CN113098861A - Active identification carrier, authentication method thereof and service platform - Google Patents

Active identification carrier, authentication method thereof and service platform Download PDF

Info

Publication number
CN113098861A
CN113098861A CN202110340964.0A CN202110340964A CN113098861A CN 113098861 A CN113098861 A CN 113098861A CN 202110340964 A CN202110340964 A CN 202110340964A CN 113098861 A CN113098861 A CN 113098861A
Authority
CN
China
Prior art keywords
active
identification carrier
active identification
identity
service platform
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202110340964.0A
Other languages
Chinese (zh)
Other versions
CN113098861B (en
Inventor
贾雪琴
孙阳阳
林晨
史可
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China United Network Communications Group Co Ltd
Unicom Vsens Telecommunications Co Ltd
Original Assignee
China United Network Communications Group Co Ltd
Unicom Vsens Telecommunications Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China United Network Communications Group Co Ltd, Unicom Vsens Telecommunications Co Ltd filed Critical China United Network Communications Group Co Ltd
Priority to CN202110340964.0A priority Critical patent/CN113098861B/en
Publication of CN113098861A publication Critical patent/CN113098861A/en
Application granted granted Critical
Publication of CN113098861B publication Critical patent/CN113098861B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Power Engineering (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The embodiment of the application provides an active identification carrier, an authentication method thereof and a service platform, relates to the technical field of industry, and is used for realizing the safety authentication of the active identification carrier and ensuring the safety and accuracy of information acquisition. The method comprises the following steps: the active identification carrier sends a first request message to an active identification carrier service platform; the first request message comprises an active identity bearer identity; the active identification carrier service platform receives a first request message sent by an active identification carrier; the active identification carrier service platform determines a target identity certificate according to the active identification carrier identification and a target algorithm; the active identification carrier service platform returns a first request response message to the active identification carrier; the first request response message comprises a target identity credential; and the active identification carrier receives a first request response message sent by the active identification carrier service platform. The method and the device are used for distributing the identity certificate for the active identification carrier.

Description

Active identification carrier, authentication method thereof and service platform
Technical Field
The invention relates to the technical field of industry, in particular to an active identification carrier, an authentication method thereof and a service platform.
Background
The industrial internet identification analysis system is an important component of an industrial internet network architecture, is an infrastructure supporting interconnection and intercommunication of industrial internet networks, and is a core key for realizing data sharing and sharing of the industrial internet. The industrial internet identification code is an identity symbol which can uniquely identify physical resources such as machines and products and virtual resources such as algorithms and processes; the industrial internet identification analysis system is a system device which can inquire the network position of a target object or related information according to an industrial internet identification code, uniquely positions machines and articles and inquires information, and is a premise and basis for realizing accurate butt joint, product full-life-cycle management and intelligent service of a global supply chain system and an enterprise production system.
The industrial internet identification analysis system can store the information of the machine or the product through the identification carrier, thereby realizing the management of the corresponding machine or the product. At present, management of information in an identification carrier is mainly realized in a single reading or reporting mode, and because an industrial internet identification analysis system comprises thousands of identification carriers, the information management operation depending on the mode is complex, although batch management of identification carrier information can be realized through remote communication, a safety certification method of the identification carrier is needed for batch management of the identification carrier due to the fact that the identification carrier is easy to forge, so that the accuracy of information acquisition of the industrial internet identification analysis system is ensured.
Disclosure of Invention
The embodiment of the application provides an active identification carrier, an authentication method thereof and a service platform, which are used for realizing the safety authentication of the active identification carrier and ensuring the safety and accuracy of information acquisition.
In order to achieve the above purpose, the embodiment of the present application adopts the following technical solutions:
in a first aspect, an active identification bearer authentication method is provided, which is applied to an active identification bearer management system, where the active identification bearer management system includes an active identification bearer and an active identification bearer service platform, and the method includes: the active identification carrier service platform receives a first request message sent by an active identification carrier; the first request message comprises an active identity bearer identity; the active identification carrier service platform determines a target identity certificate according to the active identification carrier identification and a target algorithm; the active identification carrier service platform returns a first request response message to the active identification carrier; the first request response message includes the target identity credential.
In a second aspect, an active identification bearer authentication method is provided, which is applied to an active identification bearer management system, where the active identification bearer management system includes an active identification bearer and an active identification bearer service platform, and includes: the active identification carrier sends a first request message to an active identification carrier service platform; the first request message comprises an active identity bearer identity; the active identification carrier receives a first request response message sent by an active identification carrier service platform; the first request response message includes the target identity credential.
In a third aspect, an active identity bearer service platform is provided, including: the receiving module is used for receiving a first request message sent by the active identification carrier; the first request message comprises an active identity bearer identity; the processing module is used for determining a target identity certificate according to the active identification carrier identification and the target algorithm received by the receiving module; the sending module is used for returning a first request response message to the active identification carrier; the first request response message includes the target identity credential.
In a fourth aspect, an active identification carrier is provided, comprising: the sending module is used for sending a first request message to the active identifier carrier service platform; the first request message comprises an active identity bearer identity; the receiving module is used for receiving a first request response message sent by the active identifier carrier service platform; the first request response message includes the target identity credential.
In a fifth aspect, an active identity bearer service platform is provided, including: a memory, a processor, a bus, and a communication interface; the memory is used for storing computer execution instructions, and the processor is connected with the memory through a bus; when the active identity carrier service platform is running, the processor executes the computer-executable instructions stored by the memory to cause the active identity carrier service platform to perform the active identity carrier authentication method as provided by the first aspect.
In a sixth aspect, a computer-readable storage medium is provided, which comprises computer-executable instructions, which, when executed on a computer, cause the computer to perform the method for active identification bearer authentication as provided in the first aspect.
In a seventh aspect, an active identification carrier is provided, including: a memory, a processor, a bus, and a communication interface; the memory is used for storing computer execution instructions, and the processor is connected with the memory through a bus; when the active identification bearer is running, the processor executes the computer-executable instructions stored by the memory to cause the active identification bearer to perform the active identification bearer authentication method as provided by the second aspect.
In an eighth aspect, a computer-readable storage medium is provided, which comprises computer-executable instructions, which, when executed on a computer, cause the computer to perform the method for active identification bearer authentication as provided in the second aspect.
The active identification carrier authentication method provided by the embodiment of the application is applied to an active identification carrier management system, the active identification carrier management system comprises an active identification carrier and an active identification carrier service platform, and the method comprises the following steps: the active identification carrier sends a first request message to an active identification carrier service platform; the first request message comprises an active identity bearer identity; the active identification carrier service platform receives a first request message sent by an active identification carrier; the active identification carrier service platform determines a target identity certificate according to the active identification carrier identification and a target algorithm; the active identification carrier service platform returns a first request response message to the active identification carrier; the first request response message comprises a target identity credential; and the active identification carrier receives a first request response message sent by the active identification carrier service platform. The active identification carrier authentication method provided by the embodiment of the application can generate the identity certificate for the active identification carrier through the active identification carrier service platform, and send the identity certificate to the active identification carrier, so that the active identification carrier stores the corresponding identity certificate; when the active identification carrier and the active identification carrier service platform communicate with each other, the identity of the corresponding active identification carrier can be verified through the identity certificate, so that the safety of the communication between the active identification carrier and the active identification carrier service platform is ensured.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present application, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a schematic diagram of an architecture of an active identity bearer management system according to an embodiment of the present application;
fig. 2 is a second schematic diagram of an architecture of an active identity bearer management system according to an embodiment of the present application;
fig. 3 is a schematic flowchart of an active identification carrier verification method according to an embodiment of the present application;
fig. 4 is a second schematic flowchart of an active identification carrier verification method according to an embodiment of the present application;
fig. 5 is a third schematic flowchart of an active identification carrier verification method according to an embodiment of the present application;
fig. 6 is a fourth schematic flowchart of an active identification carrier verification method according to an embodiment of the present application;
fig. 7 is a fifth flowchart illustrating an active identification carrier verification method according to an embodiment of the present application;
fig. 8 is a schematic structural diagram of an active identification carrier service platform according to an embodiment of the present disclosure;
fig. 9 is a schematic structural diagram of an active identification carrier according to an embodiment of the present application;
fig. 10 is a schematic structural diagram of another active identification carrier service platform provided in an embodiment of the present application;
fig. 11 is a schematic structural diagram of another active identification carrier provided in an embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
It should be noted that in the embodiments of the present application, words such as "exemplary" or "for example" are used to indicate examples, illustrations or explanations. Any embodiment or design described herein as "exemplary" or "e.g.," is not necessarily to be construed as preferred or advantageous over other embodiments or designs. Rather, use of the word "exemplary" or "such as" is intended to present concepts related in a concrete fashion.
It should be noted that in the embodiments of the present application, "of", "corresponding" and "corresponding" may be sometimes used in combination, and it should be noted that the intended meaning is consistent when the difference is not emphasized.
For the convenience of clearly describing the technical solutions of the embodiments of the present application, in the embodiments of the present application, the terms "first", "second", and the like are used for distinguishing the same items or similar items with basically the same functions and actions, and those skilled in the art can understand that the terms "first", "second", and the like are not limited in number or execution order.
Some technical terms related to the embodiments of the present application are explained below.
Marking a carrier: refers to a label that carries an identifying coded resource. The identification carrier can be divided into an active identification carrier and a passive identification carrier according to whether the identification carrier can actively carry out communication interaction with identification data reading and writing equipment, an identification analysis service node, an identification data application platform and the like.
Active identification carrier: the device can be embedded in industrial equipment, bears industrial internet identification codes and necessary security certificates, algorithms and keys, has a networking communication function, and can initiatively initiate connection to an identification analysis service node or an identification data application platform and the like without being triggered by identification reading and writing equipment. The active identity carrier may be a Universal Integrated Circuit Card (UICC), a communication module, a Micro Controller Unit (MCU), or the like.
Passive identification carrier: the fingers are attached to the surface of an industrial device or product to be read by a face card reader. In the industrial internet, a passive identification carrier generally bears an industrial internet identification code, lacks remote network connection capability, and needs to rely on an identification reader-writer to initiate an identification analysis request to an identification analysis server. The passive Identification carrier may be a one-dimensional bar code, a two-dimensional bar code, a Radio Frequency Identification (RFID) technology, Near Field Communication (NFC), and the like.
Because the passive identification carrier needs to realize the writing and reading of the recorded information by an identification reader-writer, only the single reading and writing can be realized; the active identification carrier can realize remote batch management of the identification carrier, but the active identification carrier has a risk of being forged, so that the batch management of the active identification carrier also needs to ensure the safety of stored information. In order to implement the mass management of the identification carriers and ensure the security of the identification carriers, the embodiment of the application provides an active identification carrier authentication method, which implements identity authentication of the active identification carriers through an active identification carrier service platform and distributes identity certificates for the active identification carriers, thereby ensuring the security of the active identification carriers subsequently participating in the mass management.
As shown in fig. 1, an active identification bearer management system according to an embodiment of the present application includes an active identification bearer 01 and an active identification bearer service platform 02.
The active identification carrier 01 is used for storing relevant information of industrial products, such as industrial identifications of the industrial products and the like; the active identification carrier 01 is also used for communicating with the active identification carrier service platform 02 to realize the management of the stored information. The active identification carrier 01 can be a UICC, an MCU, a communication module, and the like.
The active identification carrier service platform 02 is used for communicating with an enterprise information system and realizing information management of the active identification carrier 01, such as addition and deletion of information stored in the active identification carrier 01; the active identification carrier service platform 02 is further configured to verify the identity of the active identification carrier 01. The active identity bearer service platform 02 may be one server in a server cluster (composed of a plurality of servers), a chip in the one server, a system on chip in the one server, or a Virtual Machine (VM) deployed on a physical machine.
It should be noted that, because the active identity bearer 01 is generally a component such as a UICC and does not have an independent communication capability, in practice, the active identity bearer 01 needs to be configured with a corresponding terminal, so that the active identity bearer 01 can communicate with the active identity bearer service platform 02 and the enterprise information system 03 through the terminal.
Optionally, as shown in fig. 2, the active identification bearer management system may further include an enterprise information system 03.
And the enterprise information system 03 is used for managing the information in the active identification carrier 01 through the active identification carrier service platform 02. The enterprise information system 03 here may be an application program deployed on a computer.
It should be noted that, the foregoing only exemplifies partial functions of the active identifier carrier 01, the active identifier carrier service platform 02 and the enterprise information system 03, and in practice, those skilled in the art may also configure other functions for the active identifier carrier 01, the active identifier carrier service platform 02 and the enterprise information system 03 according to needs, and details are not repeated here.
The embodiment of the application provides an active identification carrier authentication method, which is applied to the active identification carrier management system. As shown in fig. 3, the method includes:
s101, the active identification carrier sends a first request message to an active identification carrier service platform.
Wherein the first request message comprises an active identity bearer identity.
Specifically, when an industrial enterprise uses an active identification carrier to identify corresponding industrial product information, the active identification carrier needs to request a corresponding identity credential from an active identification carrier service platform to ensure uniqueness of the active identification carrier and avoid counterfeiting of the active identification carrier. The first request message is used for requesting the active identification carrier service platform to distribute the identity certificate for the active identification carrier so as to ensure the uniqueness and the security of the active identification carrier.
It should be noted that, because the active identification bearer generally includes components such as a UICC, an MCU, a communication module, and the like, and does not have a communication capability when existing alone, a corresponding terminal needs to be configured for the active identification bearer, so that the active identification bearer can be adapted to the corresponding terminal and communicate with the active identification bearer service platform through the corresponding terminal.
In some embodiments, since the active identity bearer may be a component such as a UICC, an MCU, a communication module, and the like, the active identity bearer identifier herein may also be different identifier information. For example, when the active identification carrier is a UICC, the corresponding active identification carrier identifier may be an Integrated Circuit Card Identification (ICCID); when the active identification carrier is a communication module, the corresponding active identification carrier identifier may be a unique identifier, such as TX0001, assigned by its manufacturer.
S102, the active identification carrier service platform receives a first request message sent by an active identification carrier.
S103, the active identification carrier service platform determines a target identity certificate according to the active identification carrier identification and the target algorithm.
Specifically, after receiving the first request message, the active identification bearer service platform may generate, according to the corresponding target algorithm, the target identity credential for the corresponding active identification bearer according to the active identification bearer identifier carried in the first request message.
In some embodiments, the target algorithm can be set by one skilled in the art as required; for example, the target Algorithm may be SM2 cryptographic Algorithm, Message Digest Algorithm (MD 5), and the like. According to different target algorithms, different identity certificates can be formulated for corresponding active identification carriers according to active identification carrier identifications, for example, according to the SM2 cryptographic algorithm, corresponding signature certificates can be formulated for the active identification carriers, and the signature certificates are used as identity certificates of the active identification carriers; and the corresponding key information can be formulated for the active identification carrier according to the MD5 algorithm, for example, and the key information is used as the identity credential of the active identification carrier. Of course, those skilled in the art may also formulate a corresponding identity credential for the active identity bearer according to other algorithms, which is not limited in this embodiment of the present application.
In some embodiments, the first request message may further include other related information of the active identification carrier, for example, information such as a key, a security certificate, and the like, which is made by a manufacturer of the active identification carrier. Here, the process of generating the target identity credential by the active identity bearer service platform according to the active identity bearer identifier, the key and other information carried in the first request message may refer to technical means used in the art, and is not described herein again.
S104, the active identification carrier service platform returns a first request response message to the active identification carrier.
Wherein the first request response message includes the target identity credential.
S105, the active identification carrier receives a first request response message sent by the active identification carrier service platform.
Specifically, after generating a corresponding target identity credential for the active identity carrier, the active identity carrier service platform may send the target identity credential to the active identity carrier through a first request response message; after receiving the first request response message, the active identification carrier can store the target identity certificate carried by the active identification carrier, so that the active identification carrier can establish mutual secure communication through the target identity certificate in subsequent communication with the active identification carrier service platform, and avoid the access of forged active identification carriers to the active identification carrier management system.
Optionally, the active identification carrier and the active identification carrier service platform both include corresponding keys (public keys and private keys), where the keys may be set by manufacturers of the active identification carrier and the active identification carrier service platform when the active identification carrier and the active identification carrier service platform leave a factory, and the active identification carrier service platform may be provided by the same manufacturer, so that the active identification carrier may preset a first public key of the active identification carrier service platform before leaving the factory, and the active identification carrier service platform may also preset a second public key of the active identification carrier before leaving the factory.
The first request response message may include information such as the target identity credential, the active identity bearer identifier, and a correspondence between the target identity credential and the active identity bearer identifier. The second public key of the active identification carrier is stored in the active identification carrier service platform, so that the active identification carrier service platform can encrypt the first request response message by using the second public key, sign the first request response message by using the first private key of the active identification carrier service platform, and further send the encrypted and signed first request response message to the active identification carrier.
The first public key of the active identification carrier service platform is stored in the active identification carrier, so that the active identification carrier can use the first public key to verify the signature of the first request response message after receiving the first request response message; after the signature verification of the first request response message by the active identification carrier is successful, the encrypted first request response message can be decrypted by using a second private key of the active identification carrier, so that information such as a target identity certificate, an active identification carrier identification, a corresponding relation between the target identity certificate and the active identification carrier identification, and the like carried by the first request response message is determined. Certainly, after the signature verification of the first request response message fails, the active identification carrier cannot acquire the corresponding identity credential, and at this time, the authentication process of the active identification carrier is ended.
It should be noted that, the first public key and the first private key are key information for actively identifying the carrier service platform, and the first public key corresponds to the first private key; similarly, the second public key and the second private key are key information of the active identification carrier, and the second public key corresponds to the second private key.
Optionally, the active identification carrier is used for identifying a product of an industrial enterprise, and the active identification carrier service platform may be provided by a manufacturer of the active identification carrier, so as to facilitate a corresponding industrial enterprise to use the active identification carrier, and therefore, the active identification carrier management system may further include an enterprise information system, so that the industrial enterprise manages the active identification carrier through the enterprise information system. Therefore, after the identity authentication of the active identity bearer is implemented through the above steps, as shown in fig. 4, the active identity bearer authentication method may further include:
s106, the active identification carrier sends a first request completion message to the enterprise information system.
Wherein the first request completion message is used for indicating that the active identity bearer authentication is completed.
Specifically, the first request completion message herein may include an active identification bearer identification corresponding to the active identification bearer, and a corresponding identity credential. After receiving the first request completion message, the enterprise information system can determine that the active identification carrier service platform distributes identity certificates for the active identification carriers; at this time, the enterprise information system can manage the corresponding active identification carrier through the active identification carrier service platform.
Optionally, before the active identification carrier service platform allocates the identity credential to the active identification carrier, the active identification carrier further needs to register with the active identification carrier service platform, so as to facilitate the active identification carrier to legally access the active identification carrier service platform, and enable the active identification carrier service platform to allocate the identity credential to the active identification carrier. Therefore, before step S101, as shown in fig. 5, the method further includes:
s201, the active identification carrier sends a first registration request message to an active identification carrier service platform.
Wherein the first registration request message includes an active identity bearer identity.
S202, the active identification carrier service platform receives a first registration request message sent by the active identification carrier.
S203, the active identification carrier service platform returns a first registration request response message to the active identification carrier.
Wherein the first registration request response message is used for indicating that the active identity carrier is registered completely.
S204, the active identification carrier receives a first registration request response message sent by the active identification carrier service platform.
Specifically, steps S201 to S204 are a procedure of registering the active identity bearer with the active identity bearer service platform, and the active identity bearer service platform may store the active identity bearer identifier carried in the first registration request message.
After the active identification carrier service platform stores the corresponding active identification carrier identifier, the identity identifier can be allocated to the corresponding active identification carrier. For example, when the active identification carrier service platform stores a first active identification carrier identifier, if the first active identification carrier requests the active identification carrier service platform for an identity credential through a first request message, the active identification carrier service platform may match the active identification carrier identifier carried in the first request message with the first active identification carrier identifier inside the first active identification carrier identifier; if the two are matched, the active identification carrier service platform can execute the active identification carrier authentication method provided by the embodiment, so as to distribute a corresponding identity certificate for the active identification carrier; if the two are not matched, the active identification carrier service platform can refuse to distribute the identity certificate for the active identification carrier.
Optionally, the first registration request response message may further include a first password. The first password may be an access password generated by the active identification bearer service platform, and is used for enabling the active identification bearer to legally access the active identification bearer service platform. The first password is generated by the active identification carrier service platform, so that the active identification carrier service platform stores the first password, and meanwhile, the active identification carrier can also store the first password through the first registration request response message. Therefore, when the subsequent active identification carrier communicates with the active identification carrier service platform, the active identification carrier can legally access the active identification carrier service platform through the first password.
Further, as shown in fig. 6, before step S103, the active identity bearer service platform may further perform the following steps:
s301, determining that the first password is matched with the second password.
Specifically, the second password is the first password generated by the active identity bearer service platform. After receiving the first request message, the active identifier carrier service platform may match a first password carried in the first request message with a second password stored in the active identifier carrier service platform, and if the first password is matched with the second password, the active identifier carrier service platform performs step S103; if the first password is not matched with the second password, the active identification carrier service platform refuses the access of the active identification carrier, and at this time, the active identification carrier authentication method provided by the embodiment of the application can be ended.
It should be noted that the first password here may be set as required by a person skilled in the art, for example, when the active identification carrier is a UICC, the first password here may be a Personal Identification Number (PIN). Of course, the first password may be other password information commonly used in the art, and will not be described herein.
In some embodiments, before step S101, the method may further include:
s100a, the active identification carrier sends a first access request message to the active identification carrier service platform.
Wherein the first access request message includes a first password.
And S100b, if the active identification carrier service platform determines that the first password is matched with the second password, returning a first access request response message to the active identification carrier.
The first access request response message is used for indicating that the access of the active identification carrier is successful.
Specifically, the active carrier may also access the active carrier service platform through steps S100a-S100b before requesting the identity credential from the active carrier service platform. At this time, the active identification carrier service platform matches the first password carried by the first access request message with the second password stored by the active identification carrier service platform, if the first password and the second password are matched, the active identification carrier service platform returns a first access request response message to the active identification carrier, and the active identification carrier continues to execute the step S101; if the two are not matched, the active identification carrier service platform returns a first access request rejection message to the active identification carrier, which is used for indicating the active identification carrier service platform to reject the access of the active identification carrier, and at this moment, the embodiment of the application is finished.
In some embodiments, the active identity bearer may further obtain the first password through the first message, and at this time, the first registration request response message does not include the first password any more. At this time, as shown in fig. 7, after step S202, the registration process of the active identity bearer may further include:
s401, the active identification carrier service platform sends a first message to the active identification carrier.
Wherein the first message includes a first password.
S402, the active identification carrier returns a first response message to the active identification carrier service platform.
Wherein the first response message is used for indicating that the active identification carrier stores the first password.
Specifically, after the active identification carrier sends a first registration request message to the active identification carrier service platform, the active identification carrier service platform can return a first password to the active identification carrier through the first message, so that a subsequent active identification carrier is legally accessed to the active identification carrier service platform; after the active identification carrier stores the first password, the active identification carrier service platform may be notified through the first response message that the active identification carrier stores the first password. At this time, the active identity bearer service platform may perform step S203.
In some embodiments, the active identity bearer may obtain the first public key through the first registration request response message, and the active identity bearer service platform may obtain the second public key through the first registration request message. At this time, the first public key does not need to be stored in the active identification carrier in a factory preset manner, and the second public key does not need to be stored in the active identification carrier service platform in a factory preset manner. Of course, the above-mentioned manner of presetting and obtaining the public key of the opposite end (active identity carrier or active identity carrier service platform) through the registration process is only exemplary, and those skilled in the art may also obtain corresponding public key information through other signaling messages therebetween, which is not limited in the embodiment of the present application.
The active identification carrier authentication method provided by the embodiment of the application is applied to an active identification carrier management system, the active identification carrier management system comprises an active identification carrier and an active identification carrier service platform, and the method comprises the following steps: the active identification carrier sends a first request message to an active identification carrier service platform; the first request message comprises an active identity bearer identity; the active identification carrier service platform receives a first request message sent by an active identification carrier; the active identification carrier service platform determines a target identity certificate according to the active identification carrier identification and a target algorithm; the active identification carrier service platform returns a first request response message to the active identification carrier; the first request response message comprises a target identity credential; and the active identification carrier receives a first request response message sent by the active identification carrier service platform. The active identification carrier authentication method provided by the embodiment of the application can generate the identity certificate for the active identification carrier through the active identification carrier service platform, and send the identity certificate to the active identification carrier, so that the active identification carrier stores the corresponding identity certificate; when the active identification carrier and the active identification carrier service platform communicate with each other, the identity of the corresponding active identification carrier can be verified through the identity certificate, so that the safety of the communication between the active identification carrier and the active identification carrier service platform is ensured.
As shown in fig. 8, an embodiment of the present application provides an active identification bearer service platform 50, including:
a receiving module 501, configured to receive a first request message sent by an active identity bearer; the first request message includes an active identity bearer identity.
The processing module 502 is configured to determine the target identity credential according to the active identifier and the target algorithm received by the receiving module 501.
A sending module 503, configured to return a first request response message to the active identity bearer; the first request response message includes the target identity credential.
Optionally, the first request message further includes a first password, and the active bearer service platform includes a second password. The processing module 502 is further configured to determine that the first password and the second password match.
Optionally, the receiving module 501 is further configured to receive a first registration request message sent by the active identity bearer; the first registration request message includes an active identity bearer identity.
The sending module 503 is further configured to return a first registration request response message to the active identity bearer; the first registration request response message is used for indicating that the active identity carrier is registered.
As shown in fig. 9, the embodiment of the present application further provides an active identification carrier 60, including:
a sending module 601, configured to send a first request message to an active identity bearer service platform; the first request message includes an active identity bearer identity.
A receiving module 602, configured to receive a first request response message sent by an active identity bearer service platform; the first request response message includes the target identity credential.
Optionally, the sending module 601 is further configured to send a first registration request message to the active identity bearer service platform; the first registration request message comprises an active identity carrier identity;
a receiving module 602, further configured to receive a first registration request response message sent by the active identity carrier service platform; the first registration request response message includes a first password.
In the embodiment of the application, an active identification carrier sends a first request message to an active identification carrier service platform; the first request message comprises an active identity bearer identity; the active identification carrier service platform receives a first request message sent by an active identification carrier; the active identification carrier service platform determines a target identity certificate according to the active identification carrier identification and a target algorithm; the active identification carrier service platform returns a first request response message to the active identification carrier; the first request response message comprises a target identity credential; and the active identification carrier receives a first request response message sent by the active identification carrier service platform. The method and the device for the identity certificate generation can generate the identity certificate for the active identification carrier through the active identification carrier service platform and send the identity certificate to the active identification carrier, so that the active identification carrier stores the corresponding identity certificate; when the active identification carrier and the active identification carrier service platform communicate with each other, the identity of the corresponding active identification carrier can be verified through the identity certificate, so that the safety of the communication between the active identification carrier and the active identification carrier service platform is ensured.
As shown in fig. 10, the embodiment of the present application further provides another active identification carrier service platform, which includes a memory 71, a processor 72, a bus 73, and a communication interface 74; the memory 71 is used for storing computer execution instructions, and the processor 72 is connected with the memory 71 through a bus 73; when the active identification carrier service platform is running, the processor 72 executes the computer-executable instructions stored in the memory 71 to cause the active identification carrier service platform to perform the active identification carrier authentication method provided in the above-described embodiment.
In particular implementations, processor 72(72-1 and 72-2) may include one or more CPUs, such as CPU0 and CPU1 shown in FIG. 10, for example, as one embodiment. And as an example, the active identification carrier service platform may include a plurality of processors 72, such as processor 72-1 and processor 72-2 shown in fig. 10. Each of the processors 72 may be a single-Core Processor (CPU) or a multi-Core Processor (CPU). Processor 72 may refer herein to one or more devices, circuits, and/or processing cores that process data (e.g., computer program instructions).
The memory 71 may be, but is not limited to, a read-only memory 71 (ROM) or other type of static storage device that can store static information and instructions, a Random Access Memory (RAM) or other type of dynamic storage device that can store information and instructions, an electrically erasable programmable read-only memory (EEPROM), a compact disc read-only memory (CD-ROM) or other optical disc storage, optical disc storage (including compact disc, laser disc, optical disc, digital versatile disc, blu-ray disc, etc.), magnetic disk storage media or other magnetic storage devices, or any other medium that can be used to carry or store desired program code in the form of instructions or data structures and that can be accessed by a computer. The memory 71 may be self-contained and coupled to the processor 72 via a bus 73. The memory 71 may also be integrated with the processor 72.
In a specific implementation, the memory 71 is used for storing data in the present application and computer-executable instructions corresponding to software programs for executing the present application. The processor 72 may actively identify various functions of the carrier service platform by running or executing software programs stored in the memory 71 and invoking data stored in the memory 71.
The communication interface 74 is any device, such as a transceiver, for communicating with other devices or communication networks, such as a control system, a Radio Access Network (RAN), a Wireless Local Area Network (WLAN), and the like. The communication interface 74 may include a receiving unit to implement a receiving function and a transmitting unit to implement a transmitting function.
The bus 73 may be an Industry Standard Architecture (ISA) bus, a Peripheral Component Interconnect (PCI) bus, an extended ISA (enhanced industry standard architecture) bus, or the like. The bus 73 may be divided into an address bus, a data bus, a control bus, and the like. For ease of illustration, only one thick line is shown in FIG. 10, but this is not intended to represent only one bus or type of bus.
The embodiment of the present application further provides a computer-readable storage medium, where the computer-readable storage medium includes computer-executable instructions, and when the computer-executable instructions are executed on a computer, the computer is enabled to execute the active identification carrier authentication method provided in the foregoing embodiment.
The embodiment of the present application further provides a computer program, where the computer program may be directly loaded into the memory and contains a software code, and the computer program is loaded and executed by a computer, so as to implement the active identifier carrier authentication method provided by the foregoing embodiment.
As shown in fig. 11, the embodiment of the present application further provides another active identification carrier, which includes a memory 81, a processor 82, a bus 83, and a communication interface 84; the memory 81 is used for storing computer execution instructions, and the processor 82 is connected with the memory 81 through a bus 83; when the active identification carrier is running, the processor 82 executes computer-executable instructions stored by the memory 81 to cause the active identification carrier to perform the active identification carrier authentication method as provided in the above embodiments.
In particular implementations, processor 82(82-1 and 82-2) may include one or more CPUs, such as CPU0 and CPU1 shown in FIG. 11, for example, as one embodiment. And as an example, the active identification carrier may include a plurality of processors 82, such as processor 82-1 and processor 82-2 shown in fig. 11. Each of the processors 82 may be a single-Core Processor (CPU) or a multi-Core Processor (CPU). Processor 82 herein may refer to one or more devices, circuits, and/or processing cores for processing data (e.g., computer program instructions).
The memory 81 may be, but is not limited to, a read-only memory 81 (ROM) or other type of static storage device that can store static information and instructions, a Random Access Memory (RAM) or other type of dynamic storage device that can store information and instructions, an electrically erasable programmable read-only memory (EEPROM), a compact disc read-only memory (CD-ROM) or other optical disc storage, optical disc storage (including compact disc, laser disc, optical disc, digital versatile disc, blu-ray disc, etc.), magnetic disk storage media or other magnetic storage devices, or any other medium that can be used to carry or store desired program code in the form of instructions or data structures and that can be accessed by a computer. The memory 81 may be self-contained and coupled to the processor 82 via a bus 83. The memory 81 may also be integrated with the processor 82.
In a specific implementation, the memory 81 is used for storing data in the present application and computer-executable instructions corresponding to software programs for executing the present application. The processor 82 may actively identify various functions of the carrier by running or executing software programs stored in the memory 81 and invoking data stored in the memory 81.
The communication interface 84 is any device, such as a transceiver, for communicating with other devices or communication networks, such as a control system, a Radio Access Network (RAN), a Wireless Local Area Network (WLAN), and the like. The communication interface 84 may include a receiving unit to implement the receiving function and a transmitting unit to implement the transmitting function.
The bus 83 may be an Industry Standard Architecture (ISA) bus, a Peripheral Component Interconnect (PCI) bus, an extended ISA (enhanced industry standard architecture) bus, or the like. The bus 83 may be divided into an address bus, a data bus, a control bus, etc. For ease of illustration, only one thick line is shown in FIG. 11, but this is not intended to represent only one bus or type of bus.
The embodiment of the present application further provides a computer-readable storage medium, where the computer-readable storage medium includes computer-executable instructions, and when the computer-executable instructions are executed on a computer, the computer is enabled to execute the active identification carrier authentication method provided in the foregoing embodiment.
The embodiment of the present application further provides a computer program, where the computer program may be directly loaded into the memory and contains a software code, and the computer program is loaded and executed by a computer, so as to implement the active identifier carrier authentication method provided by the foregoing embodiment.
Those skilled in the art will recognize that in one or more of the examples described above, the functions described herein may be implemented in hardware, software, firmware, or any combination thereof. When implemented in software, the functions may be stored on or transmitted over as one or more instructions or code on a computer-readable medium. Computer-readable media includes both computer storage media and communication media including any medium that facilitates transfer of a computer program from one place to another. A storage media may be any available media that can be accessed by a general purpose or special purpose computer.
Through the above description of the embodiments, it is clear to those skilled in the art that, for convenience and simplicity of description, the foregoing division of the functional modules is merely used as an example, and in practical applications, the above function distribution may be completed by different functional modules according to needs, that is, the internal structure of the device may be divided into different functional modules to complete all or part of the above described functions.
In the several embodiments provided in the present application, it should be understood that the disclosed apparatus and method may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the modules or units is only one logical function division, and there may be other division ways in actual implementation. For example, various elements or components may be combined or may be integrated into another device, or some features may be omitted, or not implemented. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form. Units described as separate parts may or may not be physically separate, and parts displayed as units may be one physical unit or a plurality of physical units, may be located in one place, or may be distributed to a plurality of different places. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit. The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a readable storage medium. Based on such understanding, the technical solutions of the embodiments of the present application may be essentially or partially contributed to by the prior art, or all or part of the technical solutions may be embodied in the form of a software product, where the software product is stored in a storage medium and includes several instructions to enable a device (which may be a single chip, a chip, or the like) or a processor (processor) to execute all or part of the steps of the methods described in the embodiments of the present application. And the aforementioned storage medium includes: various media capable of storing program codes, such as a U disk, a removable hard disk, a ROM, a RAM, a magnetic disk, or an optical disk.
The above description is only for the specific embodiments of the present application, but the scope of the present application is not limited thereto, and any changes or substitutions that can be easily conceived by those skilled in the art within the technical scope of the present application should be covered within the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.

Claims (14)

1. An active identification carrier authentication method is applied to an active identification carrier management system, wherein the active identification carrier management system comprises an active identification carrier and an active identification carrier service platform, and the method comprises the following steps:
the active identification carrier service platform receives a first request message sent by the active identification carrier; the first request message comprises an active identity bearer identity;
the active identification carrier service platform determines a target identity certificate according to the active identification carrier identification and a target algorithm;
the active identification carrier service platform returns a first request response message to the active identification carrier; the first request response message includes the target identity credential.
2. The active identity bearer authentication method of claim 1, wherein the first request message further comprises a first password, and the active identity bearer service platform comprises a second password; before the active identification carrier service platform determines the target identity credential according to the active identification carrier identification and the target algorithm, the method further comprises the following steps:
determining that the first password and the second password match.
3. The active identity bearer authentication method according to claim 2, wherein before the active identity bearer service platform receives the first request message sent by the active identity bearer, the method further comprises:
the active identification carrier service platform receives a first registration request message sent by the active identification carrier; the first registration request message comprises the active identity carrier identity;
the active identification carrier service platform returns a first registration request response message to the active identification carrier; the first registration request response message is used for indicating that the active identity carrier is registered completely.
4. An active identification carrier authentication method is applied to an active identification carrier management system, wherein the active identification carrier management system comprises an active identification carrier and an active identification carrier service platform, and the method comprises the following steps:
the active identification carrier sends a first request message to the active identification carrier service platform; the first request message comprises an active identity bearer identity;
the active identification carrier receives a first request response message sent by the active identification carrier service platform; the first request response message includes a target identity credential.
5. The active identity bearer authentication method according to claim 4, wherein before the active identity bearer sends the first request message to the active identity bearer service platform, the method further comprises:
the active identification carrier sends a first registration request message to the active identification carrier service platform; the first registration request message comprises the active identity carrier identity;
the active identification carrier receives a first registration request response message sent by the active identification carrier service platform; the first registration request response message includes a first password.
6. An active identification carrier service platform, comprising:
a receiving module, configured to receive a first request message sent by the active identity bearer; the first request message comprises an active identity bearer identity;
the processing module is used for determining a target identity certificate according to the active identification carrier identification and the target algorithm received by the receiving module;
a sending module, configured to return a first request response message to the active identity bearer; the first request response message includes the target identity credential.
7. The active identification carrier service platform of claim 6, wherein the first request message further comprises a first password, and wherein the active identification carrier service platform comprises a second password; the processing module is further configured to determine that the first password matches the second password.
8. The active identification carrier service platform according to claim 7, wherein the receiving module is further configured to receive a first registration request message sent by the active identification carrier; the first registration request message comprises the active identity carrier identity;
the sending module is further configured to return a first registration request response message to the active identity bearer; the first registration request response message is used for indicating that the active identity carrier is registered completely.
9. An active identification carrier, comprising:
the sending module is used for sending a first request message to the active identifier carrier service platform; the first request message comprises an active identity bearer identity;
the receiving module is used for receiving a first request response message sent by the active identifier carrier service platform; the first request response message includes a target identity credential.
10. The active identification bearer according to claim 9, wherein the sending module is further configured to send a first registration request message to the active identification bearer service platform; the first registration request message comprises the active identity carrier identity;
the receiving module is further configured to receive a first registration request response message sent by the active identity carrier service platform; the first registration request response message includes a first password.
11. An active identification carrier service platform is characterized by comprising a memory, a processor, a bus and a communication interface; the memory is used for storing computer execution instructions, and the processor is connected with the memory through the bus; the computer-executable instructions stored by the memory are executable by the processor when the active identity carrier service platform is running to cause the active identity carrier service platform to perform the active identity carrier authentication method of any one of claims 1-3.
12. A computer-readable storage medium, comprising computer-executable instructions, which, when run on a computer, cause the computer to perform the method of active identification bearer authentication according to any one of claims 1-3.
13. An active identification carrier comprising a memory, a processor, a bus and a communication interface; the memory is used for storing computer execution instructions, and the processor is connected with the memory through the bus; the processor executes the computer-executable instructions stored by the memory when the active identification carrier is running to cause the active identification carrier to perform the active identification carrier authentication method of any of claims 4-5.
14. A computer-readable storage medium, comprising computer-executable instructions, which, when run on a computer, cause the computer to perform the method of active identification bearer authentication according to any one of claims 4-5.
CN202110340964.0A 2021-03-30 2021-03-30 Active identification carrier, authentication method thereof and service platform Active CN113098861B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110340964.0A CN113098861B (en) 2021-03-30 2021-03-30 Active identification carrier, authentication method thereof and service platform

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110340964.0A CN113098861B (en) 2021-03-30 2021-03-30 Active identification carrier, authentication method thereof and service platform

Publications (2)

Publication Number Publication Date
CN113098861A true CN113098861A (en) 2021-07-09
CN113098861B CN113098861B (en) 2023-09-19

Family

ID=76670947

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110340964.0A Active CN113098861B (en) 2021-03-30 2021-03-30 Active identification carrier, authentication method thereof and service platform

Country Status (1)

Country Link
CN (1) CN113098861B (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113965930A (en) * 2021-10-15 2022-01-21 南通大学 Quantum key-based industrial internet active identification analysis method and system
CN114268643A (en) * 2021-11-26 2022-04-01 许继集团有限公司 Power distribution internet of things terminal based on active identification technology and management method
CN115412362A (en) * 2022-09-06 2022-11-29 中国联合网络通信集团有限公司 Data acquisition method based on carbon emission, server and terminal
CN115865396A (en) * 2022-09-06 2023-03-28 中国联合网络通信集团有限公司 Carbon emission identification reading method and device, electronic equipment and readable storage medium
CN116305066A (en) * 2023-05-17 2023-06-23 山东青鸟工业互联网有限公司 Device authentication method, system and storage medium based on active identification carrier

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2016145815A1 (en) * 2015-08-14 2016-09-22 中兴通讯股份有限公司 Euicc and activation method thereof, internet of things system, remote subscription management platform
CN111723885A (en) * 2020-06-22 2020-09-29 重庆忽米网络科技有限公司 Industrial internet enterprise identification interaction system and implementation method thereof
CN112200502A (en) * 2020-11-19 2021-01-08 苏州协同创新智能制造装备有限公司 Industrial internet identification analysis method

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2016145815A1 (en) * 2015-08-14 2016-09-22 中兴通讯股份有限公司 Euicc and activation method thereof, internet of things system, remote subscription management platform
CN111723885A (en) * 2020-06-22 2020-09-29 重庆忽米网络科技有限公司 Industrial internet enterprise identification interaction system and implementation method thereof
CN112200502A (en) * 2020-11-19 2021-01-08 苏州协同创新智能制造装备有限公司 Industrial internet identification analysis method

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
余果等: "认证视角下的工业互联网标识解析安全", 《信息网络安全》 *
工业互联网产业联盟: "工业互联网标识解析—主动标识载体技术白皮书", 《HTTPS://DOWNLOAD.CSDN.NET/DOWNLOAD/U013182857/12362214?SPM=1003.2122.3001.6634.3》 *

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113965930A (en) * 2021-10-15 2022-01-21 南通大学 Quantum key-based industrial internet active identification analysis method and system
CN114268643A (en) * 2021-11-26 2022-04-01 许继集团有限公司 Power distribution internet of things terminal based on active identification technology and management method
CN114268643B (en) * 2021-11-26 2024-04-16 许继集团有限公司 Active identification technology-based power distribution Internet of things terminal and management method
CN115412362A (en) * 2022-09-06 2022-11-29 中国联合网络通信集团有限公司 Data acquisition method based on carbon emission, server and terminal
CN115865396A (en) * 2022-09-06 2023-03-28 中国联合网络通信集团有限公司 Carbon emission identification reading method and device, electronic equipment and readable storage medium
CN115865396B (en) * 2022-09-06 2024-03-01 中国联合网络通信集团有限公司 Carbon emission identification reading method and device, electronic equipment and readable storage medium
CN115412362B (en) * 2022-09-06 2024-05-14 中国联合网络通信集团有限公司 Data acquisition method based on carbon emission, server and terminal
CN116305066A (en) * 2023-05-17 2023-06-23 山东青鸟工业互联网有限公司 Device authentication method, system and storage medium based on active identification carrier
CN116305066B (en) * 2023-05-17 2023-08-22 山东青鸟工业互联网有限公司 Device authentication method, system and storage medium based on active identification carrier

Also Published As

Publication number Publication date
CN113098861B (en) 2023-09-19

Similar Documents

Publication Publication Date Title
CN113098861B (en) Active identification carrier, authentication method thereof and service platform
CN113114796B (en) Active identification carrier, management method thereof and service platform
CN107993149B (en) Account information management method, system and readable storage medium
CN108846010B (en) Method, system, computer system and storage medium for tracing product source in network
EP3466021B1 (en) A method for managing the status of a connected device
CN113037773B (en) Active identification carrier, management method thereof and service platform
US11218464B2 (en) Information registration and authentication method and device
CN111222109A (en) Operation method of block chain account, node equipment and storage medium
CN106779673B (en) Electronic payment method and system
CN113315630B (en) Block chain, quantum key distribution method and device
CN109451483B (en) eSIM data processing method, equipment and readable storage medium
CN113141404B (en) Intelligent gateway and data sharing system
CN108028755A (en) Certification based on token
CN114021162A (en) Computing power sharing method, device, system, electronic equipment and storage medium
CN113301557B (en) eSIM card state management method, device, equipment and storage medium
CN115065703A (en) Internet of things system, authentication and communication method thereof and related equipment
CN109743237B (en) Authentication method of APP and gateway
CN105825247B (en) A kind of card reader and data transmission method
CN113904774A (en) Block chain address authentication method and device and computer equipment
CN109525395B (en) Signature information transmission method and device, storage medium and electronic device
CN105103180B (en) Method for handling the distribution of mobile credit card
CN106790331B (en) Service access method, system and related device
CN106713218B (en) Resource exchange method and device
JP2015045892A (en) One-time password method
US11930006B2 (en) System and method for hosting FIDO authenticators

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant