CN114301870A - User identity management method and related product - Google Patents

User identity management method and related product Download PDF

Info

Publication number
CN114301870A
CN114301870A CN202111622027.0A CN202111622027A CN114301870A CN 114301870 A CN114301870 A CN 114301870A CN 202111622027 A CN202111622027 A CN 202111622027A CN 114301870 A CN114301870 A CN 114301870A
Authority
CN
China
Prior art keywords
identity
information
user
service
identification
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111622027.0A
Other languages
Chinese (zh)
Inventor
刘伟
李凯
那中丽
张敏
胡晓娟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Telecom Corp Ltd
Original Assignee
China Telecom Corp Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Telecom Corp Ltd filed Critical China Telecom Corp Ltd
Priority to CN202111622027.0A priority Critical patent/CN114301870A/en
Publication of CN114301870A publication Critical patent/CN114301870A/en
Pending legal-status Critical Current

Links

Images

Abstract

The application belongs to the technical field of internet, and particularly relates to a user identity management method and a related product. The method comprises the following steps: responding to an identity management request initiated by a service request party, and acquiring an international mobile subscriber identity of a current subscriber; inquiring the real identity information of the current user according to the international mobile subscriber identity; mapping the real identity information to obtain an identity code which is uniquely associated with the real identity information, wherein the identity code is an industrial internet identifier of the current user and is unique; and inquiring the service qualification information of the current user according to the identity identification code, and returning an identity management result to the service request method according to the service qualification information. The method and the device can reduce the network resource cost and improve the convenience and the management efficiency of the user identity management.

Description

User identity management method and related product
Technical Field
The present application belongs to the field of internet technology, and in particular, relates to a user identification management method, a user identification management apparatus, a computer readable medium, an electronic device, and a computer program product.
Background
Business bodies in various industry fields can identify the user identity, so that business services can be continuously provided for the user. However, since business entities in various industry fields can independently manage users under the condition of complying with national policies and industry standards, the same user needs to repeatedly register for many times when handling different services, and the identities registered by different business entities for the same user are different, so that the problems of network resource waste and low identification management efficiency generally exist.
Disclosure of Invention
The present application aims to provide a user id management method, a user id management apparatus, a computer-readable medium, an electronic device, and a computer program product, which at least overcome the technical problems of network resource waste, low id management efficiency, and the like in the related art to a certain extent.
Other features and advantages of the present application will be apparent from the following detailed description, or may be learned by practice of the application.
According to an aspect of an embodiment of the present application, there is provided a user identity management method, including:
responding to an identity management request initiated by a service request party, and acquiring an international mobile subscriber identity of a current subscriber;
inquiring the real identity information of the current user according to the international mobile subscriber identity;
mapping the real identity information to obtain an identity code which has unique relevance with the real identity information;
and inquiring the service qualification information of the current user according to the identity identification code, and returning an identity management result to the service request method according to the service qualification information.
According to an aspect of an embodiment of the present application, there is provided a user id management apparatus, including:
the acquisition module is configured to respond to an identity management request initiated by a service requester and acquire an international mobile subscriber identity of a current subscriber;
the query module is configured to query the real identity information of the current user according to the international mobile subscriber identity;
the mapping module is configured to perform mapping processing on the real identity information to obtain an identity code which has unique relevance with the real identity information;
and the return module is configured to inquire the service qualification information of the current user according to the identity identification code and return an identity management result to the service request method according to the service qualification information.
In some embodiments of the present application, based on the above technical solutions, the obtaining module may further include:
the request initiating module is configured to initiate an interface calling request to the terminal equipment used by the current user;
the interface calling module is configured to call a user identification card inquiry interface built in an operating system of the terminal equipment according to the interface calling request;
and the identification code acquisition module is configured to acquire the international mobile subscriber identification code carried by the subscriber identity card according to the calling result of the subscriber identity card inquiry interface.
In an embodiment of the present application, based on the above technical solution, the query module may further include:
an identifier sending module configured to invoke an identity query interface opened by a mobile communication network operator to send the international mobile subscriber identifier to the mobile communication network operator;
an identity receiving module configured to receive the real identity information of the current user returned by the mobile communication network operator.
In an embodiment of the application, based on the above technical solution, the real identity information includes a character string obtained after desensitization processing is performed on the name and the identity card number of the current user.
In an embodiment of the present application, based on the above technical solution, the mapping module may be further configured to: and carrying out hash operation on the real identity information according to a preset hash function to obtain a hash value, and taking the hash value as an identity code which has unique relevance with the real identity information.
In an embodiment of the present application, based on the above technical solution, the return module may further include:
the domain query module is configured to query the industry domain of which the identity registration of the current user is finished according to the identity identification code;
and the qualification query module is configured to query the business qualification information of the current user in the industry field in a qualification database according to the identity identification code.
In an embodiment of the present application, based on the above technical solution, the identity management request includes at least one of an identity registration request, an identity authentication request, or an identity authentication request; the return module may further include:
the node acquisition module is configured to acquire an industrial internet identification node where the service requester is located, wherein the industrial internet identification node comprises at least one of a national top node, an industrial field node, an enterprise node or an application program node;
and the result generation module is configured to generate an identity identification result corresponding to the industrial internet identification node according to the service qualification information, wherein the identity identification result comprises at least one of an identity registration result, an identity authentication result or an identity authentication result.
According to an aspect of the embodiments of the present application, there is provided a computer readable medium, on which a computer program is stored, which when executed by a processor implements the user identity management method as in the above technical solution.
According to an aspect of an embodiment of the present application, there is provided an electronic apparatus including: a processor; and a memory for storing executable instructions of the processor; wherein the processor is configured to execute the user identity management method as in the above technical solution via executing the executable instructions.
According to an aspect of embodiments herein, there is provided a computer program product or computer program comprising computer instructions stored in a computer readable storage medium. The processor of the computer device reads the computer instructions from the computer readable storage medium, and the processor executes the computer instructions, so that the computer device executes the user identification management method as in the above technical solution.
In the technical scheme provided by the embodiment of the application, by relying on the real-name authentication characteristic of the communication card of the operator, the IMSI number of the communication card is firstly obtained, the real identity of the user is inquired by calling the API of the operator, authentication and authorization are carried out based on the identity, and the complete portrait of the user under the cross-node and cross-application scenes is realized based on the identity, so that the problem that business subjects in various industry fields carry out repeated registration on the same user can be avoided, the network resource cost is reduced, and the convenience and the management efficiency of user identity identification management are improved.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the application.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the present application and together with the description, serve to explain the principles of the application. It is obvious that the drawings in the following description are only some embodiments of the application, and that for a person skilled in the art, other drawings can be derived from them without inventive effort.
Fig. 1 shows a block diagram of an exemplary system architecture to which the present solution applies.
Fig. 2 is a schematic diagram illustrating the principle of identity registration of an industrial internet user in the related art of the present application.
Fig. 3 is a schematic diagram illustrating the principle of authenticating an industrial internet user in the related art of the present application.
Fig. 4 shows a schematic diagram of the principle of authenticating a user of an industrial internet in one embodiment of the present application.
Fig. 5 is a flowchart illustrating steps of a method for user identity management in an embodiment of the present application.
Fig. 6 shows a schematic diagram of the principle of user id management in an embodiment of the present application.
Fig. 7 schematically shows a block diagram of a user id management apparatus according to an embodiment of the present application.
FIG. 8 schematically illustrates a block diagram of a computer system suitable for use in implementing an electronic device of an embodiment of the present application.
Detailed Description
Example embodiments will now be described more fully with reference to the accompanying drawings. Example embodiments may, however, be embodied in many different forms and should not be construed as limited to the examples set forth herein; rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the concept of example embodiments to those skilled in the art.
Furthermore, the described features, structures, or characteristics may be combined in any suitable manner in one or more embodiments. In the following description, numerous specific details are provided to give a thorough understanding of embodiments of the application. One skilled in the relevant art will recognize, however, that the subject matter of the present application can be practiced without one or more of the specific details, or with other methods, components, devices, steps, and so forth. In other instances, well-known methods, devices, implementations, or operations have not been shown or described in detail to avoid obscuring aspects of the application.
The block diagrams shown in the figures are functional entities only and do not necessarily correspond to physically separate entities. I.e. these functional entities may be implemented in the form of software, or in one or more hardware modules or integrated circuits, or in different networks and/or processor means and/or microcontroller means.
The flow charts shown in the drawings are merely illustrative and do not necessarily include all of the contents and operations/steps, nor do they necessarily have to be performed in the order described. For example, some operations/steps may be decomposed, and some operations/steps may be combined or partially combined, so that the actual execution sequence may be changed according to the actual situation.
The industrial internet is a brand new industrial ecology, key infrastructure and novel application mode which are deeply integrated by a new generation of information communication technology and industrial economy, and a novel industrial production manufacturing and service system which is comprehensively connected by a full element, a full industrial chain and a full value chain is constructed by continuously changing a traditional manufacturing mode, a production organization mode and an industrial form through comprehensive connection of people, machines and objects, so that a realization way is provided for the digital, networked and intelligent development of the entity economy.
In recent years, the label analysis system of China is rapidly developed, but at the same time, the treatment system suitable for the label analysis system is not perfect. Various identification service organizations are used as public service platforms for industrial internet industry development, and relate to data, information and rights and interests of enterprises and users, a relationship identification analysis system and even the global stable and healthy development of the industrial internet.
In the industrial internet of everything interconnection, each article, component and even each piece of information has a globally unique 'identity card', and the 'identity card' is an identification. At present, industrial enterprises widely use identification marks to mark various articles, but the coding and analyzing modes of different enterprises and industries are different. The mainstream identification system comprises Handle, OID, Ecode, VAA and the like. With the development of the industrial internet, the requirement for the complete connection of all elements, all industrial chains and all value chains is increasingly urgent, and an industrial internet identification analysis system which is compatible with different technical systems and can cross systems, levels and regions is required to be established.
Through the unified and integrated industrial internet identification analysis system, enterprises or users can access relevant information data intelligently associated with products in various links such as design, production, logistics, sale to use and the like under different managers, different positions and different data structures by utilizing the identification, and the method is a premise and a basis for realizing accurate butt joint of a global supply chain system and an enterprise production system, full life cycle management of the products and intelligent service.
The industrial internet identification analysis system is divided into five levels including a root node, a national top level node, a second level node, an enterprise node and a public recursion node.
The root node running mechanism corresponding to the root node is responsible for building and operating a root server in the environment and providing cross-border analysis service; there are multiple root nodes around the world, each of which is independent, equal. Each root node is under the responsibility of multiple-Primary Administrator (MPA) groups of managers. At present, 91 MPAs are in charge of the common management of the whole DOA/Handle root zone all over the world, and the method provides root zone data management and root analysis service for different countries and different regions in the world.
The national top node operating mechanism corresponding to the national top node is responsible for building and operating a national top node server and providing domestic identifier analysis and data management services; the national top level node is an uppermost identification service node in the range of China, and can provide fusion top level identification service, identification filing, identification verification and other management capabilities for the range of China.
And the identifier registration management mechanism corresponding to the secondary node and the enterprise node is responsible for providing identifier registration service for the industrial Internet and covers identifier systems such as Handle, OID and the like.
The identification registration service mechanism corresponding to the secondary node and the enterprise node is responsible for building and operating a secondary node server, provides identification registration, analysis, data management and other services for enterprises or individuals, and plays a key role in starting from the top.
The second-level node provides identification registration and analysis service for industries, is an intermediate link of an industrial internet identification analysis system, and directly provides service for industries and enterprises. The enterprise node provides identification registration and analysis service for specific industrial enterprise, and can define the networking form of the identification and analysis system in factory and the identification data format in enterprise according to the scale of the enterprise
And a recursion node operating mechanism corresponding to the common recursion node is responsible for building and operating a recursion server and aims to ensure the performance of the analysis service. The public recursion node is used for realizing public query and access entry, is a key entry facility for identifying an analysis system, and can improve the overall service performance by technical means such as caching and the like. When an identification analysis request of a client is received, the recursion node firstly checks whether a query result exists in a local cache, if not, the recursion node queries through a response path returned by the identification analysis server until an address or information associated with the identification is finally queried, returns the address or information to the client and caches the request result.
Fig. 1 schematically shows a block diagram of an exemplary system architecture to which the solution of the present application applies.
As shown in fig. 1, system architecture 100 may include a terminal device 110, a network 120, and a server 130. The terminal device 110 may include various electronic devices such as a smart phone, a tablet computer, a notebook computer, and a desktop computer. The server 130 may be an independent physical server, a server cluster or a distributed system formed by a plurality of physical servers, or a cloud server providing basic cloud computing services such as a cloud service, a cloud database, cloud computing, a cloud function, cloud storage, a network service, cloud communication, middleware service, a domain name service, a security service, a CDN, a big data and artificial intelligence platform, and the like. Network 120 may be a communication medium of various connection types capable of providing a communication link between terminal device 110 and server 130, such as a wired communication link or a wireless communication link.
The system architecture in the embodiments of the present application may have any number of terminal devices, networks, and servers, according to implementation needs. For example, the server 130 may be a server group composed of a plurality of server devices. In addition, the technical solution provided in the embodiment of the present application may be applied to the terminal device 110, or may be applied to the server 130, or may be implemented by both the terminal device 110 and the server 130, which is not particularly limited in this application.
Fig. 2 is a schematic diagram illustrating the principle of identity registration for a user in the related art of the present application. As shown in fig. 2, each node and each application follows national policy and industry standard, and establishes a user management module to register, authenticate and authenticate users. The user needs to repeatedly register for many times in the identification nodes of different industries, different identification nodes of the same industry and even different applications of the same identification node. On one hand, the user experience is poor, on the other hand, the service side cannot completely acquire the user information and the use condition, the user qualification condition cannot be comprehensively and accurately judged, and the identification authorization is threatened.
Fig. 3 is a schematic diagram illustrating the principle of authenticating an industrial internet user in the related art of the present application. As shown in fig. 3, in the related art of the present application, since the same function needs to be repeatedly built on different nodes, a problem of insufficient top-level design is caused. Due to the fact that different industry fields and different nodes are in an isolated island relation, any node cannot completely acquire user information and accurately judge qualification, and therefore the potential authorization safety hazard exists. The user experience is poor due to the fact that the user is required to repeatedly register for multiple times. As the user identities are maintained by a plurality of nodes respectively, a plurality of maintenance positions increase risks, and the problem of hidden danger of information leakage exists.
Fig. 4 shows a schematic diagram of the principle of authenticating a user of an industrial internet in one embodiment of the present application. As shown in fig. 4, in order to solve the above problems in the related art, the embodiment of the present application provides a scheme, which depends on the real-name authentication characteristic of the operator communication card, first obtains the IMSI number of the communication card, queries the real identity of the user by calling the operator API, performs authentication and authorization based on the identity, and based on the identity, implements a complete portrait of the user in a cross-node and cross-application scenario, thereby facilitating more accurate data authentication. Compared with the prior art, the embodiment of the application has the main advantages that:
1: the construction cost is reduced: each node and application does not need to be repeatedly constructed.
2: the user experience is improved: and repeated registration in each system is not required.
3: protecting the privacy of the user: and one point is managed uniformly, so that the leakage chance is reduced.
4: more accurate identification authorization: based on the user credit evaluation provided by the operator and the credit condition of the user in the application of each node identification, the user is comprehensively depicted, and the qualification is more accurately judged.
The following describes in detail technical solutions of a user id management method, a user id management apparatus, a computer-readable medium, an electronic device, and a computer program product, which are provided by the present application, with reference to specific embodiments.
Fig. 5 is a flowchart illustrating steps of a method for user identity management in an embodiment of the present application. As shown in fig. 5, the method for managing user id mainly includes the following steps S510 to S540.
Step S510: responding to an identity management request initiated by a service request party, and acquiring an international mobile subscriber identity of a current subscriber;
step S520: inquiring the real identity information of the current user according to the international mobile subscriber identity;
step S530: mapping the real identity information to obtain an identity code which has unique relevance with the real identity information;
step S540: and inquiring the service qualification information of the current user according to the identity identification code, and returning an identity management result to the service request method according to the service qualification information.
In the user identity management method provided by the embodiment of the application, by relying on the real-name authentication characteristic of the communication card of the operator, the IMSI number of the communication card is firstly obtained, the real identity of the user is inquired by calling the API of the operator, authentication and authorization are carried out based on the identity, and the complete portrait of the user under the cross-node and cross-application scenes is realized based on the identity, so that the problem that business subjects in various industry fields carry out repeated registration on the same user can be avoided, the network resource cost is reduced, and the convenience and the management efficiency of user identity management are improved.
The following describes each method step of the user id management method in detail.
In step S510, in response to the identity management request initiated by the service requester, the international mobile subscriber identity of the current user is obtained.
In one embodiment of the present application, the service requestor may include at least one of an industry level node, an enterprise node, or an application node. The method for acquiring the international mobile subscriber identity of the current subscriber may include: initiating an interface calling request to terminal equipment used by a current user; calling a user identification card inquiry interface built in an operating system of the terminal equipment according to the interface calling request; and acquiring the international mobile subscriber identity carried by the subscriber identity card according to the calling result of the subscriber identity card inquiry interface.
The sim (subscriber Identity module) card is an IC card held by a mobile subscriber of the GSM system, and is called a subscriber Identity card. The GSM system identifies the GSM subscriber by means of a SIM card. The same SIM card can be used on different mobile phones. The GSM mobile phone can be accessed to the network only after the SIM card is inserted. The SIM card is the key for the GSM handset to connect to the GSM network, and once the SIM card is removed from the handset, the handset cannot enjoy various services provided by the network operator except for emergency calls. The SIM card, in addition to being able to act as a key, also provides a lot of convenience for the user. The user can realize communication only by inserting or embedding the SIM card into any GSM terminal. The SIM card also manages a lot of information that is provided to the user's services and can be used to store short messages, especially those received when the user is not powered on or is not present.
International Mobile Subscriber Identity (IMSI), is an Identity that does not repeat in all cellular networks to distinguish between different subscribers in a cellular network. The handset sends the IMSI to the network in a 64-bit field. The IMSI may be used to query a Home Location Register (HLR) or Visitor Location Register (VLR) for subscriber information. In order to avoid the listener identifying and tracking a particular Subscriber, most communications between the handset and the network use a randomly generated Temporary Mobile Subscriber Identity (TMSI) instead of the IMSI.
The IMSI must be used whenever a user of one mobile network needs to interwork with other mobile networks. In GSM, UMTS and LTE networks, the IMSI comes from the SIM card, and in CDMA2000 networks directly from the handset, or RUIM.
The IMSI consists of a string of decimal digits with a maximum length of 15 digits. The length of the IMSI actually used is mostly 15 digits, less than 15 digits, for example, some older IMSIs still used in the network are 14 digits for south africa MTN. The IMSI is formed by sequentially connecting a Mobile Country Code (MCC), a Mobile Network Code (MNC), and a Mobile subscriber identity Code (MSIN). The MCC length is 3 digits, the MNC length is determined by the value of the MCC, which may be 2 digits (european standard) or 3 digits (north american standard), and the value of the MSIN is self-assigned by the operator.
The format of the IMSI is defined by the e.212 standard of the International Telecommunications Union (ITU).
In step S520, the true identity information of the current user is queried according to the international mobile subscriber identity.
In one embodiment of the application, an identity query interface opened by a mobile communication network operator is called to send the international mobile subscriber identity to the mobile communication network operator; and receiving the real identity information of the current user returned by the mobile communication network operator.
In one embodiment of the present application, the real identity information includes a character string obtained by desensitizing the name and identification number of the current user.
Data desensitization refers to data deformation of some sensitive information through desensitization rules, and reliable protection of sensitive private data is achieved. Under the condition of relating to client security data or some business sensitive data, the real data is modified and provided for test use under the condition of not violating system rules, and data desensitization is required to be carried out on personal information such as identification numbers, mobile phone numbers, card numbers, client numbers and the like.
Data desensitization is to perform data bleaching and erase sensitive contents in data, and meanwhile, original data characteristics, service rules and data relevance are also required to be maintained, so that development, testing, training and big data services are not affected by desensitization, and data consistency and effectiveness before and after desensitization are achieved:
(1) original data characteristics are maintained.
Data characteristics must be maintained before and after data desensitization, for example: the ID card number consists of a seventeen-digit digital body code and a one-digit check code, which are respectively a region address code (6 digits), a birth date (8 digits), a sequence code (3 digits) and a check code (1 digit). Then the de-sensitization rules for the identification number need to ensure that the characteristic information remains after de-sensitization.
(2) Consistency between data is maintained.
In different services, data has a certain correlation with each other. For example: year and month of birth or the relationship between age and date of birth. Likewise, there is a need to ensure consistency between the year and month of birth field and the date of birth contained in the identification card after desensitization of the identification card information.
(3) The relevance of the business rules is maintained.
The relevance of the data business rule is kept, namely the data relevance and the business semantics are kept unchanged when the data is desensitized, wherein the data relevance comprises the following steps: main and foreign key relevance, business semantic relevance of the relevant fields, and the like. Particularly, highly sensitive account class subject data tends to run through all relationship and behavior information of subjects, so special care needs to be taken to ensure consistency of all relevant subject information.
(4) Data consistency between multiple desensitizations.
The same data is desensitized for a plurality of times or desensitized in different test systems, and the data desensitized each time is required to be ensured to be consistent all the time, so that the continuous consistency of data change of a service system and the continuous consistency of a generalized service can be ensured.
The embodiment of the application can adopt at least one of the following data desensitization methods:
(1) and (6) data replacement.
The true value is replaced by a set fixed fictitious value. For example, 13800013800 is uniformly replaced with the cell phone number.
(2) And (5) invalidation.
Sensitive data is desensitized by truncating, encrypting, hiding, etc. the data value so that it no longer has value for use, e.g. replacing the true value with the address. Data invalidation is substantially similar to the effect achieved by data replacement.
(3) And (4) randomizing.
Random data is used instead of the true value, and the randomness of the replacement value is maintained to simulate the authenticity of the sample. For example, replacing truth values with randomly generated first and last names.
(4) Offset and rounding.
By changing the digital data by random shifting, for example, the date 2018-01-028: 12:25 is changed into 2018-01-028: 00:00, the offset rounding ensures the approximate authenticity of the range while maintaining the security of the data, and the function has great value in a large data utilization environment.
In step S530, the real identity information is mapped to obtain an identity code having a unique association with the real identity information.
In an embodiment of the application, the hash operation is performed on the real identity information according to a preset hash function to obtain a hash value, and the hash value is used as an identity code having unique relevance with the real identity information.
A Hash function (Hash function), also known as a hashing algorithm, is a method of creating a small digital "fingerprint" from any kind of data. The hash function compresses a message or data into a digest so that the amount of data becomes small, fixing the format of the data. This function mixes the data in a hash and recreates a fingerprint called a hash value (hash codes, hash sums, or hashes). The hash value is typically represented by a short string of random letters and numbers.
In one embodiment of the present application, the identification code may be a unique industrial internet identification of the current user.
In step S540, the service qualification information of the current user is queried according to the identity code, and an identity management result is returned to the service request method according to the service qualification information.
In an embodiment of the present application, the method for querying the service qualification information of the current user according to the identity code may include: inquiring the industry field of which the current user finishes identity registration according to the identity identification code; and inquiring the service qualification information of the current user in the field of industry in a qualification database according to the identity identification code.
In one embodiment of the present application, the identity management request comprises at least one of an identity registration request, an identity authentication request, or an identity authentication request; the method for returning the identity result to the service request method according to the service qualification information may include: acquiring an industrial internet identification node where a service requester is located, wherein the industrial internet identification node comprises at least one of a national top node, an industrial field node, an enterprise node or an application program node; and generating an identity identification result corresponding to the industrial internet identification node according to the service qualification information, wherein the identity identification result comprises at least one of an identity registration result, an identity authentication result or an identity authentication result.
Fig. 6 shows a schematic diagram of the principle of user id management in an embodiment of the present application. As shown in fig. 6, the method for performing industrial network internet identity management based on a unified identity system in the embodiment of the present application includes the following steps:
(1) the client captures the IMSI serial code and initiates a request to the identification secondary node or the identification application.
(2) And the identification system forwards the IMSI serial code to the user identity authentication module.
(3) And the identity authentication module calls an IMSI inquiry interface of the operator to acquire the real identity of the user (the information is desensitized).
(4) The identity authentication module processes the unique identity code according to the real identity information of the user and forwards the unique identity code to the qualification analysis module.
(5) The user qualification analysis module retrieves the past qualification information according to the identity code, the initial qualification is empty, and the identity code and the qualification condition are returned to the identification system.
(6) The identification system realizes login authentication and authorization without registration of the user according to the identity code and qualification condition. And reporting the service use condition generated by the user identity code to a qualification analysis module periodically. And the qualification analysis module updates the qualification base according to the user use condition reported by each service node.
The embodiment of the application provides a system and a process of no perception, no registration and single sign-on for an identification analysis requester by adding a uniform identity authentication module. The system and the process for more clearly judging the accurate qualification of the user are further realized through the qualification of the operator, the qualification of each service node of the identification system and the combination of multi-party qualification information.
It should be noted that although the various steps of the methods in this application are depicted in the drawings in a particular order, this does not require or imply that these steps must be performed in this particular order, or that all of the shown steps must be performed, to achieve desirable results. Additionally or alternatively, certain steps may be omitted, multiple steps combined into one step execution, and/or one step broken down into multiple step executions, etc.
The following describes embodiments of an apparatus of the present application, which may be used to implement the user id management method in the foregoing embodiments of the present application. Fig. 7 schematically shows a block diagram of a user id management apparatus according to an embodiment of the present application. As shown in fig. 7, the user id management apparatus 700 may include:
an obtaining module 710 configured to obtain an international mobile subscriber identity of a current subscriber in response to an identity management request initiated by a service requester;
a query module 720 configured to query the true identity information of the current user according to the international mobile subscriber identity;
the mapping module 730 is configured to perform mapping processing on the real identity information to obtain an identity code having a unique association with the real identity information;
a returning module 740, configured to query the service qualification information of the current user according to the identity code, and return an identity management result to the service request method according to the service qualification information.
In an embodiment of the present application, the obtaining module 710 may further include:
the request initiating module is configured to initiate an interface calling request to the terminal equipment used by the current user;
the interface calling module is configured to call a user identification card inquiry interface built in an operating system of the terminal equipment according to the interface calling request;
and the identification code acquisition module is configured to acquire the international mobile subscriber identification code carried by the subscriber identity card according to the calling result of the subscriber identity card inquiry interface.
In one embodiment of the present application, the query module 720 may further include:
an identifier sending module configured to invoke an identity query interface opened by a mobile communication network operator to send the international mobile subscriber identifier to the mobile communication network operator;
an identity receiving module configured to receive the real identity information of the current user returned by the mobile communication network operator.
In an embodiment of the present application, the real identity information includes a character string obtained by desensitizing the name and the identification number of the current user.
In one embodiment of the present application, the mapping module 730 may be further configured to: and carrying out hash operation on the real identity information according to a preset hash function to obtain a hash value, and taking the hash value as an identity code which has unique relevance with the real identity information.
In an embodiment of the present application, the returning module 740 may further include:
the domain query module is configured to query the industry domain of which the identity registration of the current user is finished according to the identity identification code;
and the qualification query module is configured to query the business qualification information of the current user in the industry field in a qualification database according to the identity identification code.
In one embodiment of the present application, the identity management request includes at least one of an identity registration request, an identity authentication request, or an identity authentication request; the returning module 740 may further include:
the node acquisition module is configured to acquire an industrial internet identification node where the service requester is located, wherein the industrial internet identification node comprises at least one of a national top node, an industrial field node, an enterprise node or an application program node;
and the result generation module is configured to generate an identity identification result corresponding to the industrial internet identification node according to the service qualification information, wherein the identity identification result comprises at least one of an identity registration result, an identity authentication result or an identity authentication result.
The specific details of the user id management apparatus provided in each embodiment of the present application have been described in detail in the corresponding method embodiment, and are not described herein again.
Fig. 8 schematically shows a block diagram of a computer system of an electronic device for implementing an embodiment of the present application.
It should be noted that the computer system 800 of the electronic device shown in fig. 8 is only an example, and should not bring any limitation to the functions and the scope of use of the embodiments of the present application.
As shown in fig. 8, the computer system 800 includes a Central Processing Unit (CPU) 801 that can perform various appropriate actions and processes according to a program stored in a Read-Only Memory (ROM) 802 or a program loaded from a storage section 808 into a Random Access Memory (RAM) 803. In the random access memory 803, various programs and data necessary for system operation are also stored. The cpu 801, the rom 802 and the ram 803 are connected to each other via a bus 804. An Input/Output interface 805(Input/Output interface, i.e., I/O interface) is also connected to the bus 804.
The following components are connected to the input/output interface 805: an input portion 806 including a keyboard, a mouse, and the like; an output section 807 including a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and a speaker; a storage portion 808 including a hard disk and the like; and a communication section 809 including a network interface card such as a local area network card, modem, and the like. The communication section 809 performs communication processing via a network such as the internet. A drive 810 is also connected to the input/output interface 805 as necessary. A removable medium 811 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is mounted on the drive 810 as necessary, so that a computer program read out therefrom is mounted on the storage section 808 as necessary.
In particular, according to embodiments of the present application, the processes described in the various method flowcharts may be implemented as computer software programs. For example, embodiments of the present application include a computer program product comprising a computer program embodied on a computer readable medium, the computer program comprising program code for performing the method illustrated by the flow chart. In such an embodiment, the computer program can be downloaded and installed from a network through the communication section 809 and/or installed from the removable medium 811. When executed by the central processor 801, the computer program performs various functions defined in the system of the present application.
It should be noted that the computer readable medium shown in the embodiments of the present application may be a computer readable signal medium or a computer readable storage medium or any combination of the two. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples of the computer readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a Read-Only Memory (ROM), an Erasable Programmable Read-Only Memory (EPROM), a flash Memory, an optical fiber, a portable Compact Disc Read-Only Memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the present application, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In this application, however, a computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: wireless, wired, etc., or any suitable combination of the foregoing.
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present application. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
It should be noted that although in the above detailed description several modules or units of the device for action execution are mentioned, such a division is not mandatory. Indeed, the features and functionality of two or more modules or units described above may be embodied in one module or unit, according to embodiments of the application. Conversely, the features and functions of one module or unit described above may be further divided into embodiments by a plurality of modules or units.
Through the above description of the embodiments, those skilled in the art will readily understand that the exemplary embodiments described herein may be implemented by software, or by software in combination with necessary hardware. Therefore, the technical solution according to the embodiments of the present application can be embodied in the form of a software product, which can be stored in a non-volatile storage medium (which can be a CD-ROM, a usb disk, a removable hard disk, etc.) or on a network, and includes several instructions to enable a computing device (which can be a personal computer, a server, a touch terminal, or a network device, etc.) to execute the method according to the embodiments of the present application.
Other embodiments of the present application will be apparent to those skilled in the art from consideration of the specification and practice of the invention disclosed herein. This application is intended to cover any variations, uses, or adaptations of the invention following, in general, the principles of the application and including such departures from the present disclosure as come within known or customary practice within the art to which the invention pertains.
It will be understood that the present application is not limited to the precise arrangements described above and shown in the drawings and that various modifications and changes may be made without departing from the scope thereof. The scope of the application is limited only by the appended claims.

Claims (10)

1. A user identity management method is characterized by comprising the following steps:
responding to an identity management request initiated by a service request party, and acquiring an international mobile subscriber identity of a current subscriber;
inquiring the real identity information of the current user according to the international mobile subscriber identity;
mapping the real identity information to obtain an identity code which has unique relevance with the real identity information;
and inquiring the service qualification information of the current user according to the identity identification code, and returning an identity management result to the service request method according to the service qualification information.
2. The method of claim 1, wherein obtaining the international mobile subscriber identity of the current subscriber comprises:
initiating an interface calling request to terminal equipment used by a current user;
calling a user identification card inquiry interface built in an operating system of the terminal equipment according to the interface calling request;
and acquiring the international mobile subscriber identity carried by the subscriber identity card according to the calling result of the subscriber identity card inquiry interface.
3. The method as claimed in claim 1, wherein querying the true identity information of the current user according to the international mobile subscriber identity comprises:
calling an identity query interface opened by a mobile communication network operator to send the international mobile subscriber identity to the mobile communication network operator;
and receiving the real identity information of the current user returned by the mobile communication network operator.
4. The method according to claim 1, wherein the real identity information includes a character string obtained by desensitizing the name and identification number of the current user.
5. The method according to claim 1, wherein mapping the real identity information to obtain an identity code having a unique association with the real identity information comprises:
and carrying out hash operation on the real identity information according to a preset hash function to obtain a hash value, and taking the hash value as an identity code which has unique relevance with the real identity information.
6. The method according to claim 1, wherein querying the service qualification information of the current user according to the id code comprises:
inquiring the industry field of which the current user finishes identity registration according to the identity identification code;
and inquiring the business qualification information of the current user in the industry field in a qualification database according to the identity identification code.
7. The method for managing user id as claimed in claim 1, wherein the id management request includes at least one of an id registration request, an id authentication request, or an id authentication request; and returning an identity identification result to the service request method according to the service qualification information, wherein the identity identification result comprises the following steps:
acquiring an industrial internet identification node where the service requester is located, wherein the industrial internet identification node comprises at least one of a national top node, an industrial field node, an enterprise node or an application program node;
and generating an identity identification result corresponding to the industrial internet identification node according to the service qualification information, wherein the identity identification result comprises at least one of an identity registration result, an identity authentication result or an identity authentication result.
8. A user id management apparatus, comprising:
the acquisition module is configured to respond to an identity management request initiated by a service requester and acquire an international mobile subscriber identity of a current subscriber;
the query module is configured to query the real identity information of the current user according to the international mobile subscriber identity;
the mapping module is configured to perform mapping processing on the real identity information to obtain an identity code which has unique relevance with the real identity information;
and the return module is configured to inquire the service qualification information of the current user according to the identity identification code and return an identity management result to the service request method according to the service qualification information.
9. A computer-readable medium, in which a computer program is stored which, when being executed by a processor, carries out a method for user identity management according to any one of claims 1 to 14.
10. An electronic device, comprising:
a processor; and
a memory for storing executable instructions of the processor;
wherein the processor is configured to cause the electronic device to perform the user identity management method of any one of claims 1 to 7 via execution of the executable instructions.
CN202111622027.0A 2021-12-28 2021-12-28 User identity management method and related product Pending CN114301870A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111622027.0A CN114301870A (en) 2021-12-28 2021-12-28 User identity management method and related product

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111622027.0A CN114301870A (en) 2021-12-28 2021-12-28 User identity management method and related product

Publications (1)

Publication Number Publication Date
CN114301870A true CN114301870A (en) 2022-04-08

Family

ID=80970556

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111622027.0A Pending CN114301870A (en) 2021-12-28 2021-12-28 User identity management method and related product

Country Status (1)

Country Link
CN (1) CN114301870A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115277584A (en) * 2022-06-14 2022-11-01 中国电信股份有限公司 Communication traffic identification method and device, electronic equipment and readable medium
CN116521671A (en) * 2023-03-17 2023-08-01 北京信源电子信息技术有限公司 DOA architecture handle technology level list-based identified data definition method and system

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101365241A (en) * 2007-08-10 2009-02-11 鸿富锦精密工业(深圳)有限公司 Mobile communication system, authentication method for mobile communication and mobile communication apparatus
CN102437914A (en) * 2010-12-08 2012-05-02 袁永亮 Method by utilizing telecommunication network to supply user identity label and user identity authentication to Internet service
WO2016188256A1 (en) * 2016-01-25 2016-12-01 中兴通讯股份有限公司 Application access authentication method, system, apparatus and terminal
CN112165458A (en) * 2020-09-07 2021-01-01 中国联合网络通信集团有限公司 Real-name authentication method, device and terminal
CN112417416A (en) * 2020-11-19 2021-02-26 深圳市德普光业科技有限公司 Authentication interaction method, system and storage medium of service system
CN113542300A (en) * 2021-07-29 2021-10-22 国家工业信息安全发展研究中心 Node access authentication method and system supporting multi-protocol identification analysis

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101365241A (en) * 2007-08-10 2009-02-11 鸿富锦精密工业(深圳)有限公司 Mobile communication system, authentication method for mobile communication and mobile communication apparatus
CN102437914A (en) * 2010-12-08 2012-05-02 袁永亮 Method by utilizing telecommunication network to supply user identity label and user identity authentication to Internet service
WO2016188256A1 (en) * 2016-01-25 2016-12-01 中兴通讯股份有限公司 Application access authentication method, system, apparatus and terminal
CN112165458A (en) * 2020-09-07 2021-01-01 中国联合网络通信集团有限公司 Real-name authentication method, device and terminal
CN112417416A (en) * 2020-11-19 2021-02-26 深圳市德普光业科技有限公司 Authentication interaction method, system and storage medium of service system
CN113542300A (en) * 2021-07-29 2021-10-22 国家工业信息安全发展研究中心 Node access authentication method and system supporting multi-protocol identification analysis

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115277584A (en) * 2022-06-14 2022-11-01 中国电信股份有限公司 Communication traffic identification method and device, electronic equipment and readable medium
CN116521671A (en) * 2023-03-17 2023-08-01 北京信源电子信息技术有限公司 DOA architecture handle technology level list-based identified data definition method and system
CN116521671B (en) * 2023-03-17 2024-01-23 北京信源电子信息技术有限公司 DOA architecture handle technology level list-based identified data definition method and system

Similar Documents

Publication Publication Date Title
CN109558748B (en) Data processing method and device, electronic equipment and storage medium
CN109614823B (en) Data processing method, device and equipment
CN105162602B (en) A kind of trustable network Identity Management and verification system and method
US10074113B2 (en) Computational systems and methods for disambiguating search terms corresponding to network members
US9747561B2 (en) Computational systems and methods for linking users of devices
CN105763635B (en) Information processing method, system and server
CN114301870A (en) User identity management method and related product
WO2009094086A2 (en) A feedback augmented object reputation service
CN111786994B (en) Data processing method based on block chain and related equipment
CN103139761B (en) The method and communication terminal of a kind of information real-time show
RU2016101134A (en) METHOD AND SYSTEM OF AUTHENTICATION OF USERS TO PROVIDE ACCESS TO DATA TRANSFER NETWORKS
CN105653947A (en) Method and device for assessing application data security risk
Jøsang Identity management and trusted interaction in Internet and mobile computing
CN113852639B (en) Data processing method, device, electronic equipment and computer readable storage medium
CN109726578B (en) Dynamic two-dimensional code anti-counterfeiting solution
CN112163870B (en) Information management method based on block chain, analysis node and rework platform
CN112818038A (en) Data management method based on combination of block chain and IPFS (Internet protocol file system) and related equipment
Chauhan Iot network identity management using smart contract and blockchain technology
CN109756518B (en) Anti-counterfeiting method based on block chain, terminal and block chain
CN106685914A (en) Information authentication method, server and client
CN111200645A (en) Service request processing method, device, equipment and readable storage medium
CN114157634B (en) Unique account identification method, device, equipment and storage medium
WO2023108959A1 (en) Method and system for finding whether contact in address book is friend from address book
CN113435223A (en) Two-dimensional code release method based on block chain, block chain platform and release side platform
CN106878332A (en) Personal information uses credit system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination