CN112765203B - Internet code number resource management method and device - Google Patents

Internet code number resource management method and device Download PDF

Info

Publication number
CN112765203B
CN112765203B CN202110155904.1A CN202110155904A CN112765203B CN 112765203 B CN112765203 B CN 112765203B CN 202110155904 A CN202110155904 A CN 202110155904A CN 112765203 B CN112765203 B CN 112765203B
Authority
CN
China
Prior art keywords
user
resource
code number
authorization relationship
query
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110155904.1A
Other languages
Chinese (zh)
Other versions
CN112765203A (en
Inventor
李丹丹
黄小红
张沛
谢坤
郭玮琦
魏晓宇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing University of Posts and Telecommunications
Original Assignee
Beijing University of Posts and Telecommunications
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing University of Posts and Telecommunications filed Critical Beijing University of Posts and Telecommunications
Priority to CN202110155904.1A priority Critical patent/CN112765203B/en
Publication of CN112765203A publication Critical patent/CN112765203A/en
Application granted granted Critical
Publication of CN112765203B publication Critical patent/CN112765203B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/24Querying
    • G06F16/245Query processing
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/27Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Data Mining & Analysis (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Computational Linguistics (AREA)
  • Computing Systems (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

The embodiment of the invention provides an Internet code number resource management method and device. The Internet code number resource management method carries out Internet code number resource management by a mixed deployment block chain mode and an RPKI mode, and the resource management process at least comprises the following steps: if a query request of resource query by a user performing resource allocation in an RPKI mode, a query request of resource query by a user not using the RPKI mode for resource management and not joining the blockchain system, or a query request of resource query by a user joining the blockchain system are received, user verification is performed according to a verification mode corresponding to a sending user of the query request, and after verification is passed, the query request is responded; and when a resource application request sent by a target user joining the blockchain system is received, responding to the resource application request. The scheme can realize the credible interaction of resource information of various management mechanisms in the evolution deployment from a centralized code number resource management mechanism to a distributed code number resource management mechanism.

Description

Internet code number resource management method and device
Technical Field
The invention belongs to the technical field of Internet, and particularly relates to an Internet code number resource management method and device.
Background
Under today's internet architecture, the allocation of internet code number resources is done in a hierarchy. The top layer is the IANA internet digital distribution agency (Internet Assigned Numbers Authority, internet digital distribution agency), and the next layer of IANA is the RIR (Regional Internet Registry, regional internet registration authority). Under the RIR there are some registration authorities, such as: NIR (National Internet Registry, national internet registry authority) and LIR (Local Internet Registry, general regional registry)). The registration authorities obtain internet code number resources from the superior RIR and can use themselves or continue to allocate to the lower level to form a well-defined tree structure.
In order to enable the autonomous network to judge the correctness of the received routing information and prevent a malicious attacker from performing prefix hijacking by forging BGP (Border Gateway Protocol ) information, thereby ensuring data security, in the prior art, an RPKI (Resource Public Key Infrastructure ) mode is used on the basis of the Internet code number resource allocation mode, and the RPKI mode is specifically a certificate issuing mode corresponding to the Internet code number resource allocation mode.
However, since the architecture on which the RPKI scheme is based is a centralized architecture, if a certain authority of the tree structure revokes certificates, certificates of all subtrees under that authority will be invalidated. To cope with the drawbacks of the RPKI approach, the centralized code number resource management mechanism needs to evolve towards the distributed code number resource management mechanism, for example: and the RPKI and the blockchain system are combined to realize the management of code number resources. Then, how to implement the evolution deployment from the centralized code number resource management mechanism to the distributed code number resource management mechanism, where multiple management mechanisms can exchange resource information in a trusted manner is a problem to be solved.
Disclosure of Invention
The embodiment of the invention aims to provide an Internet code number resource management method and device, so as to realize the credible interaction of resource information of various management mechanisms in the evolution deployment from a centralized code number resource management mechanism to a distributed code number resource management mechanism. The specific technical scheme is as follows:
the embodiment of the invention provides an Internet code number resource management method which is applied to a block chain system; the method comprises the following steps:
acquiring a first query request sent by a first user; the first user is a user performing resource management in the RPKI mode, and the first query request carries an RPKI resource certificate acquired by the first user and first query requirement information about an address authorization relationship;
Authenticating the identity of the first user by judging whether the RPKI resource certificate carried by the first query request is a legal certificate or not;
if the authentication is passed, based on the target address authorization relationship recorded by the billing node of the blockchain system and related to the IP prefix and the ASN, feeding back a query result matched with the first query requirement information to the first user, extracting an address authorization relationship from an RPKI resource certificate carried by the first query request, and updating the target authorization relationship in the billing node based on the extracted address authorization relationship.
Optionally, the method further comprises:
acquiring a second query request sent by a second user; the second user is a user which does not use the RPKI mode to carry out resource management and does not join the blockchain system, and the second query request carries the address authorization relationship of the second user and second query requirement information about the address authorization relationship;
authenticating the identity of the second user by using the address authorization relationship carried by the second query request;
if the authentication is passed, feeding back a query result matched with the second query requirement information to the second user, and updating the target address authorization relationship in the accounting node based on the address authorization relationship carried in the second query request;
The step of authenticating the identity of the second user by using the address authorization relationship carried by the second query request includes:
if the target address authorization relationship records the authorization relationship which is the same as the IP prefix of the address authorization relationship carried by the second inquiry request and different from the ASN, judging that the identity authentication of the second user is not passed; otherwise, judging that the identity authentication of the second user passes.
Optionally, the method further comprises:
acquiring a third query request sent by a third user; the third user is a user joining the blockchain system, and the third query request carries a key certificate issued to the third user by the blockchain system and third query requirement information about an address authorization relationship;
authenticating the identity of the third user by using a key certificate carried in the third inquiry request;
and if the authentication is passed, feeding back a query result matched with the third query requirement information carried by the third query request to the third user.
Optionally, the method further comprises:
when a resource application request sent by a target user joining the blockchain system is received, authenticating the identity of the target user based on a key certificate carried in the resource application request; the key certificate carried in the resource application request is a certificate issued by the blockchain system, and the resource application request also carries resource demand information;
If the authentication is passed, when the code number resource managed by the block chain system meets the resource demand information, determining a target code number resource matched with the resource demand information from the code number resource managed by the block chain system as a user resource;
and feeding back the user resource to the target user so that the target user obtains the user resource, establishing an address authorization relationship of the target user according to the code number resource required to be used by the target user in the user resource, and recording the established address authorization relationship in the target address authorization relationship of the accounting node.
Optionally, the code number resource managed by the blockchain system includes a resource to be allocated reported by a fourth user; the fourth user is a user for resource management by using the RPKI mode, and the resource to be allocated is code number resource which is not used by the fourth user;
correspondingly, when the target user is the next user of the fourth user, and when the code number resource managed by the blockchain system meets the resource requirement information, determining the target code number resource matched with the resource requirement information from the code number resource managed by the blockchain system as the user resource, wherein the target code number resource comprises:
And when the resources to be allocated, which are reported by the fourth user, meet the resource demand information, determining the code number resources matched with the resource demand information from the code number resources to be allocated, which are reported by the fourth user, as user resources.
In a second aspect, an embodiment of the present invention provides an internet code number resource management device, which is applied to a blockchain system; the device comprises:
the first acquisition module is used for acquiring a first query request sent by a first user; the first user is a user performing resource management in the RPKI mode, and the first query request carries an RPKI resource certificate acquired by the first user and first query requirement information about an address authorization relationship;
the first authentication module is used for authenticating the identity of the first user by judging whether the RPKI resource certificate carried by the first query request is a legal certificate or not;
and the first processing module is used for feeding back a query result matched with the first query requirement information to the first user based on the target address authorization relationship recorded by the billing node of the blockchain system and related to the IP prefix and the ASN, extracting an address authorization relationship from the RPKI resource certificate carried by the first query request, and updating the target authorization relationship in the billing node based on the extracted address authorization relationship if the authentication passes.
Optionally, the apparatus further comprises:
the second acquisition module is used for acquiring a second query request sent by a second user; the second user is a user which does not use the RPKI mode to carry out resource management and does not join the blockchain system, and the second query request carries the address authorization relationship of the second user and second query requirement information about the address authorization relationship;
the second authentication module is used for authenticating the identity of the second user by utilizing the address authorization relationship carried by the second query request;
the second processing module is used for feeding back a query result matched with the second query requirement information to the second user if the authentication is passed, and updating the target address authorization relationship in the accounting node based on the address authorization relationship carried in the second query request;
the step of authenticating the identity of the second user by using the address authorization relationship carried by the second query request includes:
if the target address authorization relationship records the authorization relationship which is the same as the IP prefix of the address authorization relationship carried by the second inquiry request and different from the ASN, judging that the identity authentication of the second user is not passed; otherwise, judging that the identity authentication of the second user passes.
Optionally, the apparatus further comprises:
the third acquisition module is used for acquiring a third query request sent by a third user; the third user is a user joining the blockchain system, and the third query request carries a key certificate issued to the third user by the blockchain system and third query requirement information about an address authorization relationship;
the third authentication module is used for authenticating the identity of the third user by utilizing the key certificate carried in the third inquiry request;
and the third processing module is used for feeding back a query result matched with the third query requirement information carried by the third query request to the third user if the authentication is passed.
Optionally, the apparatus further comprises:
the fourth authentication module is used for authenticating the identity of the target user based on a key certificate carried in a resource application request when the resource application request sent by the target user joining the blockchain system is received; the key certificate carried in the resource application request is a certificate issued by the blockchain system, and the resource application request also carries resource demand information;
A fourth processing module, configured to determine, if authentication is passed, a target code number resource that matches the resource requirement information from among code number resources managed by the blockchain system as a user resource when the code number resource managed by the blockchain system satisfies the resource requirement information;
and the information feedback module is used for feeding back the user resource to the target user so that the target user obtains the user resource, establishes an address authorization relationship of the target user for the code number resource required to be used by the target user in the user resource, and records the established address authorization relationship in the target address authorization relationship of the accounting node.
Optionally, the code number resource managed by the blockchain system includes a resource to be allocated reported by a fourth user; the fourth user is a user for resource management by using the RPKI mode, and the resource to be allocated is code number resource which is not used by the fourth user;
correspondingly, when the target user is the next user of the fourth user, the fourth processing module determines, as the user resource, a target code number resource matched with the resource requirement information from the code number resources managed by the blockchain system when the code number resources managed by the blockchain system meet the resource requirement information, including:
And when the resources to be allocated, which are reported by the fourth user, meet the resource demand information, determining the code number resources matched with the resource demand information from the code number resources to be allocated, which are reported by the fourth user, as user resources.
The embodiment of the invention has the beneficial effects that:
according to the scheme, the Internet code number resource management is carried out in a mixed deployment block chain mode and an RPKI mode, and in the resource management process, a user carrying out resource allocation in the RPKI mode can carry out resource inquiry through a block chain after passing through verification of a block chain system. Under the condition of mixed deployment of a blockchain mode and an RPKI mode, a user performing resource allocation in the RPKI mode can perform trusted resource inquiry through a blockchain, so that the scheme can realize the trusted interaction of resource information of various management mechanisms in the evolution deployment of a centralized code number resource management mechanism to a distributed code number resource management mechanism.
Of course, it is not necessary for any one product or method of practicing the invention to achieve all of the advantages set forth above at the same time.
Drawings
In order to more clearly illustrate the embodiments of the invention or the technical solutions in the prior art, the drawings that are required in the embodiments or the description of the prior art will be briefly described, it being obvious that the drawings in the following description are only some embodiments of the invention, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a flow chart of an internet code number resource management method according to an embodiment of the present invention;
FIG. 2 is a schematic diagram of a blockchain system for resource management according to an embodiment of the present invention;
fig. 3 is a schematic structural diagram of an internet code number resource management device according to an embodiment of the present invention.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
In order to realize the credible interaction of resource information of various management mechanisms in the evolution deployment from a centralized code number resource management mechanism to a distributed code number resource management mechanism, the embodiment of the invention provides an Internet code number resource management method and device.
The method for managing the Internet code number resource is applied to a block chain system, wherein each RIR and each level of mechanism responsible for each RIR are added in the block chain system; among the various mechanisms for which the RIR is responsible may include: NIR, ISP (Internet Service Provider ), etc. It can be appreciated that blockchain technology is a completely new distributed infrastructure and computing method that uses a blockchain data structure to verify and store data, a distributed node consensus algorithm to generate and update data, a cryptographic method to secure data transmission and access, and an intelligent contract consisting of automated script code to program and manipulate data. The blockchain system of the embodiment of the invention is a system adopting the blockchain technology, and the blockchain system comprises three types of nodes: the system comprises an endorsement node, an accounting node and a sequencing node, wherein the endorsement node is a node for executing an intelligent contract, and can process various requests received by a blockchain system by executing the intelligent contract; the sequencing node is a node for sequencing operations; and the accounting node is a node for realizing data storage; among these, the so-called smart contracts are computer programs deployed at endorsement nodes, which automatically execute some predefined rules and terms based on some trusted, non-tamperable data.
In the embodiment of the invention, any RIR is a coalition of a coalition chain, so that the blockchain system is a blockchain system formed by multiple coalitions, and the number of coalitions is the same as the number of RIRs added to the blockchain system. In addition, since the existing RIR distribution form comprises 5 regional Internet registration authorities, when the RIRs of the 5 regional Internet registration authorities are added into the blockchain system, the blockchain system consists of 5 alliances corresponding to the 5 RIRs, and each alliance is provided with blockchain nodes, and the blockchain system is formed by all the blockchain nodes.
Wherein, 5 regional Internet registration authorities, IP prefix and AS (autonomous system ) number allocation to Internet are carried out in a hierarchical manner; and, the 5-region internet registration authorities may include: RIPE (Reseaux IP Europeans, european IP Address registry), LACNIC (Lation American and Caribbean Internet Address Registry, latin America and Caribbean Internet Address registry), ARIN (American Registry for Internet Numvers, united states Internet numbering registry), AFRINIC (Africa Network Information Centre, african network information center), and APNIC (Asia Pacific Network Information Centre, asian-Ethernet network information center).
In addition, when any user, such as an ISP user or an end user, desires to join the blockchain system, the user may authenticate to the blockchain system, and after passing the authentication, obtain admission qualification, at this time, the identity information of the user is recorded in the billing node, where the identity information may include: identification information, network address, acquired internet code number resources, allocated network internet code number resources, credentials for admission qualification, etc. And, any user joining the blockchain system may acquire a certificate that is a credential of admission qualification: the blockchain system issues a key certificate for identity authentication and a communication certificate for communication authentication, so that the blockchain system can manage the identity authentication and the communication security of each user, wherein the communication certificate for communication authentication can be a TLS (Transport Layer Security, secure transport layer protocol) certificate. It can be understood that in the embodiment of the present invention, the key certificate used for identity authentication and the communication certificate used for communication authentication are in the same form as the certificate obtained by the user joining in any blockchain in the prior art.
In addition, when the blockchain system is deployed, the blockchain nodes can be deployed for RIRs added into the blockchain system, and certainly, the blockchain nodes can also be undeployed; blockchain nodes may be deployed for each level of organization under the RIR, although they may be undeployed. In addition, the overall blockchain system includes a number of blockchain nodes, each of which may be a node deployed for a RIR or a node deployed for an underlying mechanism for which a RIR is responsible.
As shown in fig. 1, the method for managing internet code number resources provided by the embodiment of the invention may include the following steps:
s101, acquiring a first query request sent by a first user; the first user is a user performing resource management in the RPKI mode, and the first query request carries an RPKI resource certificate acquired by the first user and first query requirement information about an address authorization relationship;
because the users who acquire the internet code number resources based on the RPKI mode, such as ISP users, endur users and the like, may have query demands, the blockchain system can provide a query interface for the users who belong to the nodes outside the chain and acquire the internet code number resources based on the RPKI mode based on the blockchain mode.
In addition, because the user belonging to the out-of-chain node and acquiring the network resource based on the RPKI mode can acquire the RPKI resource certificate when the resource is allocated, and the RPKI resource certificate can verify the identity legitimacy, in this embodiment, the first user, namely the user belonging to the out-of-chain node and acquiring the network resource based on the RPKI mode, can send a first query request to the block chain system when the address authorization relationship query is required, wherein the first query request carries the RPKI resource certificate acquired by the first user and the first query requirement information about the address authorization relationship. The first query requirement information is to-be-queried information, and illustratively, the first query requirement information may include an IP prefix to be queried or an ASN to be queried.
S102, authenticating the identity of the first user by judging whether the RPKI resource certificate carried by the first query request is a legal certificate or not;
the blockchain system can judge whether the RPKI resource certificate carried by the first query request is a legal certificate according to the existing authentication mode about whether the RPKI resource certificate is effective or not; and further, authenticating the identity of the first user according to the judging result. It can be understood that when the RPKI resource certificate carried by the first query request is a legal certificate, it can be determined that the identity authentication of the first user passes, and when the RPKI resource certificate carried by the first query request is not a legal certificate, it can be determined that the identity authentication of the first user fails.
S103, if the authentication is passed, feeding back a query result matched with the first query requirement information to the first user based on a target address authorization relationship recorded by an accounting node of the blockchain system and related to an IP prefix and an ASN, extracting an address authorization relationship from an RPKI resource certificate carried by the first query request, and updating the target authorization relationship in the accounting node based on the extracted address authorization relationship.
If the authentication is passed, the blockchain system may feed back a query result matched with the first query requirement information carried by the first query request to the first user based on the target address authorization relationship recorded by the accounting node of the blockchain system and about the IP prefix and the autonomous system number ASN, extract an address authorization relationship from the RPKI resource certificate carried by the first query request, and update the target authorization relationship in the accounting node based on the extracted address authorization relationship, that is, record the extracted address authorization relationship in the target address authorization relationship of the accounting node in the blockchain system. The first query requirement information may include an IP prefix to be queried or an ASN to be queried, and at this time, the blockchain system may feed back an address authorization relationship including the IP prefix to be queried or an address authorization relationship including the ASN to be queried.
The target address authorization relationship can be characterized in the form of an IP-ASN, and the distributed code number resources can be conveniently tracked and inquired through the target address authorization relationship in the accounting node.
The method for extracting the address authorization relationship from the RPKI resource certificate carried by the first query request may refer to the prior art, which is not limited in the embodiment of the present invention.
To facilitate an understanding of the scheme, FIG. 2 illustrates a schematic diagram of a blockchain system for resource management. Specifically: any user can join the blockchain system in an identity registration mode, and when joining the blockchain system, the blockchain system can issue a key certificate for identity authentication to the user, and the user can apply for resources, inquire data and the like to the blockchain system based on the key certificate; in addition, any user can acquire network resources in an RPKI mode, so that the user can perform data query based on an RPKI database; when the user wishes to perform a data query in the blockchain system, the RPKI resource certificate may be utilized to perform the data query to the blockchain system.
According to the scheme, the Internet code number resource management is carried out in a mixed deployment block chain mode and an RPKI mode, and in the resource management process, a user carrying out resource allocation in the RPKI mode can carry out resource inquiry through a block chain after passing through verification of a block chain system. Under the condition of mixed deployment of a blockchain mode and an RPKI mode, a user performing resource allocation in the RPKI mode can perform trusted resource inquiry through a blockchain, so that the scheme can realize the trusted interaction of resource information of various management mechanisms in the evolution deployment of a centralized code number resource management mechanism to a distributed code number resource management mechanism.
Because users who acquire network resources based on the RPKI approach and approaches other than the blockchain system may also have query requirements, the blockchain system may provide a query interface to such users. Based on the above embodiment, in another embodiment of the present invention, the method for managing internet code number resources may further include A1-A3:
step A1, obtaining a second query request sent by a second user; the second user is a user which does not use the RPKI mode to carry out resource management and does not join the blockchain system, and the second query request carries the address authorization relationship of the second user and second query requirement information about the address authorization relationship;
because the second user does not participate in the blockchain system and does not use the RPKI approach for resource management, the second user does not have the RPKI resource certificate and the key certificate issued by the blockchain system. Then, for data security, the identity of the second user may be authenticated based on the second address authorization relationship of the second user itself, and when the authentication passes, the query requirement of the second user is responded. The address authorization relationship of the second user is the authorization relationship between the ASN and the IP prefix used by the second user.
A2, authenticating the identity of the second user by using the address authorization relationship carried by the second query request;
the step of authenticating the identity of the second user by using the address authorization relationship carried by the second query request includes:
if the target address authorization relationship records the authorization relationship which is the same as the IP prefix of the address authorization relationship carried by the second inquiry request and different from the ASN, judging that the identity authentication of the second user is not passed; otherwise, judging that the identity authentication of the second user passes.
It can be understood that if the target address authorization relationship recorded by the accounting node of the blockchain system about the IP prefix and the ASN has the same IP prefix as the address authorization relationship of the second user but a different authorization relationship from the ASN of the address authorization relationship of the second user recorded therein, the address authorization relationship of the second user is inconsistent with the address authorization relationship recorded by the blockchain system, and at this time, it can be determined that the identity authentication of the second user is not passed, that is, the identity of the second user is not legal.
Step A3, if the authentication is passed, feeding back a query result matched with the second query requirement information to the second user, and updating the target address authorization relationship in the accounting node based on the address authorization relationship carried in the second query request;
In order to further enrich the address authorization relationship recorded by the accounting node in the blockchain system, if the authentication is passed, the blockchain system may feed back a query result matched with the second query requirement information carried by the second query request to the second user, and record the address authorization relationship of the second user in the target address authorization relationship of the accounting node. It can be appreciated that, because if the IP prefix and the ASN in the address authorization relationship of the second user are not present in each address authorization relationship in the blockchain system, the second user may be determined to pass the identity authentication, in order to avoid that the IP prefix and the ASN in the address authorization relationship of the second user do not actually belong to legal authorization relationships, the address authorization relationship of the second user recorded in the accounting node may be marked with a reliability, and the marked reliability is a lower reliability.
In the scheme, under the condition of mixed deployment of the blockchain mode and the RPKI mode, the users performing resource allocation in the RPKI mode and the users acquiring network resources based on modes except the RPKI mode and the blockchain system can perform trusted resource inquiry through the blockchain, so that the scheme can realize that multiple management mechanisms can reliably exchange resource information in the evolution deployment of a centralized code number resource management mechanism to a distributed code number resource management mechanism, and the management mechanism involved in the resource management is more in variety, so that the scheme is applicable to a wider resource management scene range.
On the basis of any one of the foregoing embodiments, in another embodiment of the present invention, the method for managing internet code number resources may further include steps B1 to B3:
step B1, a third query request sent by a third user is obtained; the third user is a user joining the blockchain system, and the third query request carries a key certificate issued to the third user by the blockchain system and third query requirement information about an address authorization relationship;
the third user who acquires the access credentials in advance can send a third query request to the blockchain system when whether certain address authorization relations are legal or not; the third inquiry request carries information for identity authentication and information to be inquired.
In addition, when the first user and the second user inquire the resources, the blockchain system updates the target authorization relationship in the accounting node based on the address authorization relationship in the RPKI resource certificate of the first user and the address authorization relationship carried in the second inquiry request sent by the second user, so that the target authorization relationship comprises the address authorization relationship of the first user and the second user, and the target authorization relationship is enriched at the moment. Then, the third user can inquire the address authorization relationship of various users from the target authorization relationship.
Step B2, authenticating the identity of the third user by using a key certificate carried in the third inquiry request;
and step B3, if the authentication is passed, feeding back a query result matched with the third query requirement information carried by the third query request to the third user.
The specific implementation manner of the blockchain system for authenticating the identity of the third user by using the key certificate carried in the third query request can refer to any identity authentication manner of a network system adopting blockchains in the prior art, and the embodiment of the invention is not limited to this.
After the identity authentication is passed, the third user is indicated to have the query authority, and at this time, the blockchain system may feed back, to the third user, a query result matching with the third query requirement information carried by the third query request based on the target address authorization relationship recorded in the accounting node. The third query requirement information may include an IP prefix to be queried or an ASN to be queried, and at this time, the blockchain system may feed back an address authorization relationship including the IP prefix to be queried or an address authorization relationship including the ASN to be queried.
In the scheme, under the condition of mixed deployment of a blockchain mode and an RPKI mode, a user performing resource allocation in the RPKI mode and a user acquiring network resources based on modes other than a blockchain system can perform trusted resource inquiry through a blockchain, so that the scheme can realize that multiple management mechanisms can reliably exchange resource information in the evolution deployment of a centralized code resource management mechanism to a distributed code resource management mechanism.
In another embodiment of the present invention, an internet code number resource management method may further include step C1 to step C3:
step C1, when a resource application request sent by a target user joining the blockchain system is received, authenticating the identity of the target user based on a key certificate carried in the resource application request; the key certificate carried in the resource application request is a certificate issued by the blockchain system, and the resource application request also carries resource demand information;
when a target user joining the blockchain system requests resources, the resources can be allocated based on the blockchain mode, and the resources allocated based on the blockchain mode are code number resources managed by the blockchain system. Illustratively, in a specific application, the target user may be an ISP user, or an Endurer user (end user), or the like.
The target user can request the internet code number resource through the resource application request, and the internet code number resource requested by the target user can be used by the target user or distributed to other users. For example, user1 applies for an address prefix of 2f00:0000:/32, and applies for an AS number of 12345, after which user1 assigns 2f00:0000:0001:/48 to user2, and creates a correspondence using AS numbers of 12345 and 2f00:0000:0002/48.
In addition, the internet code number resource requested by the resource application request may include: IP prefix and ASN (Autonomous System Number ), may also include only: IP prefix. And, the resource demand information may include: the amount of resource data and the type of resource, or, alternatively, only the type of resource. In addition, those skilled in the art will appreciate that the resource need information may also include a resource usage time limit. Exemplary, the resource application request includes N requiring a usage time limit to be allocated of 1 year 1 IP prefixes and a service time limit of 2 years N 2 And ASNs.
In addition, it is understood that in the Internet, an AS refers to the totality of all IP networks and routers under the jurisdiction of one or more entities that implement a common routing policy for Internet site design. The ASNs are distributed to each regional internet registration organization in batches by the internet address assignment organization, one ASN is distributed to each entity from the whole batch of ASNs by the internet address assignment organization, and the entity desiring to obtain the ASN must apply for the ASN according to the program specified by the regional center to which the ASN belongs, and the ASN is distributed after the application is approved.
In addition, when receiving the resource application request, the blockchain system can authenticate the identity of the target user according to the authentication mode in the prior art based on the key certificate carried in the resource application request, namely, whether the target user is a user which obtains the admission qualification. It can be appreciated that the resource application request may also carry a communication certificate, through which the communication security is authenticated.
If the authentication is passed, the blockchain system may perform step C2, and if the authentication is not passed, the flow may be ended or a prompt for indicating that the authentication is not passed may be fed back to the target user.
Step C2, if the authentication is passed, when the code number resource managed by the block chain system meets the resource demand information, determining a target code number resource matched with the resource demand information from the code number resource managed by the block chain system as a user resource;
if the identity authentication of the target user passes, the blockchain system can determine the target code number resource matched with the resource demand information from the code number resource managed by the blockchain system as the user resource when the code number resource managed by the blockchain system meets the resource demand information. It can be appreciated that if the resource requirement information includes only a resource type, the code number resource managed by the blockchain system satisfies the resource requirement information specifically refers to: the resource type of the code number resource managed by the block chain system comprises the resource type requested in the resource demand information; if the resource requirement information includes the resource type and the resource requirement, the code number resource managed by the blockchain system satisfies the resource requirement information specifically means that: the resource type of the code number resource managed by the block chain system comprises the resource type requested in the resource demand information, and the resource data quantity belonging to the requested resource type in the code number resource managed by the block chain system is larger than the resource quantity requested in the resource demand information.
And if the resource requirement information only comprises the resource type, determining the target code number resource matched with the resource requirement information from the code number resources managed by the block chain system specifically refers to: network resources belonging to the type of resources requested by the resource requirement information are determined from code number resources managed by the blockchain system. Similarly, if the resource requirement information includes a resource type and a resource requirement amount, determining a target code number resource matched with the resource requirement information from code number resources associated with the blockchain system specifically refers to: and determining target code number resources of the resource demand requested by the resource demand information, which belong to the resource type requested by the resource demand information, from the code number resources managed by the block chain system. It should be noted that, from the code number resources managed by the blockchain system, what kind of resource allocation method is specifically adopted to determine the target code number resource matched with the resource requirement information may be preset, which is not limited in the embodiment of the present invention.
Illustratively, if the code number resource managed by the blockchain system includes 300 IP prefixes and 200 ASNs, the resource requirement information includes: 10 IP prefixes and 20 AS numbers, then from 300 IP prefixes and 200 ASNs, 10 IP prefixes and 20 ASNs are allocated to the target user.
And step C3, feeding back the user resources to the target user so that the target user obtains the user resources, establishing an address authorization relationship of the target user aiming at code number resources required to be used by the target user in the user resources, and recording the established address authorization relationship in a target address authorization relationship of the accounting node.
If the target user is an ISP user, if the obtained user resource has the code number resource which is needed to be used by the target user, an address authorization relationship can be established for the code number resource which is needed to be used by the target user; in addition, because the ISP node can be used as a resource distributor of the next-stage organization, the target user can use the code number resource which is needed to be used in the obtained user resource as the code number resource to be distributed, so that the Internet code number resource distribution is carried out for the next-stage organization.
If the target user is an reduce user (end user), the target user does not serve as an internet code number resource distributor, so that after the target user obtains the user resource, the target user takes the user resource as the code number resource required to be used by the target user, and further, the target user can establish an address authorization relationship for the user resource.
In addition, it can be understood that after the blockchain system allocates the user resources to the target user, the user resources stored in the blockchain system are characterized by the occupied state from the original occupied state, so that the blockchain system can accurately determine the remaining currently available target code number resources, and the next allocation is facilitated.
And when the block chain system allocates the user resource to the target user, the use time limit in the resource demand information can be set for the user resource, so that the allocated user resource can be recovered after expiration, or the target user can be reminded in advance when the user resource expires, and thus, the target user can make a renewal or unsubscribed preparation in advance.
It should be noted that, the code number resources managed by the blockchain system include code number resources manually set in the blockchain system in advance, and resources to be allocated reported by users using the RPKI method to perform resource management; the resources to be allocated are code number resources which are requested by a user using an RPKI mode to perform resource management and are unused. It can be understood that when the blockchain system is built, the code number resources managed by the blockchain system can only include the code number resources manually set in the blockchain system in advance, and the user who subsequently uses the RPKI mode to perform resource management can report the code number resources, so that the code number resources managed by the blockchain system simultaneously include the manually given code number resources and the code number resources reported by the user. In an exemplary implementation manner, the code number resources managed by the blockchain system include resources to be allocated reported by a fourth user, where the fourth user is a user performing resource management by using an RPKI method, and the resources to be allocated are code number resources that are not used by the fourth user; in such an implementation, the fourth user may allocate resources to the next level of users through a blockchain manner. Correspondingly, when the target user is the next user of the fourth user, and when the code number resource managed by the blockchain system meets the resource requirement information, determining the target code number resource matched with the resource requirement information from the code number resource managed by the blockchain system as the user resource, wherein the target code number resource comprises:
And when the resources to be allocated, which are reported by the fourth user, meet the resource demand information, determining the code number resources matched with the resource demand information from the code number resources to be allocated, which are reported by the fourth user, as user resources.
It will be appreciated that in one implementation, the fourth user may report the resource to be allocated to the blockchain system when sending the query request to the blockchain system, and the resource to be allocated may be, for example, carried in the RPKI resource certificate, although not limited thereto; in another implementation manner, when the resource to be allocated needs to be reported, the fourth user may send a resource allocation request carrying the resource to be allocated and the RPKI resource certificate to the blockchain system, so that the blockchain system saves the resource to be allocated in the resource allocation request after the identity authentication of the fourth user by using the RPKI resource certificate in the resource allocation request passes.
Therefore, the scheme can realize the credible interaction of resource information of various management mechanisms in the evolution deployment from a centralized code number resource management mechanism to a distributed code number resource management mechanism; moreover, by the scheme, the effective resource allocation based on the block chain system can be realized.
Corresponding to the method embodiment, the embodiment of the invention also provides an Internet code number resource management device; as shown in fig. 3, the apparatus includes:
a first obtaining module 310, configured to obtain a first query request sent by a first user; the first user is a user performing resource management in the RPKI mode, and the first query request carries an RPKI resource certificate acquired by the first user and first query requirement information about an address authorization relationship;
a first authentication module 320, configured to authenticate an identity of the first user by determining whether an RPKI resource certificate carried by the first query request is a legal certificate;
the first processing module 330 is configured to, if authentication is passed, feed back a query result matching the first query requirement information to the first user based on a target address authorization relationship recorded by an accounting node of the blockchain system and related to an IP prefix and an autonomous system number ASN, extract an address authorization relationship from an RPKI resource certificate carried by the first query request, and update the target authorization relationship in the accounting node based on the extracted address authorization relationship.
According to the scheme, the Internet code number resource management is carried out in a mixed deployment block chain mode and an RPKI mode, and in the resource management process, a user carrying out resource allocation in the RPKI mode can carry out resource inquiry through a block chain after passing through verification of a block chain system. Under the condition of mixed deployment of a blockchain mode and an RPKI mode, a user performing resource allocation in the RPKI mode can perform trusted resource inquiry through a blockchain, so that the scheme can realize the trusted interaction of resource information of various management mechanisms in the evolution deployment of a centralized code number resource management mechanism to a distributed code number resource management mechanism.
In an embodiment of the present invention, the apparatus provided by the embodiment of the present invention may further include:
the second acquisition module is used for acquiring a second query request sent by a second user; the second user is a user which does not use the RPKI mode to carry out resource management and does not join the blockchain system, and the second query request carries the address authorization relationship of the second user and second query requirement information about the address authorization relationship;
the second authentication module is used for authenticating the identity of the second user by utilizing the address authorization relationship carried by the second query request;
The second processing module is used for feeding back a query result matched with the second query requirement information to the second user if the authentication is passed, and updating the target address authorization relationship in the accounting node based on the address authorization relationship carried in the second query request;
the step of authenticating the identity of the second user by using the address authorization relationship carried by the second query request includes:
if the target address authorization relationship records the authorization relationship which is the same as the IP prefix of the address authorization relationship carried by the second inquiry request and different from the ASN, judging that the identity authentication of the second user is not passed; otherwise, judging that the identity authentication of the second user passes.
In an embodiment of the present invention, the apparatus provided by the embodiment of the present invention may further include:
the third acquisition module is used for acquiring a third query request sent by a third user; the third user is a user joining the blockchain system, and the third query request carries a key certificate issued to the third user by the blockchain system and third query requirement information about an address authorization relationship;
The third authentication module is used for authenticating the identity of the third user by utilizing the key certificate carried in the third inquiry request;
and the third processing module is used for feeding back a query result matched with the third query requirement information carried by the third query request to the third user if the authentication is passed.
In an embodiment of the invention, the device further comprises:
the fourth authentication module is used for authenticating the identity of the target user based on a key certificate carried in a resource application request when the resource application request sent by the target user joining the blockchain system is received; the key certificate carried in the resource application request is a certificate issued by the blockchain system, and the resource application request also carries resource demand information;
a fourth processing module, configured to determine, if authentication is passed, a target code number resource that matches the resource requirement information from among code number resources managed by the blockchain system as a user resource when the code number resource managed by the blockchain system satisfies the resource requirement information;
and the information feedback module is used for feeding back the user resource to the target user so that the target user obtains the user resource, establishes an address authorization relationship of the target user for the code number resource required to be used by the target user in the user resource, and records the established address authorization relationship in the target address authorization relationship of the accounting node.
In an embodiment of the present invention, the code number resource managed by the blockchain system includes a resource to be allocated reported by a fourth user; the fourth user is a user for resource management by using the RPKI mode, and the resource to be allocated is code number resource which is not used by the fourth user;
correspondingly, when the target user is the next user of the fourth user, the fourth processing module determines, as the user resource, a target code number resource matched with the resource requirement information from the code number resources managed by the blockchain system when the code number resources managed by the blockchain system meet the resource requirement information, including:
and when the resources to be allocated, which are reported by the fourth user, meet the resource demand information, determining the code number resources matched with the resource demand information from the code number resources to be allocated, which are reported by the fourth user, as user resources.
It is noted that relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
In this specification, each embodiment is described in a related manner, and identical and similar parts of each embodiment are all referred to each other, and each embodiment mainly describes differences from other embodiments. In particular, for system embodiments, since they are substantially similar to method embodiments, the description is relatively simple, as relevant to see a section of the description of method embodiments.
The foregoing description is only of the preferred embodiments of the present invention and is not intended to limit the scope of the present invention. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present invention are included in the protection scope of the present invention.

Claims (8)

1. The Internet code number resource management method is characterized by being applied to a block chain system; the method comprises the following steps:
acquiring a first query request sent by a first user; the first user is a user performing resource management in an RPKI mode, and the first query request carries an RPKI resource certificate acquired by the first user and first query requirement information about an address authorization relationship;
authenticating the identity of the first user by judging whether the RPKI resource certificate carried by the first query request is a legal certificate or not;
If the authentication is passed, feeding back a query result matched with the first query requirement information to the first user based on a target address authorization relationship recorded by an accounting node of the blockchain system and related to an IP prefix and an ASN (autonomous system number), extracting an address authorization relationship from an RPKI resource certificate carried by the first query request, and updating the target address authorization relationship in the accounting node based on the extracted address authorization relationship;
acquiring a second query request sent by a second user; the second user is a user which does not use the RPKI mode to carry out resource management and does not join the blockchain system, and the second query request carries the address authorization relationship of the second user and second query requirement information about the address authorization relationship;
authenticating the identity of the second user by using the address authorization relationship carried by the second query request;
if the authentication is passed, feeding back a query result matched with the second query requirement information to the second user, and updating the target address authorization relationship in the accounting node based on the address authorization relationship carried in the second query request;
The step of authenticating the identity of the second user by using the address authorization relationship carried by the second query request includes:
if the target address authorization relationship records the authorization relationship which is the same as the IP prefix of the address authorization relationship carried by the second inquiry request and different from the ASN, judging that the identity authentication of the second user is not passed; otherwise, judging that the identity authentication of the second user passes.
2. The method according to claim 1, wherein the method further comprises:
acquiring a third query request sent by a third user; the third user is a user joining the blockchain system, and the third query request carries a key certificate issued to the third user by the blockchain system and third query requirement information about an address authorization relationship;
authenticating the identity of the third user by using a key certificate carried in the third inquiry request;
and if the authentication is passed, feeding back a query result matched with the third query requirement information carried by the third query request to the third user.
3. The method according to claim 1 or 2, characterized in that the method further comprises:
When a resource application request sent by a target user joining the blockchain system is received, authenticating the identity of the target user based on a key certificate carried in the resource application request; the key certificate carried in the resource application request is a certificate issued by the blockchain system, and the resource application request also carries resource demand information;
if the authentication is passed, when the code number resource managed by the block chain system meets the resource demand information, determining a target code number resource matched with the resource demand information from the code number resource managed by the block chain system as a user resource;
and feeding back the user resource to the target user so that the target user obtains the user resource, establishing an address authorization relationship of the target user according to the code number resource required to be used by the target user in the user resource, and recording the established address authorization relationship in the target address authorization relationship of the accounting node.
4. The method of claim 3 wherein the code number resources managed by the blockchain system include resources to be allocated reported by a fourth user; the fourth user is a user for resource management by using the RPKI mode, and the resource to be allocated is code number resource which is not used by the fourth user;
Correspondingly, when the target user is the next user of the fourth user, and when the code number resource managed by the blockchain system meets the resource requirement information, determining the target code number resource matched with the resource requirement information from the code number resource managed by the blockchain system as the user resource, wherein the target code number resource comprises:
and when the resources to be allocated, which are reported by the fourth user, meet the resource demand information, determining the code number resources matched with the resource demand information from the code number resources to be allocated, which are reported by the fourth user, as user resources.
5. An internet code number resource management device is characterized by being applied to a block chain system; the device comprises:
the first acquisition module is used for acquiring a first query request sent by a first user; the first user is a user performing resource management in an RPKI mode, and the first query request carries an RPKI resource certificate acquired by the first user and first query requirement information about an address authorization relationship;
the first authentication module is used for authenticating the identity of the first user by judging whether the RPKI resource certificate carried by the first query request is a legal certificate or not;
The first processing module is used for feeding back a query result matched with the first query requirement information to the first user based on a target address authorization relationship recorded by an accounting node of the blockchain system and related to an IP prefix and an ASN (autonomous system number) if authentication is passed, extracting an address authorization relationship from an RPKI resource certificate carried by the first query request, and updating the target address authorization relationship in the accounting node based on the extracted address authorization relationship;
the second acquisition module is used for acquiring a second query request sent by a second user; the second user is a user which does not use the RPKI mode to carry out resource management and does not join the blockchain system, and the second query request carries the address authorization relationship of the second user and second query requirement information about the address authorization relationship;
the second authentication module is used for authenticating the identity of the second user by utilizing the address authorization relationship carried by the second query request;
the second processing module is used for feeding back a query result matched with the second query requirement information to the second user if the authentication is passed, and updating the target address authorization relationship in the accounting node based on the address authorization relationship carried in the second query request;
The step of authenticating the identity of the second user by using the address authorization relationship carried by the second query request includes:
if the target address authorization relationship records the authorization relationship which is the same as the IP prefix of the address authorization relationship carried by the second inquiry request and different from the ASN, judging that the identity authentication of the second user is not passed; otherwise, judging that the identity authentication of the second user passes.
6. The apparatus of claim 5, wherein the apparatus further comprises:
the third acquisition module is used for acquiring a third query request sent by a third user; the third user is a user joining the blockchain system, and the third query request carries a key certificate issued to the third user by the blockchain system and third query requirement information about an address authorization relationship;
the third authentication module is used for authenticating the identity of the third user by utilizing the key certificate carried in the third inquiry request;
and the third processing module is used for feeding back a query result matched with the third query requirement information carried by the third query request to the third user if the authentication is passed.
7. The apparatus according to claim 5 or 6, further comprising:
the fourth authentication module is used for authenticating the identity of the target user based on a key certificate carried in a resource application request when the resource application request sent by the target user joining the blockchain system is received; the key certificate carried in the resource application request is a certificate issued by the blockchain system, and the resource application request also carries resource demand information;
a fourth processing module, configured to determine, if authentication is passed, a target code number resource that matches the resource requirement information from among code number resources managed by the blockchain system as a user resource when the code number resource managed by the blockchain system satisfies the resource requirement information;
and the information feedback module is used for feeding back the user resource to the target user so that the target user obtains the user resource, establishes an address authorization relationship of the target user for the code number resource required to be used by the target user in the user resource, and records the established address authorization relationship in the target address authorization relationship of the accounting node.
8. The apparatus of claim 7, wherein the code number resources managed by the blockchain system include resources to be allocated reported by a fourth user; the fourth user is a user for resource management by using the RPKI mode, and the resource to be allocated is code number resource which is not used by the fourth user;
correspondingly, when the target user is the next user of the fourth user, the fourth processing module determines, as the user resource, a target code number resource matched with the resource requirement information from the code number resources managed by the blockchain system when the code number resources managed by the blockchain system meet the resource requirement information, including:
and when the resources to be allocated, which are reported by the fourth user, meet the resource demand information, determining the code number resources matched with the resource demand information from the code number resources to be allocated, which are reported by the fourth user, as user resources.
CN202110155904.1A 2021-02-04 2021-02-04 Internet code number resource management method and device Active CN112765203B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110155904.1A CN112765203B (en) 2021-02-04 2021-02-04 Internet code number resource management method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110155904.1A CN112765203B (en) 2021-02-04 2021-02-04 Internet code number resource management method and device

Publications (2)

Publication Number Publication Date
CN112765203A CN112765203A (en) 2021-05-07
CN112765203B true CN112765203B (en) 2023-06-30

Family

ID=75704999

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110155904.1A Active CN112765203B (en) 2021-02-04 2021-02-04 Internet code number resource management method and device

Country Status (1)

Country Link
CN (1) CN112765203B (en)

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106600252A (en) * 2016-12-15 2017-04-26 咪咕文化科技有限公司 Payment method and system based on block chain
US11245721B2 (en) * 2018-12-19 2022-02-08 Mcafee, Llc Using a blockchain for distributed denial of service attack mitigation
CN111598564B (en) * 2019-02-20 2023-11-21 华为技术有限公司 Block chain node connection establishment method, device and equipment
CN110012119B (en) * 2019-03-12 2019-11-01 广州大学 A kind of IP address prefix authorization and management method
CN111106940B (en) * 2019-11-25 2022-11-04 广州大学 Certificate transaction verification method of resource public key infrastructure based on block chain

Also Published As

Publication number Publication date
CN112765203A (en) 2021-05-07

Similar Documents

Publication Publication Date Title
US10027670B2 (en) Distributed authentication
US7617522B2 (en) Authentication and authorization across autonomous network systems
RU2308755C2 (en) System and method for providing access to protected services with one-time inputting of password
CN102420690B (en) Fusion and authentication method and system of identity and authority in industrial control system
CN100461690C (en) Common network management safety control system and method thereof
CN100539595C (en) A kind of IP address assignment method based on the DHCP extended attribute
CN111818056B (en) Industrial Internet identity authentication method based on block chain
CN101888389B (en) Method and system for realizing uniform authentication of ICP union
CN111106940B (en) Certificate transaction verification method of resource public key infrastructure based on block chain
US20090271635A1 (en) Methods and systems for authentication
CN101267339A (en) User management method and device
WO2005046118A1 (en) A method for verifying the subscriber's validity
US11611435B2 (en) Automatic key exchange
EP3909221A1 (en) Method for securely providing a personalized electronic identity on a terminal
CN109274579A (en) It is a kind of that user's uniform authentication method is applied based on wechat platform more
CN107832602A (en) A kind of unified electronic seal system based on mark
CN114338242A (en) Cross-domain single sign-on access method and system based on block chain technology
CN101291220A (en) System, device and method for identity security authentication
CN112511553B (en) Hierarchical Internet trust degree sharing method
CN112765203B (en) Internet code number resource management method and device
CN110891067B (en) Revocable multi-server privacy protection authentication method and revocable multi-server privacy protection authentication system
JP2004272380A (en) Group authenticating method and system, service providing device, authentication device, service provision program and recording medium with its program recorded and authentication program and recording medium with its program recorded
CN103118025A (en) Single sign-on method based on network access certification, single sign-on device and certificating server
CN101296245A (en) Login method and system of service server
DE102021110224A1 (en) UPDATE OF PUBLIC KEY CERTIFICATES IN NETWORK DEVICES VIA A BLOCKCHAIN NETWORK

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant