIG. 1, the interactive system 10 includes: m blockchain consensus nodes 11 and M heterogeneous identity systems 12; m heterogeneous identity systems 12 are in one-to-one correspondence with M blockchain consensus nodes 11, wherein M is a positive integer greater than 1; the heterogeneous identity system comprises a heterogeneous identity subsystem 13, the heterogeneous identity subsystem 13 comprising terminal equipment. Each blockchain consensus node 11 may be a physical machine, or may be a logical node such as a virtual machine of a cloud, a container, or the like, which is not limited in this application.
As shown in fig. 1, some heterogeneous subsystems 13 include only terminal devices. The application scenario for this case is: when the terminal device is not a lightweight device, i.e. the terminal device has sufficient storage space and communication capabilities, the heterogeneous identity subsystem 13 comprises only the terminal device. For example: cell phones, computers, tablet devices, etc. may be understood as non-lightweight devices. Some heterogeneous subsystems 13 include terminal devices 14, proxy servers 15 corresponding to the terminal devices 14, and key escrow centers 16 corresponding to the proxy servers 15. The application scenario for this case is: when the terminal device is a lightweight device, i.e. the terminal device does not have sufficient storage space and communication capabilities, the heterogeneous identity subsystem 13 enables interaction with other terminal devices via the proxy server 15 and the key escrow center 16. For example: electricity meters, water meters, refrigerators, printers, etc. can be understood as lightweight devices. The key escrow center 16 may be a physical device or a logical node.
It should be noted that, each of all the heterogeneous subsystems included in the interactive system 10 may include only a terminal device, or may include a terminal device, a proxy server, and a key hosting center. It is also possible that some of all heterogeneous identity subsystems only comprise terminal devices, and other partial heterogeneous identity subsystems comprise terminal devices, proxy servers and key escrow centers. The present application is not limited in this regard.
Further, the first heterogeneous identity subsystem acquires the unified identity of the first terminal equipment in the interaction system, which is included in the first heterogeneous identity subsystem, and sends the unified identity of the first terminal equipment to the blockchain consensus node corresponding to the heterogeneous identity system to which the first heterogeneous identity subsystem belongs, so that the unified identity of the first terminal equipment is shared among the M blockchain consensus nodes. The second heterogeneous identity subsystem acquires the unified identity of the second terminal equipment in the interaction system, which is included in the second heterogeneous identity subsystem, and sends the unified identity of the second terminal equipment to the blockchain consensus node corresponding to the heterogeneous identity system to which the second heterogeneous identity subsystem belongs, so that the unified identity of the second terminal equipment is shared among the M blockchain consensus nodes; the first heterogeneous part subsystem and the second heterogeneous part subsystem interact based on the unified identity of the first terminal device and the unified identity of the second terminal device; the first heterogeneous identity subsystem and the second heterogeneous identity subsystem belong to two different heterogeneous identity systems in the M heterogeneous identity systems.
I.e. the first heterogeneous identity subsystem and the second heterogeneous identity subsystem belong to any two different heterogeneous identity systems of the M heterogeneous identity systems. In order to achieve interaction of two different heterogeneous subsystems, the heterogeneous subsystems need to acquire the unified identity of the terminal devices they include. So that the heterogeneous identity subsystem can interact based on the unified identity of the terminal device.
Alternatively, the unified identity of the terminal device in the interactive system may be the public key of a public-private key pair. Alternatively, a symmetric key may be used, such as: is the account number, ID, etc. of the terminal device. The unified identity of the terminal device in the interaction system may be different from or the same as the identity of the terminal device in the corresponding heterogeneous identity system, for example: when the identity of the terminal device in the corresponding heterogeneous identity system is its public key. The unified identity of the terminal device in the interactive system is defined as a public key in a public-private key pair, and based on the public key, the terminal device can take the public key of the terminal device in the heterogeneous identity system as the unified identity of the terminal device. In most cases, however, the unified identity of the terminal device in the interactive system is different from its identity in the heterogeneous identity system, for example: when the identity of the terminal equipment in the corresponding heterogeneous identity system is an account number thereof. The unified identity of the terminal equipment in the interactive system is defined as a public key in a public-private key pair, and based on the public key, the terminal equipment cannot take an account number of the terminal equipment in the heterogeneous identity system as the unified identity of the terminal equipment. In this case, the heterogeneous identity subsystem in which the terminal device is located needs to generate a unified identity for the terminal device.
After the heterogeneous identity subsystems acquire the unified identities of the terminal devices, the unified identities of the terminal devices need to be sent to the blockchain consensus nodes corresponding to the heterogeneous identity systems to which the heterogeneous identity subsystems belong, based on the introduction of the technical terms, information can be shared among the blockchain consensus nodes, specifically, fig. 2 is a partial schematic diagram of an interaction system based on the heterogeneous identities provided by an embodiment of the application, a plurality of intelligent contracts (Smart contracts) are also stored on the blockchain, and the intelligent contracts are also called as distributed applications (Distributed Application), and optionally, the intelligent contracts and the blockchain consensus nodes are in one-to-one correspondence, wherein the intelligent contracts and the blockchain consensus nodes can be located on the same physical device or the same logic node, or can be located on different physical devices or different logic nodes, and the application is not limited to the information. The smart contract includes: unified identity of the terminal device; optionally, the smart contract further includes: the status indication information of the unified identity, a summary of the physical identity of the terminal device to be mentioned below, a storage link corresponding to the physical identity, etc. The state indication information of the unified identity is used for indicating whether the unified identity of the terminal equipment is in an enabling state or a non-enabling state and the like.
After the unified identity of the terminal devices is shared among the M blockchain consensus nodes, interactions can be performed between heterogeneous identity subsystems comprising the terminal devices. Optionally, the interaction in the heterogeneous subsystem in the present application may be communication, identity authentication, and transaction interaction.
If the interaction refers to a communication behavior between heterogeneous identity subsystems, the heterogeneous identity subsystems may communicate using existing TLS based on a unified identity of the terminal device involved, which is not limited in this application.
In summary, the present application provides an interaction system based on heterogeneous identities, including: the system comprises M blockchain consensus nodes and M heterogeneous identity systems, wherein the heterogeneous identity systems comprise heterogeneous identity subsystems, the heterogeneous identity subsystems comprise terminal equipment, the heterogeneous identity subsystems can acquire unified identities of the terminal equipment, the unified identities are sent to the blockchain consensus nodes corresponding to the heterogeneous identity systems to which the heterogeneous identity subsystems belong, and the unified identities of the terminal equipment are shared among the M blockchain consensus nodes, so that interaction among the heterogeneous identity subsystems is realized. In this application, need not to set up independent thing networking platform. But M block chain consensus nodes are arranged, and information can be shared among the block chain consensus nodes, so that single-point faults of an Internet of things platform in the prior art are avoided, and the reliability of the whole interaction system is improved.
Alternatively, when the heterogeneous sub-system includes only the terminal device, the execution actions of the heterogeneous sub-system are all executed by the terminal device it includes.
Optionally, when the heterogeneous identity subsystem includes a terminal device, a proxy server and a key escrow center, the executing actions of the heterogeneous identity subsystem are executed by the terminal device, the proxy server and the key escrow center included in the subsystem. The proxy server applies for the unified identity of the terminal device in the interactive system for the terminal device, stores the unified identity in the key escrow center, and can acquire the unified identity from the key escrow center when the unified identity needs to be used. The functions of the terminal equipment, the proxy server and the key escrow center are as follows:
the terminal equipment sends a unified identity request message to the proxy server, wherein the unified identity request message is used for applying for the unified identity for the terminal equipment. Optionally, the unified identity request message includes an ID of the terminal device.
The proxy server forwards the unified identity request message to the key escrow center.
The key escrow center randomly generates a unified identity for the terminal equipment and stores the corresponding relation between the ID of the terminal equipment and the unified identity of the terminal equipment; and sends the unified identity to the proxy server.
The proxy server sends the unified identity of the terminal equipment to the block chain consensus node corresponding to the heterogeneous identity system to which the heterogeneous identity subsystem belongs, so that the unified identity of the terminal equipment is shared among the M block chain consensus nodes. Based on this, the terminal devices or heterogeneous identity subsystems in the respective heterogeneous identity systems may interact based on the unified identity of the shared terminal device.
Further, the interaction between heterogeneous subsystems may be based on the unified identity alone, or may be based on the unified identity and physical identity credentials, for example: when two heterogeneous subsystems need to conduct transactions, the physical identities of the terminal devices included in each other need to be verified between them. When the physical identity of the terminal equipment included by the opposite party is successfully verified by the verification party, interaction actions such as transaction and the like can be performed. Otherwise, the corresponding interaction behavior is not performed.
Based on the above, a physical identity credential needs to be generated for each heterogeneous identity subsystem, where the physical identity credential is used to prove an association relationship between a unified identity of a terminal device included in the heterogeneous identity subsystem and the terminal device, that is, to prove whether the unified identity belongs to the terminal device. While generating physical identification for each heterogeneous subsystem includes two alternative ways:
First alternative: the heterogeneous identity subsystem itself generates the physical identity of the terminal device it comprises.
The second alternative: the physical identity generating device generates a physical identity for the terminal device.
For example: when the unified identity of the terminal device is a public key in a public-private key pair, the terminal device stores the private key in the public-private key pair (instead of storing the private key through the key escrow center), and the secret key of the terminal device in the corresponding heterogeneous identity system is an asymmetric secret key, the heterogeneous identity subsystem can generate the physical identity of the terminal device by itself. Of course, in this case, the physical identity generating device may generate a physical identity of the terminal device.
For example: when the unified identity of the terminal device is a public key in a public-private key pair, the terminal device stores the private key in the public-private key pair (instead of storing the private key through a key escrow center), and the secret key of the terminal device in the corresponding heterogeneous identity system is a symmetric key, the physical identity generation device generates a physical identity of the terminal device for the terminal device.
For example: when the unified identity of the terminal equipment is a public key in a public-private key pair, and the key hosting center stores the private key in the public-private key pair, the physical identity generation equipment generates a physical identity of the terminal equipment for the terminal equipment.
Alternatively, the physical identity generating device provided in the present application may be a CA.
The interactive system is further described below by way of example of the first alternative described above: as shown in connection with fig. 1 and 2, the interactive system further comprises: a processing module 17.
The first heterogeneous identity subsystem generates physical identity evidence of the first terminal equipment according to the unified identity of the first terminal equipment, and generates a summary of the physical identity evidence, wherein the physical identity evidence is used for proving the association relation between the unified identity of the first terminal equipment and the first terminal equipment.
The processing module 17 acquires and stores the physical identity, and generates a link of the physical identity; the link of the physical identification is sent to the first heterogeneous identity subsystem.
The first heterogeneous identification subsystem sends the abstract and the link to the block chain consensus node corresponding to the heterogeneous identity system to which the first heterogeneous identification subsystem belongs, so that the abstract and the link are shared among M block chain consensus nodes.
The second heterogeneous part subsystem acquires the abstract and the link verification physical identity, verifies the physical identity according to the abstract and the link, and sends a message to the first heterogeneous part subsystem when the physical identity is verified successfully.
Optionally, the M heterogeneous subsystems and the N processing modules correspond to each other, where M and N may be equal or unequal, and if M and N are equal, the M heterogeneous subsystems and the N processing modules are in a one-to-one correspondence. It should be noted that fig. 1 only shows a case where the processing module 17 is connected to one heterogeneous identity subsystem, and in fact, the processing module may be connected to a plurality of heterogeneous identity subsystems, which is not limited in this application.
Alternatively, the processing module may be a physical storage device or a logical storage node, which is not limited in this application.
Alternatively, the digest of the physical identification may be a hash of the physical identification.
Optionally, the link of the physical identity is used to find the physical identity.
Alternatively, the first heterogeneous identity subsystem may generate a random symmetric key K, and encrypt the symmetric key K with a uniform identity of the second terminal device, such as a public key in a public-private key pair, to obtain the ciphertext KC. The physical identity is encrypted by K, based on which the physical identity stored by the processing module 17 is the encrypted physical identity. Correspondingly, before verifying the physical identity, the second heterogeneous subsystem decrypts KC by the private key in the public-private key pair to obtain the symmetric key K. And then decrypting the encrypted physical identity through the symmetric key K to obtain the physical identity.
Optionally, the first heterogeneous identity subsystem sends the signature of the message formed by the abstract and the link to the blockchain consensus node corresponding to the heterogeneous identity system to which the first heterogeneous identity subsystem belongs. Based on the signature, the second heterogeneous subsystem acquires the abstract and the link and the signature of the message formed by the abstract and the link, and the second heterogeneous subsystem verifies the signature first, if the signature is verified successfully, the block chain consensus node corresponding to the heterogeneous identity system to which the first heterogeneous subsystem belongs regards the abstract and the link as invalid information.
Optionally, the second heterogeneous identity subsystem obtains the summary and the link in the following manner: the first heterogeneous part subsystem sends an address storing the abstract and the linked intelligent contract and the abstract to the second heterogeneous part subsystem, and the first heterogeneous part subsystem firstly searches the intelligent contract storing the abstract and the linked through the address and then searches the linked through the abstract.
Optionally, as shown in fig. 1 and fig. 2, the blockchain consensus node stores status indication information of the unified identity of the corresponding terminal device, where the status indication information is used to indicate that the unified identity of the terminal device is in an enabled state or a non-enabled state.
Based on the information, the second heterogeneous identity subsystem acquires and stores the unified identity of the first terminal device and the state indication information of the unified identity of the first terminal device, wherein the state indication information is used for indicating whether the unified identity of the first terminal device is in an enabling state or a non-enabling state; correspondingly, if the state indication information indicates that the state of the unified identity of the first terminal device is the starting state, the second heterogeneous identity subsystem detects and acquires physical identity certification corresponding to the link in the processing module. If the state indication information indicates that the state of the unified identity of the first terminal equipment is a non-enabled state, the second heterogeneous identity subsystem does not need to detect the physical identity of the first terminal equipment.
In the application, if the state indication information indicates that the state of the unified identity of the terminal equipment is a non-enabled state, the physical identity of the terminal equipment is not required to be detected. Thereby reducing the resource consumption of the interactive system.
Further, the specific way for the first heterogeneous identity subsystem to generate the physical identity of the first terminal device is as follows:
the first heterogeneous identity subsystem can acquire physical identity authentication of the first terminal equipment by adopting a certain algorithm to the unified identity of the first terminal equipment, so long as the physical identity authentication can prove the association relationship between the unified identity of the first terminal equipment and the first terminal equipment.
Alternatively, the heterogeneous identity system corresponding to the first terminal device may be a PKI-based system or an IBC-based system, etc. The method for generating the physical identity certification by the first heterogeneous identity subsystem is different due to the different heterogeneous identity systems corresponding to the first terminal equipment.
Optionally, if the heterogeneous identity system corresponding to the first terminal device is a public key PKI-based system, the first heterogeneous identity subsystem obtains a PKI certificate of the first terminal device in the corresponding heterogeneous identity system and a signature of the PKI certificate; the public key of the first terminal equipment in the corresponding heterogeneous identity system is signed by the private key of the public-private key pair, and a first signature is obtained; acquiring a second signature obtained by signing a public key of a public-private key pair by a private key of the first terminal equipment in a corresponding heterogeneous identity system; and generating the PKI certificate, the signature of the PKI certificate, the first signature and the second signature into a physical identity certificate of the first terminal equipment.
Wherein the first signature is generated by a system or device that issued the one public-private key pair. The second signature is generated by a heterogeneous identity system corresponding to the first terminal device.
Specifically, the first heterogeneous subsystem actively sends a request message to a CA of its corresponding heterogeneous identity system to request to obtain the PKI certificate of the first terminal device and the signature of the PKI certificate, or the first heterogeneous subsystem does not need to send the request message to the CA, but the CA actively sends the PKI certificate and the signature of the PKI certificate to the first heterogeneous subsystem. Optionally, the signing process of the PKI certificate by the CA includes: the CA calculates a Hash value h1=hash (M) of the PKI certificate M to be signed, and then calculates a signature sig1=sign (sk 1, h 1) by using a private key sk1 of the CA and the Hash value h1, wherein Sign () is a signature algorithm of an asymmetric algorithm. The present application does not limit the signature algorithm.
Further, the process of generating the first signature by the system or device issuing the public-private key pair includes: the device or the system calculates a Hash value h2=hash (pk 2) of a public key pk2 of the first terminal device in a corresponding heterogeneous identity system through a private key sk2 in the public-private key pair, and then calculates a first signature sig2=sign (sk 2, h 2) by using the private key in the public-private key pair and the Hash value h2, wherein Sign () is a signature algorithm of an asymmetric algorithm. The present application does not limit the signature algorithm.
Likewise, the process of generating the second signature by the heterogeneous identity system corresponding to the first terminal device includes; and calculating a Hash value h3=hash (pk 3) of a public-private key pair of the public key pk3 of the first terminal equipment in the corresponding heterogeneous identity system through the private key sk3 of the first terminal equipment, and then calculating a second signature sig3=sign (sk 3, h 3) by using the private key sk3 and the Hash value h3, wherein Sign () is a signature algorithm of an asymmetric algorithm.
Optionally, generating the PKI certificate, the signature of the PKI certificate, the first signature, and the second signature into the physical identification of the first terminal device includes: the PKI certificate, the signature of the PKI certificate, the first signature and the second signature form a physical identity of the first terminal device, namely the physical identity comprises: a PKI certificate, a signature of the PKI certificate, a first signature, and a second signature.
Another alternative is: if the heterogeneous identity system corresponding to the first terminal equipment is an IBC-based system, the first heterogeneous identity subsystem acquires a private key through a public-private key pair to sign a public key of the first terminal equipment in the corresponding heterogeneous identity system, and a first signature is obtained; the method comprises the steps of obtaining a public key of a public-private key pair signed by a private key of first terminal equipment in a corresponding heterogeneous identity system, and obtaining a second signature; and generating the physical identity of the first terminal equipment in the ID, the first signature and the second signature of the corresponding heterogeneous identity system by the first terminal equipment.
Wherein the first signature is generated by a system or device that issued the one public-private key pair. The second signature is generated by a heterogeneous identity system corresponding to the first terminal device.
Specifically, the process of generating a first signature by a system or device that issued the public-private key pair includes; and calculating a public key pk1 of the first terminal equipment in a corresponding heterogeneous identity system through a private key sk2 in the public-private key pair to obtain a Hash value h2=hash (pk 1) of pk1, and then calculating a first signature sig2=sign (sk 2, h 2) by using the private key in the public-private key pair and the Hash value h2, wherein Sign () is a signature algorithm of an asymmetric algorithm. The present application does not limit the signature algorithm.
Likewise, the process of generating the second signature through the heterogeneous identity system corresponding to the first terminal device includes; and calculating a Hash value h3=hash (pk 2) of a public-private key pair through a private key sk3 of the first terminal equipment in a corresponding heterogeneous identity system, and then calculating a second signature sig3=sign (sk 3, h 3) by using the private key sk3 and the Hash value h3, wherein Sign () is a signature algorithm of an asymmetric algorithm.
Optionally, generating the physical identification of the first terminal device by using the ID, the first signature and the second signature of the corresponding heterogeneous identity system, including: the ID, the first signature and the second signature of the first terminal equipment in the corresponding heterogeneous identity system are combined into physical identity authentication of the first terminal equipment, namely the physical identity authentication comprises: the first terminal device is provided with an ID, a first signature and a second signature of the corresponding heterogeneous identity system.
Further, based on the manner that the first heterogeneous identity subsystem generates the physical identity of the first terminal device, the second heterogeneous identity subsystem has a corresponding function of verifying the physical identity, which is specifically as follows:
optionally, the unified identity of the first terminal device is a public key of a public-private key pair; the second heterogeneous identity subsystem acquires a public key of a heterogeneous identity system corresponding to the first terminal device, a public key of the first terminal device in the corresponding heterogeneous identity system and a public key of a public-private key pair. Correspondingly, the second heterogeneous identity subsystem detects and acquires physical identity corresponding to the link in the processing module; calculating the abstract of the physical identity; if the abstract of the physical identity certificate obtained through calculation is the same as the abstract of the physical identity certificate stored by the blockchain consensus node corresponding to the heterogeneous identity system to which the first heterogeneous identity subsystem belongs, verifying the physical identity certificate according to the public key of the heterogeneous identity system corresponding to the first terminal equipment, the public key of the first terminal equipment in the corresponding heterogeneous identity system and the public key of a public-private key pair.
If the heterogeneous identity system corresponding to the first terminal device is a PKI-based system, the public key of the heterogeneous identity system refers to the public key of the CA in the heterogeneous identity system. If the heterogeneous identity system is an IBC-based system, the public key of the heterogeneous identity system refers to the global public key in the heterogeneous identity system.
Further, if the heterogeneous identity system corresponding to the first terminal device is a PKI-based system or an IBC-based system, the verification of the physical identity by the second heterogeneous identity subsystem is specifically divided into the following two cases:
1. the second heterogeneous identity subsystem verifies the PKI certificate signature according to the public key and the PKI certificate of the heterogeneous identity system corresponding to the first terminal equipment, and verifies the first signature and the second signature according to the public key of a public-private key pair and the public key of the first terminal equipment in the corresponding heterogeneous identity system; if the PKI signature, the first signature and the second signature are all verified successfully, the physical identity authentication is determined to be verified successfully.
Specifically, assume that the second heterogeneous subsystem receives a signed message (M, sig 1), where M represents a PKI certificate, sig1 represents a signature on the PKI certificate, while the second heterogeneous subsystem can obtain the public key pk1 of the CA. Based on this, the second heterogeneous subsystem first calculates a Hash value h1=hash (M) of M, and then invokes a verification algorithm Verify (pk 1, h1, sig 1) of the asymmetric algorithm. The Verify () algorithm returns a boolean value, if the value is true, the PKI certificate signature verification is successful; if the value is false, PKI certificate signature verification fails.
Similarly, the verification process for the first signature is: the second heterogeneous identity subsystem firstly calculates a hash value h2 of a public key of the first terminal device in the corresponding heterogeneous identity system, and acquires a public key pk2 of the public-private key pair. The verification algorithm Verify (pk 2, h2, sig 2) of the asymmetric algorithm is then invoked. sig2 is the first signature. The Verify () algorithm returns a boolean value and if the value is true, the first signature verification is successful; if the value is false, the first signature verification fails.
The verification process for the second signature is: the second heterogeneous identity subsystem firstly calculates a hash value h3 of a public key of the public-private key pair, and obtains a public key pk3 of the first terminal device in the corresponding heterogeneous identity system. The verification algorithm Verify (pk 3, h3, sig 3) of the asymmetric algorithm is then invoked. Sig3 is the second signature. The Verify () algorithm returns a boolean value and if the value is true, the second signature verification is successful; if the value is false, the second signature verification fails.
And finally, if the PKI signature, the first signature and the second signature are verified successfully, determining that the physical identity authentication of the first terminal equipment is verified successfully.
2. The second heterogeneous identity subsystem determines the public key of the first terminal equipment in the corresponding heterogeneous identity system according to the public key of the corresponding heterogeneous identity system of the first terminal equipment and the ID of the first terminal equipment in the corresponding heterogeneous identity system; verifying the first signature according to the public key of a public-private key pair and the public key of the first terminal equipment in the corresponding heterogeneous identity system, and verifying the second signature according to the public key of the first terminal equipment in the corresponding heterogeneous identity system; if the first signature and the second signature are successfully verified, the physical identity authentication is determined to be successfully verified.
Specifically, the public key of the first terminal device in the corresponding heterogeneous identity system can be determined according to the public key of the heterogeneous identity system corresponding to the first terminal device and the identity identifier of the first terminal device in the corresponding heterogeneous identity system by adopting the prior art, which is not limited in the application.
The verification process for the first signature is: the second heterogeneous identity subsystem firstly calculates a hash value h2 of a public key of the first terminal device in the corresponding heterogeneous identity system, and acquires a public key pk2 of the public-private key pair. The verification algorithm Verify (pk 2, h2, sig 2) of the asymmetric algorithm is then invoked. sig2 is the first signature. The Verify () algorithm returns a boolean value and if the value is true, the first signature verification is successful; if the value is false, the first signature verification fails.
The verification process for the second signature is: the second heterogeneous identity subsystem firstly calculates a hash value h3 of a public key of the public-private key pair, and obtains a public key pk3 of the first terminal device in the corresponding heterogeneous identity system. The verification algorithm Verify (pk 3, h3, sig 2) of the asymmetric algorithm is then invoked. Sig3 is the second signature. The Verify () algorithm returns a boolean value and if the value is true, the second signature verification is successful; if the value is false, the second signature verification fails.
And finally, if the PKI signature, the first signature and the second signature are verified successfully, determining that the physical identity authentication of the first terminal equipment is verified successfully.
Further, the second heterogeneous identity subsystem may also generate a physical identity of the second terminal device, and correspondingly, the first heterogeneous identity subsystem may also verify the physical identity of the second terminal device. The method for generating the physical identity of the second terminal device by the second heterogeneous part subsystem is similar to the method for generating the physical identity of the first terminal device by the first heterogeneous part subsystem, and the method for verifying the physical identity of the second terminal device by the first heterogeneous part subsystem is similar to the method for verifying the physical identity of the first terminal device by the second heterogeneous part subsystem, which is not repeated in the application.
Alternatively, when the heterogeneous sub-system includes only the terminal device, the execution actions of the heterogeneous sub-system are all executed by the terminal device it includes.
Optionally, when the heterogeneous identity subsystem includes a terminal device, a proxy server and a key escrow center, the executing actions of the heterogeneous identity subsystem are executed by the terminal device, the proxy server and the key escrow center included in the subsystem. The functions of the terminal equipment, the proxy server and the key escrow center are as follows:
The first heterogeneous identity subsystem is assumed to comprise: taking a heterogeneous identity system corresponding to the first terminal device as a PKI-based system as an example, the process of generating physical identity credentials by the first heterogeneous identity system is as follows: the first proxy server sends a physical identity request message to the CA, wherein the physical identity request message comprises: an ID and a unified identity of the first terminal device; the CA generates a PKI certificate and a PKI certificate signature for the first terminal equipment according to the ID and the unified identity of the first terminal equipment; the CA sends the PKI certificate and the PKI certificate signature to a first proxy server; the first proxy server obtains a first signature and a second signature. Finally, the first proxy server generates a physical identity of the first terminal device from the PKI certificate, the signature of the PKI certificate, the first signature and the second signature.
Accordingly, it is assumed that the second heterogeneous portion subsystem includes: the first heterogeneous identity system verifies the physical identity of the first terminal device by the following steps of: the second proxy server verifies the PKI certificate signature according to the public key and the PKI certificate of the heterogeneous identity system corresponding to the first terminal equipment, and verifies the first signature and the second signature according to the public key of a public-private key pair and the public key of the first terminal equipment in the corresponding heterogeneous identity system; if the PKI signature, the first signature and the second signature are all verified successfully, the physical identity authentication is determined to be verified successfully. The specific step of verifying the physical identity of the first terminal device by the second proxy server refers to the above, which is not limited in this application.
In summary, in the application, the heterogeneous identity subsystems can generate the physical identity of the terminal equipment included in the heterogeneous identity subsystems, other heterogeneous identity subsystems can verify the physical identity, when verification is successful, interaction can be performed between the heterogeneous identity subsystems, and when verification fails, interaction cannot be performed between the heterogeneous identity subsystems, so that the reliability of the whole interaction system is improved.
The interactive system is further described below by taking as an example a second alternative way of generating physical identity credentials by the heterogeneous identity subsystem: fig. 3 is a partial schematic view of an interaction system based on heterogeneous identities according to another embodiment of the present application, and in combination with fig. 1, fig. 2 and fig. 3, optionally, the interaction system further includes: a processing module 17 and a physical identity generating device 18; it should be noted that the heterogeneous identity subsystem may have a corresponding physical identity generating device 18, in which case the physical identity generating device 18 may generate a physical identity for the corresponding heterogeneous identity subsystem. Optionally, the physical identity generating device 18 is a CA.
Specifically, the physical identity generating device 18 obtains the unified identity of the first terminal device, and generates a physical identity certificate of the first terminal device according to the unified identity of the first terminal device, where the physical identity certificate is used to prove an association relationship between the unified identity of the first terminal device and the first terminal device.
The first heterogeneous identity subsystem acquires physical identity evidence and generates a summary of the physical identity evidence.
The processing module 17 acquires and stores the physical identity, and generates a link of the physical identity; the link of the physical identification is sent to the first heterogeneous identity subsystem.
The first heterogeneous identification subsystem sends the abstract and the link to the block chain consensus node corresponding to the heterogeneous identity system to which the first heterogeneous identification subsystem belongs, so that the abstract and the link are shared among M block chain consensus nodes.
The second heterogeneous part subsystem acquires the abstract and the link, verifies the physical identity according to the abstract and the link, and sends a message to the first heterogeneous part subsystem when the physical identity is verified successfully.
Optionally, the M heterogeneous subsystems and the N processing modules correspond to each other, where M and N may be equal or unequal, and if M and N are equal, the M heterogeneous subsystems and the N processing modules are in a one-to-one correspondence.
Alternatively, the processing module may be a physical storage device or a logical storage node, which is not limited in this application.
Alternatively, the digest of the physical identification may be a hash of the physical identification.
Optionally, the link of the physical identity is used to find the physical identity.
Alternatively, the first heterogeneous identity subsystem may generate a random symmetric key K, and encrypt the symmetric key K with a uniform identity of the second terminal device, such as a public key in a public-private key pair, to obtain the ciphertext KC. The physical identity is encrypted by K, based on which the physical identity stored by the processing module 17 is the encrypted physical identity. Correspondingly, before verifying the physical identity, the second heterogeneous subsystem decrypts KC by the private key in the public-private key pair to obtain the symmetric key K. And then decrypting the encrypted physical identity through the symmetric key K to obtain the physical identity.
Optionally, the first heterogeneous identity subsystem sends the signature of the message formed by the abstract and the link to the blockchain consensus node corresponding to the heterogeneous identity system to which the first heterogeneous identity subsystem belongs. Based on the signature, the second heterogeneous subsystem acquires the abstract and the link and the signature of the message formed by the abstract and the link, and the second heterogeneous subsystem verifies the signature first, if the signature is verified successfully, the block chain consensus node corresponding to the heterogeneous identity system to which the first heterogeneous subsystem belongs regards the abstract and the link as invalid information.
Optionally, the second heterogeneous identity subsystem obtains the summary and the link in the following manner: the first heterogeneous part subsystem sends an address storing the abstract and the linked intelligent contract and the abstract to the second heterogeneous part subsystem, and the first heterogeneous part subsystem firstly searches the intelligent contract storing the abstract and the linked through the address and then searches the linked through the abstract.
Optionally, as shown in fig. 2 and fig. 3, the blockchain consensus node stores status indication information of the unified identity of the corresponding terminal device, where the status indication information is used to indicate that the unified identity of the terminal device is in an enabled state or a non-enabled state.
Based on the information, the second heterogeneous identity subsystem acquires and stores the unified identity of the first terminal device and the state indication information of the unified identity of the first terminal device, wherein the state indication information is used for indicating whether the unified identity of the first terminal device is in an enabling state or a non-enabling state; correspondingly, if the state indication information indicates that the state of the unified identity of the first terminal device is the starting state, the second heterogeneous identity subsystem detects and acquires physical identity certification corresponding to the link in the processing module. If the state indication information indicates that the state of the unified identity of the first terminal equipment is a non-enabled state, the physical identity of the first terminal equipment does not need to be detected.
In the application, if the state indication information indicates that the state of the unified identity of the terminal equipment is a non-enabled state, the physical identity of the terminal equipment is not required to be detected. Thereby reducing the resource consumption of the interactive system.
Further, the specific way for the physical identity generating device to generate the physical identity of the first terminal device is as follows:
the physical identity generating device can acquire the physical identity of the first terminal device by adopting a certain algorithm to the unified identity of the first terminal device, so long as the physical identity can prove the association relationship between the unified identity of the first terminal device and the first terminal device.
Alternatively, the heterogeneous identity system corresponding to the first terminal device may be a PKI-based system, an IBC-based system, an account password-based system, an IMSI-based system, or the like. The manner in which the physical identity generating device generates the physical identity is as follows:
optionally, the unified identity of the first terminal device is a public key of a public-private key pair; the physical identity generating device 18 obtains the ID of the first terminal device in the corresponding heterogeneous identity system and the public key of the public-private key pair; signing the ID of the first terminal equipment in the corresponding heterogeneous identity system and the public key in the public-private key pair according to the private key of the physical identity generating equipment 18 to obtain a first signature; and generating a physical identity certificate by the first terminal equipment in the ID of the corresponding heterogeneous identity system, the public key in the public-private key pair and the first signature.
Wherein signing the ID of the first terminal device in the corresponding heterogeneous identity system and the public key of the public-private key pair according to the private key of the physical identity generating device 18 includes: the physical identity generating device 18 calculates, by means of its private key sk1, a Hash value h1=hash (M) of M for the ID of the first terminal device to be signed in the corresponding heterogeneous identity system and the public key M in the public-private key pair, and then calculates, by means of the private key sk1 and the Hash value h1 of CA, a first signature sig1=sign (sk 1, h 1), wherein Sign () is a signature algorithm of an asymmetric algorithm. The present application does not limit the signature algorithm.
Optionally, generating the physical identification of the first terminal device in the ID of the corresponding heterogeneous identity system, the public key of the public-private key pair and the first signature includes: the first terminal equipment forms a physical identity of the first terminal equipment by the ID of the corresponding heterogeneous identity system, the public key of the public-private key pair and the first signature, namely the physical identity of the first terminal equipment comprises: the first terminal equipment is provided with the ID of the corresponding heterogeneous identity system, the public key in the public-private key pair and the first signature.
Optionally, the second heterogeneous identity subsystem acquires a public key of a heterogeneous identity system corresponding to the first terminal device; correspondingly, the second heterogeneous identity subsystem detects and acquires physical identity corresponding to the link in the processing module 17; calculating the abstract of the physical identity; if the abstract of the physical identity certificate obtained through calculation is the same as the abstract of the physical identity certificate stored by the blockchain consensus node corresponding to the heterogeneous identity system to which the first heterogeneous identity subsystem belongs, verifying the physical identity certificate according to the public key of the heterogeneous identity system corresponding to the first terminal equipment.
Optionally, the second heterogeneous identity subsystem determines a heterogeneous identity system corresponding to the first terminal device according to the unified identity of the first terminal device, and sends a request message to the heterogeneous identity system to request to acquire the public key of the heterogeneous identity system. If the heterogeneous identity system corresponding to the first terminal device is a PKI-based system, the public key of the heterogeneous identity system refers to the public key of the CA in the heterogeneous identity system. If the heterogeneous identity system is an IBC-based system, the public key of the heterogeneous identity system refers to the global public key in the heterogeneous identity system.
Optionally, the physical identity verification process according to the public key of the heterogeneous identity system corresponding to the first terminal device is: as described above, the physical identification includes: the first terminal equipment is provided with the ID of the corresponding heterogeneous identity system, the public key in the public-private key pair and the first signature. After the second heterogeneous identity subsystem obtains the physical identity, based on the physical identity, the second heterogeneous identity subsystem firstly calculates a Hash value h1=hash (M) of a message M formed by the ID of the first terminal device in the corresponding heterogeneous identity system and the public key in the public-private key pair, and then invokes a verification algorithm Verify (pk 1, h1, sig 2) of the asymmetric algorithm, wherein sig2 is the first signature. Wherein pk1 is the public key of the heterogeneous identity system to which the first terminal device corresponds. The Verify () algorithm returns a boolean value, if the value is true, the physical proof verification is successful; if the value is false, the physical identification verification fails.
Alternatively, when the heterogeneous sub-system includes only the terminal device, the execution actions of the heterogeneous sub-system are all executed by the terminal device it includes.
Optionally, when the heterogeneous identity subsystem includes a terminal device, a proxy server and a key escrow center, the executing actions of the heterogeneous identity subsystem are executed by the terminal device, the proxy server and the key escrow center included in the subsystem. The functions of the terminal equipment, the proxy server and the key escrow center are as follows:
the first proxy server in the first heterogeneous identity subsystem acquires the physical identity of the first terminal device, and the first proxy server proxies the first terminal device to interact with the second heterogeneous identity subsystem. A second proxy server in the second heterogeneous identity subsystem verifies the physical identification.
In summary, in the present application, the physical identity generating device may generate a physical identity of a terminal device included in the heterogeneous identity subsystem, where other heterogeneous identity subsystems may verify the physical identity, and when verification is successful, interaction may be performed between the heterogeneous identity subsystems, and when verification fails, interaction may not be performed between the heterogeneous identity subsystems, thereby improving reliability of the whole interaction system.
Optionally, the interaction system further includes a certificate issuing device, when a heterogeneous identity system needs to join the interaction system, the certificate issuing device issues a certificate to the heterogeneous identity system, and deploys a blockchain consensus node for the heterogeneous identity system, so as to implement interaction between a heterogeneous identity subsystem in the heterogeneous identity system and heterogeneous identity subsystems in other heterogeneous identity systems.
The following describes an interaction method based on heterogeneous identity, which is specifically as follows:
fig. 4 is an interaction flow chart of an interaction method based on heterogeneous identities according to an embodiment of the present application, where the method is performed by the interaction system based on heterogeneous identities, specifically, as shown in fig. 4, the method includes the following steps:
step S401: the first heterogeneous identity subsystem acquires the unified identity of first terminal equipment in the interaction system, wherein the first terminal equipment is included in the first heterogeneous identity subsystem;
step S402: the first heterogeneous identity subsystem sends the unified identity of the first terminal device to a blockchain consensus node (called a first blockchain consensus node in the application) corresponding to a heterogeneous identity system to which the first heterogeneous identity subsystem belongs, so that the unified identity of the first terminal device is shared among M blockchain consensus nodes;
Step S403: the second heterogeneous identity subsystem acquires the unified identity of second terminal equipment in the interaction system, wherein the second terminal equipment is included in the second heterogeneous identity subsystem;
step S404: the second heterogeneous identity subsystem sends the unified identity of the second terminal device to a blockchain consensus node (called a second blockchain consensus node in the application) corresponding to a heterogeneous identity system to which the second heterogeneous identity subsystem belongs, so that the unified identity of the second terminal device is shared among M blockchain consensus nodes;
step S405: the first heterogeneous identity subsystem and the second heterogeneous identity subsystem interact based on the unified identity of the first terminal device and the unified identity of the second terminal device.
The first heterogeneous identity subsystem and the second heterogeneous identity subsystem belong to two different heterogeneous identity systems in the M heterogeneous identity systems.
The interaction method based on the heterogeneous identity can be executed by the interaction system based on the heterogeneous identity, and the corresponding content and effect are the same as those of the interaction system based on the heterogeneous identity, and are not repeated here.
Alternatively, when the heterogeneous sub-system includes only the terminal device, the executing steps of the heterogeneous sub-system are all executed by the terminal device it includes.
Optionally, when the heterogeneous identity subsystem includes a terminal device, a proxy server and a key escrow center, the executing actions of the heterogeneous identity subsystem are executed by the terminal device, the proxy server and the key escrow center included in the subsystem. The first heterogeneous identity subsystem is assumed to comprise: first terminal device, first proxy server and first key escrow center: the second heterogeneous identity subsystem only comprises a second terminal device, and the method specifically comprises the following steps: specifically, fig. 5 is an interaction flow chart of an interaction method based on heterogeneous identities according to another embodiment of the present application, where the method is performed by the interaction system based on heterogeneous identities, and specifically, as shown in fig. 5, the method includes the following steps:
step S501: the first terminal equipment sends a unified identity request message to a first proxy server;
the unified identity request message is used for applying for the unified identity for the terminal equipment. Optionally, the unified identity request message includes an ID of the terminal device.
Step S502: the first proxy server forwards the unified identity request message to the first key escrow center;
step S503: the first key escrow center randomly generates a unified identity for the terminal equipment and stores the corresponding relation between the ID of the terminal equipment and the unified identity of the terminal equipment;
Step S504: the first key escrow center sends the unified identity to a first proxy server;
step S505: the first proxy server sends the unified identity of the first terminal device to a blockchain consensus node (referred to as a first blockchain consensus node in the application) corresponding to a heterogeneous identity system to which the first heterogeneous identity subsystem belongs, so that the unified identity of the first terminal device is shared among the M blockchain consensus nodes.
Step S506: the second terminal equipment acquires the unified identity of the second terminal equipment in the interactive system;
step S507: the second terminal equipment sends the unified identity of the second terminal equipment to a block chain consensus node (called a second block chain consensus node in the application) corresponding to a heterogeneous identity system to which the second heterogeneous identity subsystem belongs, so that the unified identity of the second terminal equipment is shared among M block chain consensus nodes;
step S508: the first proxy server and the second terminal device interact based on the unified identity of the first terminal device and the unified identity of the second terminal device.
The interaction method based on the heterogeneous identity can be executed by the interaction system based on the heterogeneous identity, and the corresponding content and effect are the same as those of the interaction system based on the heterogeneous identity, and are not repeated here.
Further, the interaction between heterogeneous subsystems may be based on the unified identity alone, or may be based on the unified identity and physical identity credentials, for example: when two heterogeneous subsystems need to conduct transactions, the physical identities of the terminal devices included in each other need to be verified between them. When the physical identity of the terminal equipment included by the opposite party is successfully verified by the verification party, interaction actions such as transaction and the like can be performed. Otherwise, the corresponding interaction behavior is not performed.
Based on the above, a physical identity credential needs to be generated for each heterogeneous identity subsystem, where the physical identity credential is used to prove an association relationship between a unified identity of a terminal device included in the heterogeneous identity subsystem and the terminal device, that is, to prove whether the unified identity belongs to the terminal device. While generating physical identification for each heterogeneous subsystem includes two alternative ways:
first alternative: the heterogeneous identity subsystem itself generates the physical identity of the terminal device it comprises.
The second alternative: the physical identity generating device generates a physical identity for the terminal device.
Based on the first alternative, fig. 6 is an interaction flow chart of an interaction method based on heterogeneous identities according to still another embodiment of the present application, where the method is performed by the interaction system based on heterogeneous identities, where the interaction system further includes: a processing module; specifically, as shown in fig. 6, the step 405 includes the following steps:
Step S601: the first heterogeneous identity subsystem generates physical identity evidence of the first terminal equipment according to the unified identity of the first terminal equipment, and generates a summary of the physical identity evidence;
the physical identification is used for proving the association relation between the unified identity of the first terminal device and the first terminal device.
Step S602: the processing module acquires physical identity evidence of the first terminal equipment;
step S603: the processing module stores the physical identity and generates a link of the physical identity;
step S604: the processing module sends the link of the physical identity to the first heterogeneous identity subsystem;
step S605: the first heterogeneous identification subsystem sends the abstract and the link to a first block chain consensus node; so that the summary and links are shared among the M blockchain consensus nodes;
step S606: the second heterogeneous identity subsystem acquires the abstract and the link of the first heterogeneous identity system from the second blockchain consensus node;
step S607: the second heterogeneous part subsystem verifies physical identity evidence according to the abstract and the link;
step S608: and the second heterogeneous subsystem sends a message to the first heterogeneous subsystem when the physical identity authentication is successful.
Optionally, the unified identity of the first terminal device is a public key of a public-private key pair; the second heterogeneous identity subsystem acquires a public key of a heterogeneous identity system corresponding to the first terminal equipment, a public key of the first terminal equipment in the corresponding heterogeneous identity system and a public key of a public-private key pair; accordingly, step S607 includes: detecting and acquiring physical identity evidence corresponding to the link in a processing module; calculating the abstract of the physical identity; if the abstract of the physical identity certificate obtained through calculation is the same as the abstract of the physical identity certificate stored by the blockchain consensus node corresponding to the heterogeneous identity system to which the first heterogeneous identity subsystem belongs, verifying the physical identity certificate according to the public key of the heterogeneous identity system corresponding to the first terminal equipment, the public key of the first terminal equipment in the corresponding heterogeneous identity system and the public key of a public-private key pair.
Optionally, if the heterogeneous identity system corresponding to the first terminal device is a PKI-based system, step S601: acquiring a PKI certificate of the first terminal equipment in a corresponding heterogeneous identity system and signing the PKI certificate; the public key of the first terminal equipment in the corresponding heterogeneous identity system is signed by the private key of the public-private key pair, and a first signature is obtained; acquiring a second signature obtained by signing a public key of a public-private key pair according to a private key of the first terminal equipment in a corresponding heterogeneous identity system; and generating the PKI certificate, the signature of the PKI certificate, the first signature and the second signature into a physical identity certificate of the first terminal equipment.
Accordingly, step S607 includes: verifying the PKI certificate signature according to the public key and the PKI certificate of the heterogeneous identity system corresponding to the first terminal equipment, and verifying the first signature and the second signature according to the public key of a public-private key pair and the public key of the first terminal equipment in the corresponding heterogeneous identity system; if the PKI signature, the first signature and the second signature are all verified successfully, the physical identity authentication is determined to be verified successfully.
Optionally, if the heterogeneous identity system corresponding to the first terminal device is an IBC-based system, step S601 includes: the public key of the first terminal equipment in the corresponding heterogeneous identity system is signed by the private key of the public-private key pair, and a first signature is obtained; acquiring a second signature obtained by signing a public key of a public-private key pair by a private key of first terminal equipment in a corresponding heterogeneous identity system; and generating a physical identity certificate of the first terminal equipment by the identity identifier, the first signature and the second signature of the first terminal equipment in the corresponding heterogeneous identity system.
Accordingly, step S607 includes: determining the public key of the first terminal equipment in the corresponding heterogeneous identity system according to the public key of the corresponding heterogeneous identity system of the first terminal equipment and the identity mark of the first terminal equipment in the corresponding heterogeneous identity system; verifying the first signature and the second signature according to the public key of a public-private key pair and the public key of the first terminal equipment in the corresponding heterogeneous identity system; if the first signature and the second signature are successfully verified, the physical identity authentication is determined to be successfully verified.
Optionally, the method further comprises: the first block chain consensus node acquires and stores a unified identity of the first terminal equipment and state indication information of the unified identity of the first terminal equipment, wherein the state indication information is used for indicating whether the unified identity of the first terminal equipment is in an enabling state or a non-enabling state; correspondingly, if the state indication information indicates that the state of the unified identity of the first terminal device is the starting state, the second heterogeneous identity subsystem detects and acquires physical identity certification corresponding to the link in the processing module.
Based on the second alternative, fig. 7 is an interaction flow chart of an interaction method based on heterogeneous identities according to still another embodiment of the present application, where the method is performed by the interaction system based on heterogeneous identities, where the interaction system further includes: a processing module and a physical identity generating device; specifically, as shown in fig. 7, the step 405 includes the following steps:
step S701: the physical identity generating device acquires the unified identity of the first terminal device from the first heterogeneous identity subsystem;
step S702: the physical identity generating device generates a physical identity certificate of the first terminal device according to the unified identity of the first terminal device;
The physical identity certification is used for proving the association relation between the unified identity of the first terminal equipment and the first terminal equipment;
step S703: the first heterogeneous identity subsystem acquires physical identity evidence from the physical identity generating equipment;
step S704: the first heterogeneous identity subsystem generates a summary of the physical identity;
step S705: the processing module acquires physical identity;
step S706: the processing module stores the physical identity and generates a link of the physical identity;
step S707: the processing module sends the link of the physical identity to the first heterogeneous identity subsystem;
step S708: the first heterogeneous identification subsystem sends the abstract and the link to a first block chain consensus node; so that the summary and links are shared among the M blockchain consensus nodes;
step S709: the second heterogeneous sub-system obtains the abstract and the link from the second blockchain consensus node;
step S710: the second heterogeneous part subsystem verifies physical identity evidence according to the abstract and the link;
step S711: and the second heterogeneous subsystem sends a message to the first heterogeneous subsystem when the physical identity authentication is successful.
Optionally, step S710 further includes: the second heterogeneous identity subsystem acquires a public key of a heterogeneous identity system corresponding to the first terminal equipment; accordingly, step S710 includes: detecting and acquiring physical identity evidence corresponding to the link in a processing module; calculating the abstract of the physical identity; if the abstract of the physical identity certificate obtained through calculation is the same as the abstract of the physical identity certificate stored by the blockchain consensus node corresponding to the heterogeneous identity system to which the first heterogeneous identity subsystem belongs, verifying the physical identity certificate according to the public key of the heterogeneous identity system corresponding to the first terminal equipment.
Optionally, the unified identity of the first terminal device is a public key of a public-private key pair; step S702 includes: acquiring an identity identifier of a first terminal device in a corresponding heterogeneous identity system and a public key in a public-private key pair; signing the identity mark of the first terminal equipment in the corresponding heterogeneous identity system and the public key in a public-private key pair according to the private key of the physical identity generating equipment to obtain a first signature; and generating a physical identity certificate by the first terminal equipment in the identity identifier of the corresponding heterogeneous identity system, the public key in a public-private key pair and the first signature.
Optionally, step S710 further includes: the first block chain consensus node acquires and stores a unified identity of the first terminal equipment and state indication information of the unified identity of the first terminal equipment, wherein the state indication information is used for indicating whether the unified identity of the first terminal equipment is in an enabling state or a non-enabling state; correspondingly, step S701 includes: if the state indication information indicates that the state of the unified identity of the first terminal equipment is an enabling state, the third heterogeneous identity subsystem detects and acquires physical identity certification corresponding to the link in the processing module.
Optionally, the first heterogeneous identity system comprises only the first terminal device; or the first heterogeneous identity system comprises a first terminal device, a proxy server of the first terminal device and a key escrow center; the second heterogeneous identity system only comprises second terminal equipment; alternatively, the second heterogeneous identity system comprises a second terminal device, a proxy server of the second terminal device, and a key escrow center.
The interaction method based on the heterogeneous identity can be executed by the interaction system based on the heterogeneous identity, and the corresponding content and effect are the same as those of the interaction system based on the heterogeneous identity, and are not repeated here.
Fig. 8 is a schematic structural diagram of a first heterogeneous identity subsystem 80 according to an embodiment of the present application, and as shown in fig. 8, the first heterogeneous identity subsystem 80 includes: an acquisition module 81, a transmission module 82 and a reception module 83.
The obtaining module 81 is configured to obtain a unified identity of a first terminal device included in the first heterogeneous identity subsystem in the interaction system.
The sending module 82 is configured to send the unified identity of the first terminal device to a blockchain consensus node corresponding to a heterogeneous identity system to which the first heterogeneous identity subsystem belongs, so that the unified identity of the first terminal device is shared among the M blockchain consensus nodes.
The obtaining module 81 is further configured to obtain a unified identity of the second terminal device.
The sending module 82 is configured to send a message to the second heterogeneous subsystem to which the second terminal device belongs based on the unified identity of the first terminal device and the unified identity of the second terminal device, or the receiving module 83 is configured to receive the message sent by the second heterogeneous subsystem.
Optionally, the first heterogeneous identity subsystem 80 further includes a generation module 84.
The generating module 84 is configured to generate a physical identification of the first terminal device according to the unified identity of the first terminal device, and generate a summary of the physical identification, where the physical identification is used to prove an association relationship between the unified identity of the first terminal device and the first terminal device.
The obtaining module 81 is further configured to obtain a link of the physical identification of the first terminal device.
The sending module 82 is further configured to send the summary and the link to a blockchain consensus node corresponding to the heterogeneous identity system to which the first heterogeneous identity subsystem belongs, so that the summary and the link are shared among the M blockchain consensus nodes.
Further, when the physical identification is verified by the second heterogeneous subsystem, the receiving module 83 is further configured to receive a message sent by the second heterogeneous subsystem.
Optionally, if the heterogeneous identity system corresponding to the first terminal device is a system based on public key infrastructure PKI, the obtaining module 81 is specifically configured to obtain a PKI certificate of the first terminal device in the corresponding heterogeneous identity system and a signature of the PKI certificate; the method comprises the steps of obtaining a public key of a public-private key pair to sign a public key of first terminal equipment in a corresponding heterogeneous identity system, and obtaining a first signature; and obtaining a second signature obtained by signing the public key of a public-private key pair by the private key of the first terminal equipment in the corresponding heterogeneous identity system.
The generating module 84 is specifically configured to generate the PKI certificate, the signature of the PKI certificate, the first signature, and the second signature into a physical identification of the first terminal device.
Optionally, if the heterogeneous identity system corresponding to the first terminal device is an IBC-based system, the obtaining module 81 is specifically configured to obtain a first signature obtained by signing, with a private key of a public-private key pair, a public key of the first terminal device in the corresponding heterogeneous identity system; and obtaining a second signature obtained by signing the public key of a public-private key pair by the private key of the first terminal equipment in the corresponding heterogeneous identity system.
The generating module 84 is specifically configured to generate the physical identity of the first terminal device from the identity, the first signature and the second signature of the corresponding heterogeneous identity system.
Optionally, the obtaining module 81 is further configured to obtain a physical identification.
The generating module 84 is configured to generate a digest of the physical identification; the acquisition module is also used for acquiring links of the physical identity.
The sending module 82 is configured to send the summary and the link to the blockchain consensus node corresponding to the heterogeneous identity system to which the first heterogeneous identity subsystem belongs, so that the summary and the link are shared among the M blockchain consensus nodes.
Further, when the physical identification is verified by the second heterogeneous subsystem, the receiving module 83 is further configured to receive a message sent by the second heterogeneous subsystem.
Optionally, the first heterogeneous identity subsystem comprises only the first terminal device; alternatively, the first heterogeneous identity subsystem includes a first terminal device, a first proxy server of the first terminal device, and a first key escrow center.
The implementation principle and the technical effect of the first heterogeneous identity subsystem provided by the application can refer to the implementation principle and the technical effect of the interaction system based on heterogeneous identities, and are not repeated here.
Fig. 9 is a schematic structural diagram of a second heterogeneous portion subsystem 90 according to an embodiment of the present application, and as shown in fig. 9, the second heterogeneous portion subsystem 90 includes: an acquisition module 91, a transmission module 92 and a reception module 93.
The obtaining module 91 is configured to obtain a unified identity of a second terminal device included in the second heterogeneous identity subsystem in the interaction system.
The sending module 92 is configured to send the unified identity of the second terminal device to a blockchain consensus node corresponding to a heterogeneous identity system to which the second heterogeneous identity subsystem belongs, so that the unified identity of the second terminal device is shared among the M blockchain consensus nodes.
The obtaining module 91 is further configured to obtain a unified identity of the first terminal device.
The sending module 92 is further configured to send a message to the first heterogeneous subsystem to which the first terminal device belongs based on the unified identity of the first terminal device and the unified identity of the second terminal device, or the receiving module 93 is configured to receive the message sent by the first heterogeneous subsystem.
Optionally, the second heterogeneous identity subsystem further includes a verification module 94.
The obtaining module 91 is further configured to obtain a summary and a link of the physical identification of the first terminal device.
The verification module 94 is used to verify the physical identification based on the digest and the link.
The sending module 92 is further configured to send a message to the first heterogeneous subsystem when the physical identification verification is successful.
Optionally, the second heterogeneous portion subsystem further comprises: a detection module 95 and a calculation module 96.
The unified identity of the first terminal equipment is a public key in a public-private key pair; the obtaining module 91 is further configured to obtain a public key of a heterogeneous identity system corresponding to the first terminal device, a public key of the first terminal device in the corresponding heterogeneous identity system, and a public key of a public-private key pair.
Correspondingly, the detection module 95 is configured to detect and obtain the physical identification corresponding to the link in the processing module.
The calculation module 96 is used to calculate a digest of the physical identification.
If the digest of the physical identification obtained by the calculation is the same as the digest of the physical identification stored in the blockchain consensus node corresponding to the heterogeneous identity system to which the first heterogeneous identity subsystem belongs, the verification module 94 is configured to verify the physical identification according to the public key of the heterogeneous identity system corresponding to the first terminal device, the public key of the first terminal device in the corresponding heterogeneous identity system, and the public key of a public-private key pair.
Optionally, the verification module 94 is specifically configured to verify the PKI certificate signature according to the public key and the PKI certificate of the heterogeneous identity system corresponding to the first terminal device, and verify the first signature and the second signature according to the public key of a public-private key pair and the public key of the first terminal device in the corresponding heterogeneous identity system; if the PKI signature, the first signature and the second signature are all verified successfully, the physical identity authentication is determined to be verified successfully.
Optionally, the verification module 94 is specifically configured to determine, according to the public key of the heterogeneous identity system corresponding to the first terminal device and the identity identifier of the heterogeneous identity system corresponding to the first terminal device, the public key of the heterogeneous identity system corresponding to the first terminal device; verifying the first signature and the second signature according to the public key of a public-private key pair and the public key of the first terminal equipment in the corresponding heterogeneous identity system; if the first signature and the second signature are successfully verified, the physical identity authentication is determined to be successfully verified.
Optionally, the acquiring module 91 is further configured to acquire and store a unified identity of the first terminal device and status indication information of the unified identity of the first terminal device, where the status indication information is used to indicate that the unified identity of the first terminal device is in an enabled state or a non-enabled state; correspondingly, if the state indication information indicates that the state of the unified identity of the first terminal equipment is an enabling state, detecting and acquiring physical identity certification corresponding to the link in the processing module.
Optionally, the second heterogeneous identity subsystem acquires a public key of a heterogeneous identity system corresponding to the first terminal device; correspondingly, the detection module 95 detects and acquires physical identity evidence corresponding to the link in the processing module; the calculation module 96 calculates a digest of the physical identification; if the calculated digest of the physical identification is the same as the digest of the physical identification stored in the blockchain consensus node corresponding to the heterogeneous identity system to which the first heterogeneous identity subsystem belongs, the verification module 94 verifies the physical identification according to the public key of the heterogeneous identity system corresponding to the first terminal device.
Optionally, the acquiring module 91 acquires and stores the unified identity of the first terminal device and status indication information of the unified identity of the first terminal device, where the status indication information is used to indicate that the unified identity of the first terminal device is in an enabled state or a non-enabled state; correspondingly, if the status indication information indicates that the status of the unified identity of the first terminal device is the enabled status, the detecting module 95 is specifically configured to detect and obtain the physical identity corresponding to the link in the processing module.
Optionally, the second heterogeneous identity subsystem comprises only the second terminal device; alternatively, the second heterogeneous identity subsystem includes the second terminal device, a first proxy server of the second terminal device, and the first key escrow center.
The second heterogeneous identity subsystem provided in the present application may refer to the implementation principle and the technical effect of the interaction system based on heterogeneous identity, and will not be described herein.
Fig. 10 is a schematic structural diagram of a physical identity generating apparatus 100 according to an embodiment of the present application, where, as shown in fig. 10, the physical identity generating apparatus 100 includes: an acquisition module 101 and a generation module 102.
The obtaining module 101 is configured to obtain a unified identity of the first terminal device.
The generating module 102 is configured to generate a physical identification of the first terminal device according to the unified identity of the first terminal device, where the physical identification is used to prove an association relationship between the unified identity of the first terminal device and the first terminal device.
Optionally, the unified identity of the first terminal device is a public key of a public-private key pair; the obtaining module 101 is further configured to obtain an identity of the first terminal device in the corresponding heterogeneous identity system and a public key in a public-private key pair.
The generating module 102 is specifically configured to sign, according to a private key of the physical identity generating device, an identity identifier of the first terminal device in a corresponding heterogeneous identity system and a public key in a public-private key pair, to obtain a first signature; and generating a physical identity certificate by the first terminal equipment in the identity identifier of the corresponding heterogeneous identity system, the public key in a public-private key pair and the first signature.
The physical identity generating device provided by the application can refer to the implementation principle and the technical effect of the interaction system based on heterogeneous identities, and the implementation principle and the technical effect are not repeated here.
Fig. 11 is a schematic structural diagram of a first heterogeneous identity subsystem 110 according to an embodiment of the present application, where, as shown in fig. 11, the first heterogeneous identity subsystem 110 includes: a processor 111, a transmitter 112 and a receiver 113.
The processor 111 is configured to obtain a unified identity of a first terminal device included in the first heterogeneous identity subsystem in the interaction system.
The transmitter 112 is configured to transmit the unified identity of the first terminal device to a blockchain consensus node corresponding to a heterogeneous identity system to which the first heterogeneous identity subsystem belongs, so that the unified identity of the first terminal device is shared among the M blockchain consensus nodes.
The processor 111 is further configured to obtain a unified identity of the second terminal device.
The transmitter 112 is configured to transmit a message to the second heterogeneous identity subsystem to which the second terminal device belongs based on the unified identity of the first terminal device and the unified identity of the second terminal device, or the receiver 113 is configured to receive the message transmitted by the second heterogeneous identity subsystem.
Optionally, the processor 111 is further configured to generate a physical identification of the first terminal device according to the unified identity of the first terminal device, and generate a digest of the physical identification, where the physical identification is used to prove an association relationship between the unified identity of the first terminal device and the first terminal device.
The processor 111 is further arranged to obtain a link to the physical identification of the first terminal device.
The transmitter 112 is further configured to transmit the digest and the link to the blockchain consensus node corresponding to the heterogeneous identity system to which the first heterogeneous identity subsystem belongs, so that the digest and the link are shared among the M blockchain consensus nodes.
Further, when the physical identification is successfully verified by the second heterogeneous subsystem, the receiver 113 is further configured to receive a message sent by the second heterogeneous subsystem.
Optionally, if the heterogeneous identity system corresponding to the first terminal device is a public key infrastructure PKI-based system, the processor 111 is specifically configured to obtain a PKI certificate of the first terminal device in the corresponding heterogeneous identity system and a signature of the PKI certificate; the method comprises the steps of obtaining a public key of a public-private key pair to sign a public key of first terminal equipment in a corresponding heterogeneous identity system, and obtaining a first signature; and obtaining a second signature obtained by signing the public key of a public-private key pair by the private key of the first terminal equipment in the corresponding heterogeneous identity system.
The processor 111 is specifically configured to generate the PKI certificate, the signature of the PKI certificate, the first signature and the second signature into a physical identification of the first terminal device.
Optionally, if the heterogeneous identity system corresponding to the first terminal device is an IBC-based system, the processor 111 is specifically configured to obtain a first signature obtained by signing, with a private key of a public-private key pair, a public key of the first terminal device in the corresponding heterogeneous identity system; and obtaining a second signature obtained by signing the public key of a public-private key pair by the private key of the first terminal equipment in the corresponding heterogeneous identity system.
The processor 111 is specifically configured to generate a physical identification of the first terminal device from the identity, the first signature and the second signature of the first terminal device in the corresponding heterogeneous identity system.
Optionally, the processor 111 is further configured to obtain a physical identification.
The processor 111 is configured to generate a digest of the physical identification; the acquisition module is also used for acquiring links of the physical identity.
The transmitter 112 is configured to transmit the digest and the link to the blockchain consensus node corresponding to the heterogeneous identity system to which the first heterogeneous identity subsystem belongs, so that the digest and the link are shared among the M blockchain consensus nodes.
Further, when the physical identification is successfully verified by the second heterogeneous subsystem, the receiver 113 is further configured to receive a message sent by the second heterogeneous subsystem.
Optionally, the first heterogeneous identity subsystem comprises only the first terminal device; alternatively, the first heterogeneous identity subsystem includes a first terminal device, a first proxy server of the first terminal device, and a first key escrow center.
The implementation principle and the technical effect of the first heterogeneous identity subsystem provided by the application can refer to the implementation principle and the technical effect of the interaction system based on heterogeneous identities, and are not repeated here.
Fig. 12 is a schematic structural diagram of a second heterogeneous portion subsystem 120 according to an embodiment of the present application, and as shown in fig. 12, the second heterogeneous portion subsystem 120 includes: a processor 121, a transmitter 122 and a receiver 123.
The processor 121 is configured to obtain a unified identity of a second terminal device included in the second heterogeneous identity subsystem in the interaction system.
The transmitter 122 is configured to transmit the unified identity of the second terminal device to the blockchain consensus node corresponding to the heterogeneous identity system to which the second heterogeneous identity subsystem belongs, so that the unified identity of the second terminal device is shared among the M blockchain consensus nodes.
The processor 121 is further configured to obtain a unified identity of the first terminal device.
The transmitter 122 is further configured to send a message to the first heterogeneous subsystem to which the first terminal device belongs based on the unified identity of the first terminal device and the unified identity of the second terminal device, or the receiver 123 is configured to receive the message sent by the first heterogeneous subsystem.
Optionally, the second heterogeneous identity subsystem further includes a verification module 94.
Wherein the processor 121 is further configured to obtain a digest and a link of the physical identification of the first terminal device.
The processor 121 is configured to verify the physical identification based on the digest and the link.
The transmitter 122 is further configured to send a message to the first heterogeneous subsystem upon successful verification of the physical identification.
Optionally, the unified identity of the first terminal device is a public key of a public-private key pair; the processor 121 is further configured to obtain a public key of a heterogeneous identity system corresponding to the first terminal device, a public key of the first terminal device in the corresponding heterogeneous identity system, and a public key of a public-private key pair.
Correspondingly, the processor 121 is configured to detect and obtain the physical identification corresponding to the link in the processing module.
The processor 121 is used to calculate a digest of the physical identification.
If the digest of the physical identification obtained by the calculation is the same as the digest of the physical identification stored in the blockchain consensus node corresponding to the heterogeneous identity system to which the first heterogeneous identity subsystem belongs, the processor 121 is configured to verify the physical identification according to the public key of the heterogeneous identity system corresponding to the first terminal device, and the public key of a public-private key pair.
Optionally, the processor 121 is specifically configured to verify the PKI certificate signature according to the public key and the PKI certificate of the heterogeneous identity system corresponding to the first terminal device, and verify the first signature and the second signature according to the public key of a public-private key pair and the public key of the first terminal device in the corresponding heterogeneous identity system; if the PKI signature, the first signature and the second signature are all verified successfully, the physical identity authentication is determined to be verified successfully.
Optionally, the processor 121 is specifically configured to determine, according to the public key of the heterogeneous identity system corresponding to the first terminal device and the identity identifier of the heterogeneous identity system corresponding to the first terminal device, the public key of the heterogeneous identity system corresponding to the first terminal device; verifying the first signature and the second signature according to the public key of a public-private key pair and the public key of the first terminal equipment in the corresponding heterogeneous identity system; if the first signature and the second signature are successfully verified, the physical identity authentication is determined to be successfully verified.
Optionally, the processor 121 is further configured to acquire and store a unified identity of the first terminal device and status indication information of the unified identity of the first terminal device, where the status indication information is configured to indicate that the unified identity of the first terminal device is in an enabled state or a non-enabled state; correspondingly, if the state indication information indicates that the state of the unified identity of the first terminal equipment is an enabling state, detecting and acquiring physical identity certification corresponding to the link in the processing module.
Optionally, the second heterogeneous identity subsystem acquires a public key of a heterogeneous identity system corresponding to the first terminal device; correspondingly, the processor 121 detects and acquires physical identity corresponding to the link in the processing module; processor 121 computes a digest of the physical identification; if the calculated digest of the physical identification is the same as the digest of the physical identification stored in the blockchain consensus node corresponding to the heterogeneous identity system to which the first heterogeneous identity subsystem belongs, the processor 121 verifies the physical identification according to the public key of the heterogeneous identity system corresponding to the first terminal device.
Optionally, the processor 121 acquires and stores the unified identity of the first terminal device and status indication information of the unified identity of the first terminal device, where the status indication information is used to indicate that the unified identity of the first terminal device is in an enabled state or a non-enabled state; correspondingly, if the status indication information indicates that the status of the unified identity of the first terminal device is the enabled status, the processor 121 is specifically configured to detect and obtain the physical identity corresponding to the link in the processing module.
Optionally, the second heterogeneous identity subsystem comprises only the second terminal device; alternatively, the second heterogeneous identity subsystem includes the second terminal device, a first proxy server of the second terminal device, and the first key escrow center.
The second heterogeneous identity subsystem provided in the present application may refer to the implementation principle and the technical effect of the interaction system based on heterogeneous identity, and will not be described herein.
Fig. 13 is a schematic structural diagram of a physical identity generating device 130 according to an embodiment of the present application, where, as shown in fig. 13, the physical identity generating device 130 includes: a processor 131 and a memory 132 for storing execution code of the processor 131.
A processor 131, configured to obtain a unified identity of the first terminal device;
the processor 131 is configured to generate a physical identification of the first terminal device according to the unified identity of the first terminal device, where the physical identification is used to prove an association relationship between the unified identity of the first terminal device and the first terminal device.
Optionally, the unified identity of the first terminal device is a public key of a public-private key pair; the obtaining module 101 is further configured to obtain an identity of the first terminal device in the corresponding heterogeneous identity system and a public key in a public-private key pair.
The processor 131 is specifically configured to sign, according to a private key of the physical identity generating device, an identity identifier of the first terminal device in a corresponding heterogeneous identity system and a public key in a public-private key pair, to obtain a first signature; and generating a physical identity certificate by the first terminal equipment in the identity identifier of the corresponding heterogeneous identity system, the public key in a public-private key pair and the first signature.
The physical identity generating device provided by the application can refer to the implementation principle and the technical effect of the interaction system based on heterogeneous identities, and the implementation principle and the technical effect are not repeated here.

Claims (26)

1. An interactive system based on heterogeneous identities, comprising: m block chain consensus nodes and M heterogeneous identity systems, wherein M is a positive integer greater than 1; the heterogeneous identity system comprises a heterogeneous identity subsystem, and the heterogeneous identity subsystem comprises terminal equipment;
the first heterogeneous identity subsystem acquires the unified identity of first terminal equipment in the interaction system, which is included in the first heterogeneous identity subsystem, and sends the unified identity of the first terminal equipment to a blockchain consensus node corresponding to a heterogeneous identity system to which the first heterogeneous identity subsystem belongs, so that the unified identity of the first terminal equipment is shared among the M blockchain consensus nodes;
The second heterogeneous identity subsystem acquires the unified identity of second terminal equipment in the interaction system, which is included in the second heterogeneous identity subsystem, and sends the unified identity of the second terminal equipment to a blockchain consensus node corresponding to a heterogeneous identity system to which the second heterogeneous identity subsystem belongs, so that the unified identity of the second terminal equipment is shared among the M blockchain consensus nodes;
the first heterogeneous part subsystem and the second heterogeneous part subsystem interact based on the unified identity of the first terminal device and the unified identity of the second terminal device;
wherein the first heterogeneous identity subsystem and the second heterogeneous identity subsystem belong to two different heterogeneous identity systems of the M heterogeneous identity systems.
2. The system of claim 1, further comprising: a processing module;
the first heterogeneous identity subsystem generates physical identity evidence of the first terminal equipment according to the unified identity of the first terminal equipment, and generates a summary of the physical identity evidence, wherein the physical identity evidence is used for proving the association relation between the unified identity of the first terminal equipment and the first terminal equipment;
The processing module acquires and stores the physical identity, and generates a link of the physical identity; transmitting the link of the physical identification to the first heterogeneous identity subsystem;
the first heterogeneous identity subsystem sends the abstract and the link to a blockchain consensus node corresponding to a heterogeneous identity system to which the first heterogeneous identity subsystem belongs, so that the abstract and the link are shared among the M blockchain consensus nodes; the second heterogeneous part subsystem acquires the abstract and the link, verifies the physical identity according to the abstract and the link, and sends a message to the first heterogeneous part subsystem when the physical identity is verified successfully.
3. The system of claim 2, wherein the unified identity of the first terminal device is a public key of a public-private key pair; the second heterogeneous identity subsystem acquires a public key of a heterogeneous identity system corresponding to the first terminal device, a public key of the first terminal device in the corresponding heterogeneous identity system and a public key of the public-private key pair;
correspondingly, the second heterogeneous identity subsystem detects and acquires the physical identity corresponding to the link in the processing module;
The second heterogeneous part subsystem calculates the abstract of the physical identity;
and if the digest of the physical identity certificate obtained through calculation is the same as the digest of the physical identity certificate stored by the blockchain consensus node corresponding to the heterogeneous identity system to which the first heterogeneous identity subsystem belongs, verifying the physical identity certificate by the second heterogeneous identity subsystem according to the public key of the heterogeneous identity system corresponding to the first terminal equipment, the public key of the first terminal equipment in the corresponding heterogeneous identity system and the public key of the public-private key pair.
4. The system of claim 3, wherein if the heterogeneous identity system corresponding to the first terminal device is a public key infrastructure PKI-based system, the first heterogeneous identity subsystem obtains a PKI certificate of the first terminal device in the corresponding heterogeneous identity system and a signature of the PKI certificate;
the first heterogeneous identity subsystem obtains a first signature obtained by signing a public key of the first terminal equipment in a corresponding heterogeneous identity system through a private key of the public-private key pair;
the first heterogeneous identity subsystem obtains a second signature obtained by signing a public key of the public-private key pair through a private key of the first terminal equipment in a corresponding heterogeneous identity system;
The first heterogeneous identification subsystem generates the PKI certificate, the signature of the PKI certificate, the first signature and the second signature into a physical identity of the first terminal device.
5. The system of claim 4, wherein the second heterogeneous identity subsystem verifies the PKI certificate signature based on a public key of a heterogeneous identity system to which the first terminal device corresponds and the PKI certificate, and verifies the first signature and the second signature based on a public key of the public-private key pair and a public key of the first terminal device in the corresponding heterogeneous identity system;
and if the PKI signature, the first signature and the second signature are all verified to be successful, the second heterogeneous subsystem determines that the physical identity authentication is successful.
6. The system of claim 3, wherein if the heterogeneous identity system corresponding to the first terminal device is an IBC-based system, the first heterogeneous identity subsystem obtains a first signature obtained by signing a public key of the first terminal device in the corresponding heterogeneous identity system with a private key of the public-private key pair;
the first heterogeneous identity subsystem obtains a second signature obtained by signing a public key of the public-private key pair through a private key of the first terminal equipment in a corresponding heterogeneous identity system;
The first heterogeneous identity subsystem generates the physical identity of the first terminal equipment in the identity of the corresponding heterogeneous identity system, the first signature and the second signature.
7. The system of claim 6, wherein the second heterogeneous identity subsystem determines a public key of the first terminal device in the corresponding heterogeneous identity system according to a public key of the heterogeneous identity system corresponding to the first terminal device and an identity of the first terminal device in the corresponding heterogeneous identity system;
the second heterogeneous identity subsystem verifies the first signature and the second signature according to the public key of the public-private key pair and the public key of the first terminal equipment in the corresponding heterogeneous identity system;
and if the first signature and the second signature are successfully verified, the second heterogeneous subsystem determines that the physical identity authentication is successfully verified.
8. The system of any one of claims 3-7, wherein,
the second heterogeneous identity subsystem acquires and stores the unified identity of the first terminal device and state indication information of the unified identity of the first terminal device, wherein the state indication information is used for indicating whether the unified identity of the first terminal device is in an enabling state or a non-enabling state;
Correspondingly, if the state indication information indicates that the state of the unified identity of the first terminal device is an enabling state, the second heterogeneous identity subsystem detects and acquires the physical identity corresponding to the link in the processing module.
9. The system of claim 1, further comprising: a processing module and a physical identity generating device;
the physical identity generation device acquires the unified identity of the first terminal device and generates physical identity evidence of the first terminal device according to the unified identity of the first terminal device, wherein the physical identity evidence is used for proving the association relationship between the unified identity of the first terminal device and the first terminal device;
the first heterogeneous identity subsystem acquires the physical identity and generates a summary of the physical identity;
the processing module acquires and stores the physical identity, and generates a link of the physical identity; transmitting the link of the physical identification to the first heterogeneous identity subsystem;
the first heterogeneous identity subsystem sends the abstract and the link to a blockchain consensus node corresponding to a heterogeneous identity system to which the first heterogeneous identity subsystem belongs, so that the abstract and the link are shared among the M blockchain consensus nodes;
The second heterogeneous part subsystem acquires the abstract and the link, verifies the physical identity according to the abstract and the link, and sends a message to the first heterogeneous part subsystem when the physical identity is verified successfully.
10. The system of claim 9, wherein the second heterogeneous identity subsystem obtains a public key of a heterogeneous identity system corresponding to the first terminal device;
correspondingly, the second heterogeneous identity subsystem detects and acquires the physical identity corresponding to the link in the processing module;
the second heterogeneous part subsystem calculates the abstract of the physical identity;
and if the abstract of the physical identity certificate obtained through calculation is the same as the abstract of the physical identity certificate stored by the blockchain consensus node corresponding to the heterogeneous identity system to which the first heterogeneous identity subsystem belongs, the second heterogeneous identity subsystem verifies the physical identity certificate according to the public key of the heterogeneous identity system corresponding to the first terminal equipment.
11. The system according to claim 9 or 10, wherein the unified identity of the first terminal device is a public key of a public-private key pair; the physical identity generating device obtains the identity identifier of the first terminal device in the corresponding heterogeneous identity system and the public key of the public-private key pair;
The physical identity generating device signs the identity mark of the first terminal device in the corresponding heterogeneous identity system and the public key in the public-private key pair according to the private key of the physical identity generating device to obtain a first signature;
the physical identity generating device generates the physical identity proof by the identity identifier of the first terminal device in the corresponding heterogeneous identity system, the public key in the public-private key pair and the first signature.
12. The system of claim 10, wherein the system further comprises a controller configured to control the controller,
the second heterogeneous identity subsystem acquires and stores the unified identity of the first terminal device and state indication information of the unified identity of the first terminal device, wherein the state indication information is used for indicating whether the unified identity of the first terminal device is in an enabling state or a non-enabling state;
correspondingly, if the state indication information indicates that the state of the unified identity of the first terminal device is an enabling state, the second heterogeneous identity subsystem detects and acquires the physical identity corresponding to the link in the processing module.
13. The system of claim 9 or 10, wherein the first heterogeneous subsystem comprises only the first terminal device; or the first heterogeneous identity subsystem comprises the first terminal equipment, a first proxy server of the first terminal equipment and a first key escrow center;
The second heterogeneous part subsystem only comprises the second terminal equipment; or the second heterogeneous identity subsystem comprises the second terminal device, a first proxy server of the second terminal device and a first key escrow center.
14. A heterogeneous identity based interaction method, wherein the method is applied to a heterogeneous identity based interaction system, the system comprising: m block chain consensus nodes and M heterogeneous identity systems, wherein M is a positive integer greater than 1; the heterogeneous identity system comprises a heterogeneous identity subsystem, and the heterogeneous identity subsystem comprises terminal equipment; accordingly, the method comprises the following steps:
the first heterogeneous identity subsystem acquires the unified identity of first terminal equipment in the interaction system, which is included in the first heterogeneous identity subsystem, and sends the unified identity of the first terminal equipment to a blockchain consensus node corresponding to a heterogeneous identity system to which the first heterogeneous identity subsystem belongs, so that the unified identity of the first terminal equipment is shared among the M blockchain consensus nodes;
the second heterogeneous identity subsystem acquires the unified identity of second terminal equipment in the interaction system, which is included in the second heterogeneous identity subsystem, and sends the unified identity of the second terminal equipment to a blockchain consensus node corresponding to a heterogeneous identity system to which the second heterogeneous identity subsystem belongs, so that the unified identity of the second terminal equipment is shared among the M blockchain consensus nodes;
The first heterogeneous part subsystem and the second heterogeneous part subsystem interact based on the unified identity of the first terminal device and the unified identity of the second terminal device;
wherein the first heterogeneous identity subsystem and the second heterogeneous identity subsystem belong to two different heterogeneous identity systems of the M heterogeneous identity systems.
15. The method of claim 14, wherein the system further comprises: a processing module; correspondingly, the first heterogeneous part subsystem and the second heterogeneous part subsystem interact based on the unified identity of the first terminal device and the unified identity of the second terminal device, and the method comprises the following steps:
the first heterogeneous identity subsystem generates physical identity evidence of the first terminal equipment according to the unified identity of the first terminal equipment, and generates a summary of the physical identity evidence, wherein the physical identity evidence is used for proving the association relation between the unified identity of the first terminal equipment and the first terminal equipment;
the processing module acquires and stores the physical identity, and generates a link of the physical identity; transmitting the link of the physical identification to the first heterogeneous identity subsystem;
The first heterogeneous identity subsystem sends the abstract and the link to a blockchain consensus node corresponding to a heterogeneous identity system to which the first heterogeneous identity subsystem belongs, so that the abstract and the link are shared among the M blockchain consensus nodes;
the second heterogeneous part subsystem acquires the abstract and the link, verifies the physical identity according to the abstract and the link, and sends a message to the first heterogeneous part subsystem when the physical identity is verified successfully.
16. The method of claim 15, wherein the unified identity of the first terminal device is a public key of a public-private key pair; the method further comprises the steps of:
the second heterogeneous identity subsystem acquires a public key of a heterogeneous identity system corresponding to the first terminal device, a public key of the first terminal device in the corresponding heterogeneous identity system and a public key of the public-private key pair;
correspondingly, the second heterogeneous identity subsystem verifies the physical identity according to the abstract and the link, and comprises the following steps:
the second heterogeneous identification subsystem detects and acquires the physical identification corresponding to the link in the processing module;
The second heterogeneous part subsystem calculates the abstract of the physical identity;
and if the digest of the physical identity certificate obtained through calculation is the same as the digest of the physical identity certificate stored by the blockchain consensus node corresponding to the heterogeneous identity system to which the first heterogeneous identity subsystem belongs, verifying the physical identity certificate by the second heterogeneous identity subsystem according to the public key of the heterogeneous identity system corresponding to the first terminal equipment, the public key of the first terminal equipment in the corresponding heterogeneous identity system and the public key of the public-private key pair.
17. The method of claim 16, wherein if the heterogeneous identity system corresponding to the first terminal device is a public key infrastructure PKI-based system, the first heterogeneous identity subsystem generates a physical identification of the first terminal device according to the unified identity of the first terminal device, comprising:
the first heterogeneous identity subsystem acquires a PKI certificate of the first terminal equipment in a corresponding heterogeneous identity system and a signature of the PKI certificate;
the first heterogeneous identity subsystem obtains a first signature obtained by signing a public key of the first terminal equipment in a corresponding heterogeneous identity system through a private key of the public-private key pair;
The first heterogeneous identity subsystem obtains a second signature obtained by signing a public key of the public-private key pair through a private key of the first terminal equipment in a corresponding heterogeneous identity system;
the first heterogeneous identification subsystem generates the PKI certificate, the signature of the PKI certificate, the first signature and the second signature into a physical identity of the first terminal device.
18. The method of claim 17, wherein the second heterogeneous identity subsystem verifies the physical identification based on a public key of a heterogeneous identity system to which the first terminal device corresponds, a public key of the first terminal device in the corresponding heterogeneous identity system, and a public key of the public-private key pair, comprising:
the second heterogeneous identity subsystem verifies the PKI certificate signature according to the public key of the heterogeneous identity system corresponding to the first terminal device and the PKI certificate, and verifies the first signature and the second signature according to the public key of the public-private key pair and the public key of the first terminal device in the corresponding heterogeneous identity system;
and if the PKI signature, the first signature and the second signature are all verified to be successful, the second heterogeneous subsystem determines that the physical identity authentication is successful.
19. The method of claim 16, wherein if the heterogeneous identity system corresponding to the first terminal device is an IBC-based system, the first heterogeneous identity subsystem generates a physical identification of the first terminal device according to the unified identity of the first terminal device, including:
the first heterogeneous identity subsystem obtains a first signature obtained by signing a public key of the first terminal equipment in a corresponding heterogeneous identity system through a private key of the public-private key pair;
the first heterogeneous identity subsystem obtains a second signature obtained by signing a public key of the public-private key pair through a private key of the first terminal equipment in a corresponding heterogeneous identity system;
the first heterogeneous identity subsystem generates the physical identity of the first terminal equipment in the identity of the corresponding heterogeneous identity system, the first signature and the second signature.
20. The method of claim 19, wherein the second heterogeneous identity subsystem verifies the physical identification based on a public key of a heterogeneous identity system to which the first terminal device corresponds, a public key of the first terminal device in the corresponding heterogeneous identity system, and a public key of the public-private key pair, comprising:
The second heterogeneous identity subsystem determines the public key of the first terminal equipment in the corresponding heterogeneous identity system according to the public key of the heterogeneous identity system corresponding to the first terminal equipment and the identity of the first terminal equipment in the corresponding heterogeneous identity system;
the second heterogeneous identity subsystem verifies the first signature and the second signature according to the public key of the public-private key pair and the public key of the first terminal equipment in the corresponding heterogeneous identity system;
and if the first signature and the second signature are successfully verified, the second heterogeneous subsystem determines that the physical identity authentication is successfully verified.
21. The method according to any one of claims 16-20, further comprising:
the second heterogeneous identity subsystem acquires and stores the unified identity of the first terminal device and state indication information of the unified identity of the first terminal device, wherein the state indication information is used for indicating whether the unified identity of the first terminal device is in an enabling state or a non-enabling state;
correspondingly, the second heterogeneous identity subsystem detects and acquires the physical identity corresponding to the link in the processing module, and includes:
And if the state indication information indicates that the state of the unified identity of the first terminal equipment is an enabling state, the second heterogeneous identity subsystem detects and acquires the physical identity corresponding to the link in the processing module.
22. The method of claim 14, wherein the system further comprises: a processing module and a physical identity generating device; correspondingly, the first heterogeneous part subsystem and the second heterogeneous part subsystem interact based on the unified identity of the first terminal device and the unified identity of the second terminal device, and the method comprises the following steps:
the physical identity generation device acquires the unified identity of the first terminal device and generates physical identity evidence of the first terminal device according to the unified identity of the first terminal device, wherein the physical identity evidence is used for proving the association relationship between the unified identity of the first terminal device and the first terminal device;
the first heterogeneous identity subsystem acquires the physical identity and generates a summary of the physical identity;
the processing module acquires and stores the physical identity, and generates a link of the physical identity; transmitting the link of the physical identification to the first heterogeneous identity subsystem;
The first heterogeneous identity subsystem sends the abstract and the link to a blockchain consensus node corresponding to a heterogeneous identity system to which the first heterogeneous identity subsystem belongs, so that the abstract and the link are shared among the M blockchain consensus nodes;
the second heterogeneous part subsystem acquires the abstract and the link, verifies the physical identity according to the abstract and the link, and sends a message to the first heterogeneous part subsystem when the physical identity is verified successfully.
23. The method of claim 22, wherein the method further comprises:
the second heterogeneous identity subsystem acquires a public key of a heterogeneous identity system corresponding to the first terminal equipment;
correspondingly, the second heterogeneous identity subsystem verifies the physical identity according to the abstract and the link, and comprises the following steps:
the second heterogeneous identification subsystem detects and acquires the physical identification corresponding to the link in the processing module;
the second heterogeneous part subsystem calculates the abstract of the physical identity;
and if the abstract of the physical identity certificate obtained through calculation is the same as the abstract of the physical identity certificate stored by the blockchain consensus node corresponding to the heterogeneous identity system to which the first heterogeneous identity subsystem belongs, the second heterogeneous identity subsystem verifies the physical identity certificate according to the public key of the heterogeneous identity system corresponding to the first terminal equipment.
24. The method according to claim 22 or 23, wherein the unified identity of the first terminal device is a public key of a public-private key pair; correspondingly, the physical identity generating device generates the physical identity of the first terminal device according to the unified identity of the first terminal device, and the physical identity generating device comprises:
the physical identity generating device obtains the identity identifier of the first terminal device in the corresponding heterogeneous identity system and the public key of the public-private key pair;
the physical identity generating device signs the identity mark of the first terminal device in the corresponding heterogeneous identity system and the public key in the public-private key pair according to the private key of the physical identity generating device to obtain a first signature;
the physical identity generating device generates the physical identity proof by the identity identifier of the first terminal device in the corresponding heterogeneous identity system, the public key in the public-private key pair and the first signature.
25. The method as recited in claim 23, further comprising:
the second heterogeneous identity subsystem acquires and stores the unified identity of the first terminal device and state indication information of the unified identity of the first terminal device, wherein the state indication information is used for indicating whether the unified identity of the first terminal device is in an enabling state or a non-enabling state;
Correspondingly, the second heterogeneous identity subsystem detects and acquires the physical identity corresponding to the link in the processing module, and includes:
and if the state indication information indicates that the state of the unified identity of the first terminal equipment is an enabling state, the second heterogeneous identity subsystem detects and acquires the physical identity corresponding to the link in the processing module.
26. The method of claim 22 or 23, wherein the first heterogeneous subsystem comprises only the first terminal device; or the first heterogeneous identity subsystem comprises the first terminal equipment, a first proxy server of the first terminal equipment and a first key escrow center;
the second heterogeneous part subsystem only comprises the second terminal equipment; or the second heterogeneous identity subsystem comprises the second terminal device, a first proxy server of the second terminal device and a first key escrow center.
CN201780096222.XA 2017-11-10 2017-11-10 Interactive system and method based on heterogeneous identity Active CN111264045B (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/SG2017/050566 WO2019093963A1 (en) 2017-11-10 2017-11-10 Heterogeneous identity-based interactive system and method

Publications (2)

Publication Number Publication Date
CN111264045A CN111264045A (en) 2020-06-09
CN111264045B true CN111264045B (en) 2023-06-30

Family

ID=66439042

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201780096222.XA Active CN111264045B (en) 2017-11-10 2017-11-10 Interactive system and method based on heterogeneous identity

Country Status (2)

Country Link
CN (1) CN111264045B (en)
WO (1) WO2019093963A1 (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112184245B (en) * 2020-09-30 2024-04-26 深圳前海微众银行股份有限公司 Transaction identity confirmation method and device for cross-region block chain
CN112989381B (en) * 2021-03-24 2022-03-22 中国电子科技集团公司第三十研究所 Block chain anti-association-based uniform heterogeneous identity identification method
CN113556738B (en) * 2021-07-23 2024-06-14 广州鲁邦通物联网科技股份有限公司 Key negotiation method of DTU equipment and node equipment, DTU equipment, node equipment and key negotiation system
CN113783836B (en) * 2021-08-02 2023-06-20 南京邮电大学 Internet of things data access control method and system based on block chain and IBE algorithm
CN116055055A (en) * 2022-11-29 2023-05-02 北京笔新互联网科技有限公司 Cross-domain authentication method and system

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101867929A (en) * 2010-05-25 2010-10-20 北京星网锐捷网络技术有限公司 Authentication method, system, authentication server and terminal equipment
US9635000B1 (en) * 2016-05-25 2017-04-25 Sead Muftic Blockchain identity management system based on public identities ledger
CN106686008A (en) * 2017-03-03 2017-05-17 腾讯科技(深圳)有限公司 Information storage method and information storage device
CN107079037A (en) * 2016-09-18 2017-08-18 深圳前海达闼云端智能科技有限公司 Identity identifying method, device, node and system based on block chain
EP3227853A1 (en) * 2014-12-05 2017-10-11 Skuchain Inc. Cryptographic verification of provenance in a supply chain

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20170302663A1 (en) * 2016-04-14 2017-10-19 Cisco Technology, Inc. BLOCK CHAIN BASED IoT DEVICE IDENTITY VERIFICATION AND ANOMALY DETECTION
CN107276973A (en) * 2016-12-10 2017-10-20 江苏恒为信息科技有限公司 A kind of internet article identity mark is built and verification method
CN107079036A (en) * 2016-12-23 2017-08-18 深圳前海达闼云端智能科技有限公司 Registration and authorization method, apparatus and system

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101867929A (en) * 2010-05-25 2010-10-20 北京星网锐捷网络技术有限公司 Authentication method, system, authentication server and terminal equipment
EP3227853A1 (en) * 2014-12-05 2017-10-11 Skuchain Inc. Cryptographic verification of provenance in a supply chain
US9635000B1 (en) * 2016-05-25 2017-04-25 Sead Muftic Blockchain identity management system based on public identities ledger
CN107079037A (en) * 2016-09-18 2017-08-18 深圳前海达闼云端智能科技有限公司 Identity identifying method, device, node and system based on block chain
CN106686008A (en) * 2017-03-03 2017-05-17 腾讯科技(深圳)有限公司 Information storage method and information storage device

Also Published As

Publication number Publication date
CN111264045A (en) 2020-06-09
WO2019093963A1 (en) 2019-05-16

Similar Documents

Publication Publication Date Title
US11108565B2 (en) Secure communications providing forward secrecy
CN111264045B (en) Interactive system and method based on heterogeneous identity
CN111066285B (en) SM2 signature based public key recovery method
US11108748B2 (en) Systems and methods for secure multi-party communications using a proxy
Mahmood et al. An enhanced anonymous identity‐based key agreement protocol for smart grid advanced metering infrastructure
US9246900B2 (en) Using a single certificate request to generate credentials with multiple ECQV certificates
US20130191632A1 (en) System and method for securing private keys issued from distributed private key generator (d-pkg) nodes
US11870891B2 (en) Certificateless public key encryption using pairings
AU2016287732A1 (en) Mutual authentication of confidential communication
Zhang et al. Efficient and privacy-preserving blockchain-based multifactor device authentication protocol for cross-domain IIoT
CN114710275B (en) Cross-domain authentication and key negotiation method based on blockchain in Internet of things environment
KR20100050846A (en) System and method for interchanging key
CN112351019B (en) Identity authentication system and method
Zhang et al. Authentication methods for internet of vehicles based on trusted connection architecture
Limkar et al. A mechanism to ensure identity-based anonymity and authentication for IoT infrastructure using cryptography
CN111654481A (en) Identity authentication method, identity authentication device and storage medium
Duan et al. Design of anonymous authentication scheme for vehicle fog services using blockchain
Babu et al. Fog‐Sec: Secure end‐to‐end communication in fog‐enabled IoT network using permissioned blockchain system
Saadeh et al. Object authentication in the context of the internet of things: A survey
JP2016220062A (en) Communication device, server, signature verification commission system, and signature verification commission method
CN114696999A (en) Identity authentication method and device
JP5333613B2 (en) Proxy parameter information generation device, proxy device, proxy parameter information generation program, proxy program, and communication system
Cho et al. Big data cloud deduplication based on verifiable hash convergent group signcryption
CN112468983B (en) Low-power-consumption access authentication method for intelligent equipment of power internet of things and auxiliary device thereof
GB2421407A (en) Generating a shared symmetric key using identifier based cryptography

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant