CN111818491A - Decentralized identity management method under 5G environment D2D scene - Google Patents
Decentralized identity management method under 5G environment D2D scene Download PDFInfo
- Publication number
- CN111818491A CN111818491A CN202010663628.5A CN202010663628A CN111818491A CN 111818491 A CN111818491 A CN 111818491A CN 202010663628 A CN202010663628 A CN 202010663628A CN 111818491 A CN111818491 A CN 111818491A
- Authority
- CN
- China
- Prior art keywords
- data
- identity
- user
- authority
- data holding
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000007726 management method Methods 0.000 title claims abstract description 15
- 230000007246 mechanism Effects 0.000 claims abstract description 26
- 230000008520 organization Effects 0.000 claims abstract description 14
- 238000012795 verification Methods 0.000 claims abstract description 10
- 238000012550 audit Methods 0.000 claims abstract description 4
- 238000013475 authorization Methods 0.000 claims description 18
- 238000000034 method Methods 0.000 claims description 13
- 238000001514 detection method Methods 0.000 abstract description 3
- 238000005516 engineering process Methods 0.000 description 4
- 238000004891 communication Methods 0.000 description 2
- 238000010295 mobile communication Methods 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000013523 data management Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/70—Services for machine-to-machine communication [M2M] or machine type communication [MTC]
Abstract
The invention discloses a decentralized identity management method under the scene of a 5G environment D2D, which comprises the following steps: the data holding mechanism uses DID to log in the data using mechanism and learns that the application needs the data holding mechanism to provide a certain verifiable statement; the data holding organization authorizes the data using organization to go to the identity center to obtain the verifiable statement; the data holding organization successfully logs in the data using organization. Further comprising the step of identity information registration: a user uses a DID program of the 5G equipment to create own DID; a user acquires an identity certification authority list in a DID program; the user submits a verifiable claim application to a designated identity certification authority and provides related verification materials; and after the identity certification authority audits the materials, issuing a verifiable statement to the user, and enabling the user to become a data holding authority. In the range which can be covered by the same identity platform, the identity identification and detection standards of the users are unified, and the application authority and the user identity/data are separated in the data authority, so that the ownership of the user data is guaranteed.
Description
Technical Field
The invention relates to an identity authentication method, in particular to a decentralized identity management method in a 5G environment D2D scene, and belongs to the technical field of computers.
Background
At present, based on a technology of directly exchanging data between adjacent devices in a communication network of a D2D (device to device) technology, a D2D communication link is established, transferring data does not need core equipment or central equipment switching, and the data can be directly transmitted through a point-to-point decentralized mode as a data transmission and access network of a massive number of terminals, and the D2D technology has been listed as a development framework of a new generation mobile communication system by the standardization organization 3GPP and becomes one of key technologies of fifth generation mobile communication, but at present, there is no scheme that a method ensures that a digital identity is credibly and controllable in a decentralized 5G environment and can still solve the problem of privacy disclosure in a D2D scene.
Disclosure of Invention
In order to solve the problem of privacy disclosure, the invention provides a method for decentralized identity management in a 5G environment D2D scene.
The technical scheme adopted by the decentralized identity management method under the scene of the 5G environment D2D comprises the following steps:
s1: a user uses a DID program of the 5G equipment to create own DID;
s2: a user acquires an identity certification authority list in a DID program;
s3: the user submits a verifiable claim application to a designated identity certification authority and provides related verification materials;
s4: after the identity certification authority audits the materials, a verifiable statement is issued to the user, and the user becomes a data holding authority;
s5: the data holding mechanism uses DID to log in the data using mechanism and learns that the application needs the data holding mechanism to provide a certain verifiable statement;
s6: the data holding organization authorizes the data using organization to go to the identity center to obtain the verifiable statement;
s7: the data holding organization successfully logs in the data using organization.
And under the 5G environment, 5G equipment is used for building a block chain network among an identity authentication mechanism, a data holding mechanism and a data using mechanism, and the mechanism is used as a node to access and register DID.
The data use mechanism generates an authorization certificate, marks attributes such as an authorization object, a data owner, a validity period and authorization content, and uses a mechanism private key to sign; the data using mechanism can select to generate the abstract of the authorization certificate and write the abstract into the block chain, so that the purpose of increasing the credit is achieved.
The data using mechanism presents the authorization certificate to the data holding mechanism, the data holding mechanism verifies the authorization certificate through the certificate verification interface, and the data holding mechanism sends the data to the data using mechanism after the verification is passed.
The invention achieves the following beneficial effects:
1. the invention provides a decentralized identity management method under the scene of a 5G environment D2D, which is characterized in that in the coverage range of the same identity platform, the identity recognition and detection standards of users are unified, the application authority and the user identity/data are separated in the data authority, and the ownership of the user data is ensured.
2. The invention provides a globally unique distributed entity identity and a trusted data exchange protocol, and promotes cross-department and cross-region identity authentication and data cooperation. Getting rid of the dependence on single center ID registration in the traditional mode. The physical identity of the entity and the contents of the verifiable digital voucher can be stored down-link. The support entity minimizes or selectively exposes information to other agencies, which may make the claim more secure and trusted and further protect user privacy from infringement.
Drawings
Other features and advantages of the invention will be apparent from the following description of the preferred embodiments of the invention, taken in conjunction with the accompanying drawings and from the claims. Individual features of the different embodiments shown in the figures may be combined in any desired manner in this case without going beyond the scope of the invention. In the drawings:
FIG. 1 is a block diagram of the process flow of the present invention.
The implementation, functional features and advantages of the objects of the present invention will be further explained with reference to the accompanying drawings.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is further described below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
Example (b):
as shown in fig. 1, in this embodiment, a method for decentralized identity management in a 5G environment D2D scenario includes the following steps:
s1: a user uses a DID program of the 5G equipment to create own DID;
s2: a user acquires a list of issuing parties in a DID program;
s3: the user submits a verifiable statement application to a designated issuing party and provides related verification materials;
s4: after the issuer audits the material, issuing a verifiable statement to the user;
s5: the user logs in the third-party application by using the DID and learns that the application needs the user to provide a certain verifiable statement;
s6: the user authorizes the third party application to obtain the verifiable statement by the identity-removing center;
s7: the user successfully logs into the third party application.
And under the 5G environment, 5G equipment is used for building a block chain network among a certificate issuer, a user and third-party applications, and a mechanism is used as a node to access and register DID.
The third party application generates an authorization certificate, marks attributes such as an authorization object, a data owner, a validity period and authorization content, and uses an organization private key for signature; the third party application can select to generate the abstract of the authorization certificate and write the abstract into the block chain, so that the purpose of increasing the credit is achieved.
The third party application presents the authorization certificate to the user, the user verifies the authorization certificate through the certificate verification interface, and the user sends the data to the third party application after the verification is passed.
In the embodiment, the user isolates the data authority through the app domain name without worrying about the safety of the full data; multiple identities may be used to manage the same application data; the scope of authority to apply is clear prior to use of the application; data may be migrated between different applications. The developer does not need to independently realize services such as account registration, user management and the like; and complicated encryption and decryption check logic is not required to be processed. The service provider uses a set of DID identity and user data management standards; providing more application infrastructure services.
In the method for decentralized identity management in the 5G environment D2D scenario, in the range that can be covered by the same identity platform, the identity recognition and detection standards of users are unified, and the application authority and the user identity/data are separated in the data authority, thereby ensuring the ownership of user data.
The embodiment provides globally unique distributed entity identity identification and a trusted data exchange protocol, and promotes cross-department and cross-region identity authentication and data cooperation. Getting rid of the dependence on single center ID registration in the traditional mode. The physical identity of the entity and the contents of the verifiable digital voucher can be stored down-link. The support entity minimizes or selectively exposes information to other agencies, which may make the claim more secure and trusted and further protect user privacy from infringement.
The above description is only a preferred embodiment of the present invention, and not intended to limit the scope of the present invention, and all modifications of equivalent structures and equivalent processes, which are made by using the contents of the present specification and the accompanying drawings, or directly or indirectly applied to other related technical fields, are included in the scope of the present invention.
Claims (5)
1. A method for decentralized identity management in a 5G environment D2D scene comprises a data holding mechanism, a data using mechanism and an identity certification mechanism, and is characterized by comprising the following steps:
f1: the data holding mechanism uses DID to log in the data using mechanism and learns that the application needs the data holding mechanism to provide a certain verifiable statement;
f2: the data holding organization authorizes the data using organization to go to the identity center to obtain the verifiable statement;
f3: the data holding organization successfully logs in the data using organization.
2. The method for decentralized identity management in the context of a 5G environment D2D according to claim 1, wherein the identity authentication method further includes an identity information registration step:
s1: a user uses a DID program of the 5G equipment to create own DID;
s2: a user acquires an identity certification authority list in a DID program;
s3: the user submits a verifiable claim application to a designated identity certification authority and provides related verification materials;
s4: and after the identity certification authority audits the materials, issuing a verifiable statement to the user, and enabling the user to become a data holding authority.
3. The method for decentralized identity management in D2D scenario under 5G environment according to claim 1, wherein 5G device is used in 5G environment to build block chain network among identity authority, data holding authority, and data using authority, and the authority accesses and registers DID as node.
4. The method for decentralized identity management in the scenario of 5G environment D2D according to claim 1, wherein the data using entity generates an authorization credential indicating attributes of an authorized object, a data owner, a validity period, and an authorization content, and uses an entity private key to sign the authorization credential; the data using mechanism can select to generate the abstract of the authorization certificate and write the abstract into the block chain, so that the purpose of increasing the credit is achieved.
5. The method for decentralized identity management in D2D scenario of claim 1, wherein the data using entity presents an authorization credential to the data holding entity, the data holding entity verifies the authorization credential through the credential verification interface, and the data holding entity sends the data to the data using entity after verification.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010663628.5A CN111818491A (en) | 2020-07-10 | 2020-07-10 | Decentralized identity management method under 5G environment D2D scene |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010663628.5A CN111818491A (en) | 2020-07-10 | 2020-07-10 | Decentralized identity management method under 5G environment D2D scene |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111818491A true CN111818491A (en) | 2020-10-23 |
Family
ID=72843019
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010663628.5A Pending CN111818491A (en) | 2020-07-10 | 2020-07-10 | Decentralized identity management method under 5G environment D2D scene |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111818491A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112564920A (en) * | 2020-12-08 | 2021-03-26 | 爱信诺征信有限公司 | Enterprise identity verification method, system, electronic equipment and storage medium |
| CN113438088A (en) * | 2021-06-28 | 2021-09-24 | 湖南天河国云科技有限公司 | Social network credit monitoring method and device based on block chain distributed identity |
| CN113452704A (en) * | 2021-06-28 | 2021-09-28 | 湖南天河国云科技有限公司 | Distributed identity identification-based credible interconnection method and device for heterogeneous industrial equipment |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109614818A (en) * | 2018-11-30 | 2019-04-12 | 西南石油大学 | The band keyword search encryption method of delegatable identity-based |
| CN110795501A (en) * | 2019-10-11 | 2020-02-14 | 支付宝(杭州)信息技术有限公司 | Method, device, equipment and system for creating verifiable statement based on block chain |
| CN111095327A (en) * | 2019-07-02 | 2020-05-01 | 阿里巴巴集团控股有限公司 | System and method for verifying verifiable claims |
| CN111164594A (en) * | 2019-07-02 | 2020-05-15 | 阿里巴巴集团控股有限公司 | System and method for mapping decentralized identity to real entity |
| CN111213147A (en) * | 2019-07-02 | 2020-05-29 | 阿里巴巴集团控股有限公司 | System and method for block chain based cross entity authentication |
| CN111262843A (en) * | 2020-01-10 | 2020-06-09 | 腾讯科技(深圳)有限公司 | Data acquisition method, authentication method and related product |
| CN111277577A (en) * | 2020-01-14 | 2020-06-12 | 北京百度网讯科技有限公司 | Digital identity verification method, device, equipment and storage medium |
-
2020
- 2020-07-10 CN CN202010663628.5A patent/CN111818491A/en active Pending
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109614818A (en) * | 2018-11-30 | 2019-04-12 | 西南石油大学 | The band keyword search encryption method of delegatable identity-based |
| CN111095327A (en) * | 2019-07-02 | 2020-05-01 | 阿里巴巴集团控股有限公司 | System and method for verifying verifiable claims |
| CN111164594A (en) * | 2019-07-02 | 2020-05-15 | 阿里巴巴集团控股有限公司 | System and method for mapping decentralized identity to real entity |
| CN111213147A (en) * | 2019-07-02 | 2020-05-29 | 阿里巴巴集团控股有限公司 | System and method for block chain based cross entity authentication |
| CN110795501A (en) * | 2019-10-11 | 2020-02-14 | 支付宝(杭州)信息技术有限公司 | Method, device, equipment and system for creating verifiable statement based on block chain |
| CN111262843A (en) * | 2020-01-10 | 2020-06-09 | 腾讯科技(深圳)有限公司 | Data acquisition method, authentication method and related product |
| CN111277577A (en) * | 2020-01-14 | 2020-06-12 | 北京百度网讯科技有限公司 | Digital identity verification method, device, equipment and storage medium |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112564920A (en) * | 2020-12-08 | 2021-03-26 | 爱信诺征信有限公司 | Enterprise identity verification method, system, electronic equipment and storage medium |
| CN112564920B (en) * | 2020-12-08 | 2023-07-21 | 爱信诺征信有限公司 | Enterprise identity verification method, system, electronic equipment and storage medium |
| CN113438088A (en) * | 2021-06-28 | 2021-09-24 | 湖南天河国云科技有限公司 | Social network credit monitoring method and device based on block chain distributed identity |
| CN113452704A (en) * | 2021-06-28 | 2021-09-28 | 湖南天河国云科技有限公司 | Distributed identity identification-based credible interconnection method and device for heterogeneous industrial equipment |
| CN113452704B (en) * | 2021-06-28 | 2022-08-09 | 湖南天河国云科技有限公司 | Distributed identity identification-based credible interconnection method and device for heterogeneous industrial equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109918878B (en) | Industrial Internet of things equipment identity authentication and safe interaction method based on block chain | |
| CN1224213C (en) | Method for issuing an electronic identity | |
| CN112583802B (en) | Data sharing platform system and equipment based on block chain and data sharing method | |
| CN111818491A (en) | Decentralized identity management method under 5G environment D2D scene | |
| CN100502307C (en) | Integrated user safety management method and device | |
| CN110322940B (en) | Access authorization method and system for medical data sharing | |
| CN109088857B (en) | Distributed authorization management method in scene of Internet of things | |
| JP2014531163A (en) | Centralized secure management method, system, and corresponding communication system for third party applications | |
| CN111049835B (en) | Unified identity management system of distributed public certificate service network | |
| EP2957064B1 (en) | Method of privacy-preserving proof of reliability between three communicating parties | |
| CN104767731A (en) | Identity authentication protection method of Restful mobile transaction system | |
| CN109361753A (en) | A kind of Internet of things system framework and encryption method | |
| CN104683107B (en) | Digital certificate keeping method and device, digital signature method and device | |
| CN106911627A (en) | A kind of true identity method of controlling security and its system based on eID | |
| GB2384069A (en) | Transferring user authentication for first to second web site | |
| CN112565294B (en) | Identity authentication method based on block chain electronic signature | |
| CN111880919A (en) | Data scheduling method, system and computer equipment | |
| CN114205112B (en) | Cloud MQTT access authority control method | |
| CN115883154A (en) | Access certificate issuing method, block chain-based data access method and device | |
| CN101789973A (en) | Method and system for constructing Mashup application | |
| US20240039707A1 (en) | Mobile authenticator for performing a role in user authentication | |
| Kerttula | A novel federated strong mobile signature service—the finnish case | |
| Park et al. | Open location-based service using secure middleware infrastructure in web services | |
| KR100349888B1 (en) | PKI system for and method of using micro explorer on mobile terminals | |
| US11595215B1 (en) | Transparently using macaroons with caveats to delegate authorization for access |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20201023 |