CN115515135A - Alliance communication method, system, device, equipment and storage medium - Google Patents
Alliance communication method, system, device, equipment and storage medium Download PDFInfo
- Publication number
- CN115515135A CN115515135A CN202211160397.1A CN202211160397A CN115515135A CN 115515135 A CN115515135 A CN 115515135A CN 202211160397 A CN202211160397 A CN 202211160397A CN 115515135 A CN115515135 A CN 115515135A
- Authority
- CN
- China
- Prior art keywords
- platform
- identity information
- user identity
- target user
- alliance
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0815—Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/03—Protecting confidentiality, e.g. by encryption
- H04W12/033—Protecting confidentiality, e.g. by encryption of the user plane, e.g. user's traffic
Abstract
The disclosure provides an alliance communication method, system, device, equipment and storage medium, and relates to the technical field of computers. The method comprises the steps of obtaining an access request of a user, wherein the access request comprises user identity information and an access platform identifier, determining a second platform corresponding to the access platform identifier according to the access platform identifier, the second platform comprises platforms outside a current alliance and under other alliances, generating target user identity information for accessing the second platform according to the second platform and the user identity information, sending the target user identity information to the second platform so that the second platform verifies the target user identity information, and sending a verification passing message to the user under the condition that the second platform passes the verification of the target user identity information so that the user accesses the second platform based on the target user identity information. The problem that communication among a plurality of alliances is immature at present is overcome.
Description
Technical Field
The present disclosure relates to the field of computer technologies, and in particular, to an alliance communication method, system, device, apparatus, and storage medium.
Background
With the further deepening of the information-oriented society, the current traffic volume is gradually increased. In order to process a large amount of business, multi-platform cooperative service is produced.
To implement multi-platform collaborative services, trust needs to be established between multiple platforms. After the multiple platforms establish trust, communications between the multiple platforms are conducted. However, the current communication is limited to the communication among a plurality of platforms in one alliance, and how to perform the communication among a plurality of alliances is a problem to be solved at present.
Disclosure of Invention
The present disclosure provides a federation communication method, system, apparatus, device, and storage medium that overcome, at least to some extent, the current problem of communication immaturity among a plurality of federations.
Additional features and advantages of the disclosure will be set forth in the detailed description which follows, or in part will be obvious from the description, or may be learned by practice of the disclosure.
According to one aspect of the disclosure, an alliance communication method is provided, which is applied to a first platform under alliance, and the method comprises the following steps:
acquiring an access request of a user, wherein the access request comprises user identity information and an access platform identifier;
determining a second platform corresponding to the access platform identifier according to the access platform identifier, wherein the second platform comprises platforms outside the current alliance and under other alliances;
generating target user identity information for accessing the second platform according to the second platform and the user identity information;
sending the target user identity information to a second platform so that the second platform verifies the target user identity information;
and under the condition that the second platform verifies the identity information of the target user, sending a verification passing message to the user so that the user accesses the second platform based on the identity information of the target user.
In one embodiment of the disclosure, before generating target user identity information for accessing the second platform from the second platform and the user identity information, the method further comprises:
generating an identity conversion rule according to the mapping rule and the intelligent contract, wherein the mapping rule and the intelligent contract are constructed by negotiation between a first platform and a second platform;
generating target user identity information for accessing the second platform according to the second platform and the user identity information, wherein the target user identity information comprises the following steps:
and generating target user identity information for accessing the second platform according to the second platform, the user identity information and the identity conversion rule.
In one embodiment of the present disclosure, a smart contract comprises: the federation platform identity metadata, the federation platform address, the federation public key, and the federation platform node generation rules.
In one embodiment of the present disclosure, the user identity information includes:
the method comprises the steps of obtaining user role information on a first platform, user attribute information on the first platform and user identification on the first platform.
In one embodiment of the present disclosure, the target user identity information includes:
the role information of the user on the second platform, the attribute information of the user on the second platform and the identification of the user on the second platform.
In an embodiment of the present disclosure, before sending the target user identity information to the second platform, so that the second platform verifies the target user identity information, the method further includes:
encrypting the target user identity information by using a private key to obtain encrypted target user identity information;
sending the identity information of the target user to a second platform so that the second platform verifies the identity information of the target user, wherein the verification comprises the following steps:
and sending the encrypted target user identity information to the second platform so that the second platform decrypts the encrypted target user identity information according to the public key and can verify the decrypted target user identity information.
According to another aspect of the present disclosure, there is provided an alliance communication system, which is applied to a first platform under an alliance, the system comprising: the system comprises an acquisition device, a sending device and a plurality of alliance identity providing devices, wherein each alliance identity providing device corresponds to a platform;
the access request comprises user identity information and an access platform identifier, a second platform corresponding to the access platform identifier is determined according to the access platform identifier, the second platform comprises platforms outside the current alliance and under other alliances, an alliance identity providing device corresponding to the second platform is determined according to the second platform, and the user identity information is sent to the alliance identity providing device;
the alliance identity providing device is used for generating target user identity information for accessing the second platform according to the second platform and the user identity information and sending the target identity information to the sending device;
and the sending device is used for sending the identity information of the target user to the second platform so as to enable the second platform to verify the identity information of the target user, and sending a verification passing message to the user under the condition that the second platform passes the verification of the identity information of the target user so as to enable the user to access the second platform based on the identity information of the target user.
According to still another aspect of the present disclosure, there is provided an alliance communication apparatus applied to a first platform under an alliance, the apparatus including:
the acquisition module is used for acquiring an access request of a user, wherein the access request comprises user identity information and an access platform identifier;
the determining module is used for determining a second platform corresponding to the access platform identification according to the access platform identification, wherein the second platform comprises platforms under other alliances except the current alliance;
the first generation module is used for generating target user identity information for accessing the second platform according to the second platform and the user identity information;
the first sending module is used for sending the identity information of the target user to the second platform so that the second platform verifies the identity information of the target user;
and the second sending module is used for sending the verification passing message to the user under the condition that the second platform passes the verification of the identity information of the target user so as to enable the user to access the second platform based on the identity information of the target user.
In one embodiment of the present disclosure, the federation communication device further includes:
the second generation module is used for generating an identity conversion rule according to a mapping rule and an intelligent contract before generating target user identity information for accessing the second platform according to the second platform and the user identity information, wherein the mapping rule and the intelligent contract are constructed by the first platform and the second platform in a negotiation manner;
a first generation module comprising:
and the first generating unit is used for generating target user identity information for accessing the second platform according to the second platform, the user identity information and the identity conversion rule.
In one embodiment of the present disclosure, a smart contract comprises: the federation platform identity metadata, the federation platform address, the federation public key, and the federation platform node generation rules.
In one embodiment of the present disclosure, the user identity information includes:
the method comprises the steps of obtaining user role information on a first platform, user attribute information on the first platform and user identification on the first platform.
In one embodiment of the present disclosure, the target user identity information includes:
the role information of the user on the second platform, the attribute information of the user on the second platform and the identification of the user on the second platform.
In one embodiment of the present disclosure, the federation communication device further includes:
the encryption module is used for encrypting the target user identity information by using a private key before sending the target user identity information to the second platform so as to enable the second platform to verify the target user identity information, so that the encrypted target user identity information is obtained;
a third sending module, configured to send the target user identity information to the second platform, so that the second platform verifies the target user identity information, where the third sending module is configured to:
and the fourth sending module is used for sending the encrypted target user identity information to the second platform so that the second platform decrypts the encrypted target user identity information according to the public key and can verify the target user identity information obtained after decryption.
According to still another aspect of the present disclosure, there is provided an electronic device including: a processor; and a memory for storing executable instructions of the processor; wherein the processor is configured to perform the federation communication method described above via execution of the executable instructions.
According to yet another aspect of the present disclosure, there is provided a computer-readable storage medium having stored thereon a computer program which, when executed by a processor, implements the federation communication method described above.
The alliance communication method provided by the embodiment of the disclosure is applied to a first platform under alliances, by obtaining an access request of a user, generating target user identity information for accessing a second platform according to the user identity information and an access platform identifier contained in the access request, and then sending the target user identity information to the second platform, so that the second platform verifies the target user identity information, and under the condition that the verification is passed, the user can access the second platform according to the target user identity information, so that the user under the first platform can access the second platform, and communication channels among different alliances are opened. The technology for communication between different alliances has grown further mature.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the disclosure.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the present disclosure and together with the description, serve to explain the principles of the disclosure. It should be apparent that the drawings in the following description are merely examples of the disclosure and that other drawings may be derived by those of ordinary skill in the art without inventive effort.
FIG. 1 is a schematic diagram illustrating an federated communication system architecture in an embodiment of the present disclosure;
FIG. 2 is a flow diagram illustrating an federated communication method in an embodiment of the present disclosure;
FIG. 3 illustrates a flow diagram of another federation communication method in an embodiment of the present disclosure;
FIG. 4 is a flow diagram illustrating yet another federated communication method in an embodiment of the present disclosure;
FIG. 5 is a flow diagram illustrating yet another federated communication method in an embodiment of the present disclosure;
FIG. 6 is a diagram illustrating an federated communication device in an embodiment of the present disclosure; and
fig. 7 shows a block diagram of an electronic device in an embodiment of the present disclosure.
Detailed Description
Example embodiments will now be described more fully with reference to the accompanying drawings. Example embodiments may, however, be embodied in many different forms and should not be construed as limited to the examples set forth herein; rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the concept of example embodiments to those skilled in the art. The described features, structures, or characteristics may be combined in any suitable manner in one or more embodiments.
Furthermore, the drawings are merely schematic illustrations of the present disclosure and are not necessarily drawn to scale. The same reference numerals in the drawings denote the same or similar parts, and thus their repetitive description will be omitted. Some of the block diagrams shown in the figures are functional entities and do not necessarily correspond to physically or logically separate entities. These functional entities may be implemented in the form of software, or in one or more hardware modules or integrated circuits, or in different networks and/or processor devices and/or microcontroller devices.
It should be understood that the various steps recited in the method embodiments of the present disclosure may be performed in a different order, and/or performed in parallel. Moreover, method embodiments may include additional steps and/or omit performing the illustrated steps. The scope of the present disclosure is not limited in this respect.
It should be noted that the terms "first", "second", and the like in the present disclosure are only used for distinguishing different devices, modules or units, and are not used for limiting the order or interdependence relationship of the functions performed by the devices, modules or units.
It is noted that references to "a" or "an" in this disclosure are intended to be illustrative rather than limiting, and that those skilled in the art will appreciate that references to "one or more" are intended to be exemplary and not limiting unless the context clearly indicates otherwise.
With the further deepening of the information-oriented society, the current traffic volume is gradually increased. In order to process a large amount of business, multi-platform cooperative service is generated.
In order to implement multi-platform collaborative services, the prior art provides a joint identity authentication scheme, which is an optional multi-platform collaborative identity authentication scheme, an administrator manually configures identity providers and a trusted identity provider list in multiple platforms, the identity providers generate security assertions about user identities, and the platforms trust the security assertions generated by the identity providers in the trusted identity provider list, thereby achieving the effect that a user can log in multiple platforms in a federation by using only one account. However, the scheme is more suitable for a single alliance scene, and the defects of complex identity configuration, high single-point fault risk and the like exist in a multiple alliance coexistence scene.
In order to solve the above problem, the embodiments of the present disclosure provide an alliance communication method, system, device, apparatus and storage medium.
Fig. 1 shows a diagram of an federated communication system architecture in an embodiment of the present disclosure.
As shown in fig. 1, the federation communication system is applied to a first platform under a federation, and the federation communication system may include:
the system comprises an acquisition device 102, a sending device 104 and a plurality of federation identity providing devices 106, wherein each federation identity providing device 106 corresponds to a platform;
the acquiring device 102 is configured to acquire an access request of a user, where the access request includes user identity information and an access platform identifier, determine, according to the access platform identifier, a second platform corresponding to the access platform identifier, where the second platform includes platforms under other alliances except a current alliance, determine, according to the second platform, an alliance identity providing device corresponding to the second platform, and send the user identity information to the alliance identity providing device 106;
a federation identity providing device 106, configured to generate target user identity information for accessing the second platform according to the second platform and the user identity information, and send the target identity information to the sending device 104;
and a sending device 104, configured to send the target user identity information to the second platform, so that the second platform verifies the target user identity information, and send a verification passing message to the user when the second platform passes the verification of the target user identity information, so that the user accesses the second platform based on the target user identity information.
It should be noted that, in the plurality of federation identity providers 106, each federation identity provider 106 may correspond to a respective platform.
It should be noted that the second platform and the first platform may be platforms in the same alliance, or may be platforms in different alliances.
It should be noted that the first platform, the obtaining device 102, the sending device 104, and the plurality of federation identity providing devices 106 may all be disposed on a server or a terminal device.
The terminal device may be a variety of electronic devices including, but not limited to, a smartphone, a tablet, a laptop, a desktop computer, a wearable device, an augmented reality device, a virtual reality device, and the like.
Optionally, the clients of the applications installed in different terminal devices are the same, or clients of the same type of application based on different operating systems. The specific form of the application client may also be different based on different terminal platforms, for example, the application client may be a mobile phone client, a PC client, or the like.
The server may be a server that provides various services, such as a background management server that provides support for devices operated by the user with the terminal device. The background management server can analyze and process the received data such as the request and feed back the processing result to the terminal equipment.
Optionally, the server may be an independent physical server, a server cluster or a distributed system formed by a plurality of physical servers, or a cloud server providing basic cloud computing services such as a cloud service, a cloud database, cloud computing, a cloud function, cloud storage, a Network service, cloud communication, a middleware service, a domain name service, a security service, a CDN (Content Delivery Network), a big data and artificial intelligence platform, and the like. The terminal may be, but is not limited to, a smart phone, a tablet computer, a laptop computer, a desktop computer, a smart speaker, a smart watch, and the like. The terminal and the server may be directly or indirectly connected through wired or wireless communication, and the application is not limited herein.
Optionally, the wireless or wired networks described above use standard communication techniques and/or protocols. The Network is typically the Internet, but may be any Network including, but not limited to, a Local Area Network (LAN), a Metropolitan Area Network (MAN), a Wide Area Network (WAN), a mobile, wireline or wireless Network, a private Network, or any combination of virtual private networks. In some embodiments, data exchanged over a network is represented using techniques and/or formats including Hypertext Mark-up Language (HTML), extensible markup Language (XML), and the like. All or some of the links may also be encrypted using conventional encryption techniques such as Secure Socket Layer (SSL), transport Layer Security (TLS), virtual Private Network (VPN), internet protocol Security (IPsec), and so on. In other embodiments, custom and/or dedicated data communication techniques may also be used in place of, or in addition to, the data communication techniques described above.
In the alliance communication system provided by the embodiment of the disclosure, an access request of a user is acquired through an acquisition device, then target user identity information for accessing a second platform is generated through an alliance identity providing device according to user identity information and an access platform identifier contained in the access request, and then the target user identity information is sent to the second platform through a sending device so that the second platform verifies the target user identity information. The technology for communication between different federations has grown further.
Based on the same inventive concept, the embodiment of the disclosure also provides an alliance communication method. The method is applied to a first platform under the alliance.
Fig. 2 is a flowchart illustrating an alliance communication method in an embodiment of the present disclosure.
As shown in fig. 2, the method may include:
s202, obtaining an access request of the user, wherein the access request comprises user identity information and an access platform identifier.
It should be noted that the user identity information may include the role information of the user on the first platform, the attribute information of the user on the first platform, and the identifier of the user on the first platform.
The access platform identifier may include a name, a role, an address, and parameters of a platform to be accessed by the user, and the access platform identifier is an identifier that can distinguish a current platform from other platforms.
It will be appreciated that the platform to be accessed may be a platform under other federations, in which case the access platform identification may include an identification of the federation to which the platform to be accessed corresponds.
And S204, determining a second platform corresponding to the access platform identifier according to the access platform identifier, wherein the second platform comprises platforms outside the current alliance and under other alliances.
It should be noted that, the first platform may store in advance correspondence relationships between a plurality of other platforms and identifiers of the other platforms.
And then determining a corresponding platform according to the corresponding relation and the platform identification.
And S206, generating target user identity information for accessing the second platform according to the second platform and the user identity information.
It should be noted that the target user identity information may be generated according to the second platform access rule and the user identity information.
And S208, sending the identity information of the target user to the second platform so that the second platform verifies the identity information of the target user.
It should be noted that the verifying the target user identity information by the second platform may include the second platform determining the user identity information according to the target user identity information, and then verifying the user identity information according to a plurality of pieces of user identity information, which are stored in the first platform in advance, as described above.
And S210, under the condition that the second platform verifies the identity information of the target user, sending a verification passing message to the user so that the user accesses the second platform based on the identity information of the target user.
It should be noted that the user identity information can only be used as a credential for accessing the first platform, and the target user identity information can be used as a credential for accessing the second platform.
The alliance communication method provided by the embodiment of the disclosure is applied to a first platform under alliances, by obtaining an access request of a user, generating target user identity information for accessing a second platform according to the user identity information and an access platform identifier contained in the access request, and then sending the target user identity information to the second platform, so that the second platform verifies the target user identity information, and under the condition that the verification is passed, the user can access the second platform according to the target user identity information, so that the user under the first platform can access the second platform, and communication channels among different alliances are opened. The technology for communication between different alliances has grown further mature.
Based on the same inventive concept, the disclosed embodiment provides another alliance communication method.
FIG. 3 is a flow chart illustrating another federation communication method in an embodiment of the present disclosure.
As shown in fig. 3, the federation communication method in the embodiment of the present disclosure differs from the federation communication method in the embodiment described above in that, before S206, the federation communication method in the embodiment of the present disclosure may further include:
and S302, generating an identity conversion rule according to the mapping rule and the intelligent contract, wherein the mapping rule and the intelligent contract are constructed by the negotiation of a first platform and a second platform.
It should be noted that, the first platform and the second platform may negotiate an intelligent contract in advance, and after the intelligent contract negotiation is completed, the intelligent contracts are stored respectively.
The mapping rules may include identity information between different platforms.
It should be noted that the mapping rule may include a mapping rule configured by a user.
It should be noted that the intelligent contract includes: the federation platform identity metadata, the federation platform address, the federation public key, and the federation platform node generation rules.
The federation platform identity metadata may include platform roles, platform attributes, and platform identification data in a plurality of federations and for a plurality of platforms corresponding to each federation.
It should be noted that a plurality of identity transformation rules may be stored in the same platform, and each identity transformation rule may correspond to any platform except the current platform.
Generating target user identity information for accessing the second platform according to the second platform and the user identity information, wherein the target user identity information comprises:
and generating target user identity information for accessing the second platform according to the second platform, the user identity information and the identity conversion rule.
It should be noted that the target user identity information includes:
the role information of the user on the second platform, the attribute information of the user on the second platform and the identification of the user on the second platform.
Based on the same inventive concept, the disclosed embodiments provide yet another federated communication method.
Fig. 4 is a flowchart illustrating still another federated communication method in an embodiment of the present disclosure.
As shown in fig. 4, the federation communication method in the embodiment of the present disclosure differs from the federation communication method in the embodiment described above in that, before S208, the federation communication method in the embodiment of the present disclosure may further include:
s402, encrypting the target user identity information by using a private key to obtain the encrypted target user identity information.
It should be noted that, the first platform under the federation may encrypt the target user identity information according to a pre-stored private key or a pre-stored timestamp.
For example, the encrypted target user identity information may be sent to the second platform through a trusted channel.
For example, the second platform may decrypt the encrypted user identity information according to the public key to obtain the user identity information, and then verify the user identity information.
In the embodiment of the disclosure, the first platform encrypts the user identity information and then sends the encrypted user identity information to the second platform, and since the user identity information is encrypted and then sent to the second platform, the user identity information can be prevented from being stolen in the process of transmitting the user identity information, and the safety of information transmission is improved.
As one specific example, federation identity providers may also be provisioned in the first platform and the second platform, respectively, in this disclosure.
On the basis of setting up the alliance identity provider, the embodiment of the present disclosure can include:
s502, the first platform receives an access request of a user, wherein the access request comprises a platform identifier.
S504, the first platform determines a second platform accessed by the user according to the platform identification;
s506, the first platform sends the access request of the user to a first alliance identity provider corresponding to the second platform.
It should be noted that, a plurality of first federated identity providers may be set in the first platform, and each first federated identity provider corresponds to one platform.
S508, after the first alliance identity provider receives the access request of the user, the first alliance identity provider generates identity information used for accessing the second platform according to the access request of the user.
S510, the first alliance identity provider sends the generated identity information to a first platform;
s512, the first platform sends the generated identity information to the second platform.
S514, the second platform sends the generated identity information to a second federation identity provider arranged on the second platform;
and S516, after receiving the identity information, the second alliance identity provider verifies the identity information to obtain a verification result.
S518, the second federated identity provider sends the verification result to the first platform.
It should be noted that, before the first platform receives the access request of the user, the federation identity provider may be generated in advance according to the intelligent contract.
Based on the same inventive concept, the embodiment of the present disclosure further provides an allied communication apparatus, such as the following embodiments. Because the principle of the embodiment of the apparatus for solving the problem is similar to that of the embodiment of the method, the embodiment of the apparatus can be implemented by referring to the implementation of the embodiment of the method, and repeated details are not described again.
Fig. 6 is a schematic diagram illustrating an alliance identity providing apparatus according to an embodiment of the present disclosure, and as shown in fig. 6, the apparatus 600 includes:
an obtaining module 602, configured to obtain an access request of a user, where the access request includes user identity information and an access platform identifier;
a determining module 604, configured to determine, according to the access platform identifier, a second platform corresponding to the access platform identifier, where the second platform includes platforms outside the current federation and under other federations;
a first generating module 606, configured to generate, according to the second platform and the user identity information, target user identity information for accessing the second platform;
a first sending module 608, configured to send the target user identity information to the second platform, so that the second platform verifies the target user identity information;
and a second sending module 610, configured to send, when the second platform passes the verification of the target user identity information, a verification passing message to the user, so that the user accesses the second platform based on the target user identity information.
The alliance communication device provided by the embodiment of the disclosure is applied to a first platform under alliances, and is used for generating target user identity information for accessing a second platform according to user identity information and an access platform identifier contained in an access request by acquiring an access request of a user, and then sending the target user identity information to the second platform so as to enable the second platform to verify the target user identity information. The technology for communication between different federations has grown further.
In one embodiment of the present disclosure, the federation communication device further includes:
a second generating module 612, configured to generate an identity transformation rule according to a mapping rule and an intelligent contract before generating target user identity information for accessing the second platform according to the second platform and the user identity information, where the mapping rule and the intelligent contract are constructed by negotiation between the first platform and the second platform;
a first generation module 606 comprising:
and the first generating unit is used for generating target user identity information for accessing the second platform according to the second platform, the user identity information and the identity conversion rule.
In one embodiment of the present disclosure, a smart contract comprises: the federation platform identity metadata, the federation platform address, the federation public key, and the federation platform node generation rules.
In one embodiment of the present disclosure, the user identity information includes:
the method comprises the steps of obtaining user role information on a first platform, user attribute information on the first platform and user identification on the first platform.
In one embodiment of the present disclosure, the target user identity information includes:
the role information of the user on the second platform, the attribute information of the user on the second platform and the identification of the user on the second platform.
In one embodiment of the present disclosure, the federation communication device further includes:
the encryption module 614 is configured to encrypt the target user identity information with a private key before sending the target user identity information to the second platform so that the second platform verifies the target user identity information, so as to obtain encrypted target user identity information;
a third sending module 616, configured to send the target user identity information to the second platform, so that the second platform verifies the target user identity information, including:
the fourth sending module 618 is configured to send the encrypted target user identity information to the second platform, so that the second platform decrypts the encrypted target user identity information according to the public key and verifies the target user identity information obtained after decryption.
As will be appreciated by one skilled in the art, aspects of the present disclosure may be embodied as a system, method or program product. Accordingly, various aspects of the disclosure may be embodied in the form of: an entirely hardware embodiment, an entirely software embodiment (including firmware, microcode, etc.) or an embodiment combining hardware and software aspects that may all generally be referred to herein as a "circuit," module "or" system.
An electronic device 700 according to this embodiment of the disclosure is described below with reference to fig. 7. The electronic device 700 shown in fig. 7 is only an example and should not bring any limitation to the functions and the scope of use of the embodiments of the present disclosure.
As shown in fig. 7, electronic device 700 is in the form of a general purpose computing device. The components of the electronic device 700 may include, but are not limited to: the at least one processing unit 710, the at least one memory unit 720, and a bus 730 that couples various system components including the memory unit 720 and the processing unit 710.
Where the memory unit stores program code, the program code may be executed by the processing unit 710 to cause the processing unit 710 to perform the steps according to various exemplary embodiments of the present disclosure as described in the "exemplary methods" section above in this specification. For example, the processing unit 710 may perform the following steps of the above-described method embodiment:
acquiring an access request of a user, wherein the access request comprises user identity information and an access platform identifier;
determining a second platform corresponding to the access platform identifier according to the access platform identifier, wherein the second platform comprises platforms outside the current alliance and under other alliances;
generating target user identity information for accessing the second platform according to the second platform and the user identity information;
sending the target user identity information to a second platform so that the second platform verifies the target user identity information;
and under the condition that the second platform passes the verification of the identity information of the target user, sending a verification passing message to the user so that the user accesses the second platform based on the identity information of the target user.
The storage unit 720 may include readable media in the form of volatile memory units, such as a random access memory unit (RAM) 7201 and/or a cache memory unit 7202, and may further include a read only memory unit (ROM) 7203.
The storage unit 720 may also include a program/utility 7204 having a set (at least one) of program modules 7205, such program modules 7205 including, but not limited to: an operating system, one or more application programs, other program modules, and program data, each of which, or some combination thereof, may comprise an implementation of a network environment.
The electronic device 700 may also communicate with one or more external devices 740 (e.g., keyboard, pointing device, bluetooth device, etc.), with one or more devices that enable a user to interact with the electronic device 700, and/or with any devices (e.g., router, modem, etc.) that enable the electronic device 700 to communicate with one or more other computing devices. Such communication may occur through input/output (I/O) interfaces 750. Also, the electronic device 700 may communicate with one or more networks (e.g., a Local Area Network (LAN), a Wide Area Network (WAN), and/or a public network such as the Internet) via the network adapter 760. As shown, the network adapter 760 communicates with the other modules of the electronic device 700 via the bus 730. It should be appreciated that although not shown in the figures, other hardware and/or software modules may be used in conjunction with the electronic device 700, including but not limited to: microcode, device drivers, redundant processing units, external disk drive arrays, RAID systems, tape drives, and data backup storage systems, among others.
Through the above description of the embodiments, those skilled in the art will readily understand that the exemplary embodiments described herein may be implemented by software, or by software in combination with necessary hardware. Therefore, the technical solution according to the embodiments of the present disclosure may be embodied in the form of a software product, which may be stored in a non-volatile storage medium (which may be a CD-ROM, a usb disk, a removable hard disk, etc.) or on a network, and includes several instructions to enable a computing device (which may be a personal computer, a server, a terminal device, or a network device, etc.) to execute the method according to the embodiments of the present disclosure.
In an exemplary embodiment of the present disclosure, there is also provided a computer-readable storage medium, which may be a readable signal medium or a readable storage medium. On which a program product capable of implementing the above-described method of the present disclosure is stored. In some possible embodiments, various aspects of the disclosure may also be implemented in the form of a program product comprising program code for causing a terminal device to perform the steps according to various exemplary embodiments of the disclosure described in the above-mentioned "exemplary methods" section of this specification, when the program product is run on the terminal device.
More specific examples of the computer-readable storage medium in the present disclosure may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
In the present disclosure, a computer readable storage medium may include a propagated data signal with readable program code embodied therein, either in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A readable signal medium may also be any readable medium that is not a readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device.
Alternatively, program code embodied on a computer readable storage medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.
In particular implementations, program code for carrying out operations of the present disclosure may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, C + +, or the like, as well as conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, as a stand-alone software package, partly on the user's computing device and partly on a remote computing device, or entirely on the remote computing device or server. In the case of a remote computing device, the remote computing device may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computing device (e.g., through the internet using an internet service provider).
It should be noted that although in the above detailed description several modules or units of the device for action execution are mentioned, such a division is not mandatory. Indeed, the features and functions of two or more modules or units described above may be embodied in one module or unit, according to embodiments of the present disclosure. Conversely, the features and functions of one module or unit described above may be further divided into embodiments by a plurality of modules or units.
Moreover, although the steps of the methods of the present disclosure are depicted in the drawings in a particular order, this does not require or imply that the steps must be performed in this particular order, or that all of the depicted steps must be performed, to achieve desirable results. Additionally or alternatively, certain steps may be omitted, multiple steps combined into one step execution, and/or one step broken down into multiple step executions, etc.
Through the above description of the embodiments, those skilled in the art will readily understand that the exemplary embodiments described herein may be implemented by software, or by software in combination with necessary hardware. Therefore, the technical solution according to the embodiments of the present disclosure may be embodied in the form of a software product, which may be stored in a non-volatile storage medium (which may be a CD-ROM, a usb disk, a removable hard disk, etc.) or on a network, and includes several instructions to enable a computing device (which may be a personal computer, a server, a mobile terminal, or a network device, etc.) to execute the method according to the embodiments of the present disclosure.
Other embodiments of the disclosure will be apparent to those skilled in the art from consideration of the specification and practice of the disclosure disclosed herein. This disclosure is intended to cover any variations, uses, or adaptations of the disclosure following, in general, the principles of the disclosure and including such departures from the present disclosure as come within known or customary practice in the art to which the disclosure pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the disclosure being indicated by the following claims.
Claims (10)
1. An alliance communication method, which is applied to a first platform under alliance, and comprises the following steps:
acquiring an access request of a user, wherein the access request comprises user identity information and an access platform identifier;
determining a second platform corresponding to the access platform identifier according to the access platform identifier, wherein the second platform comprises platforms outside the current alliance and under other alliances;
generating target user identity information for accessing the second platform according to the second platform and the user identity information;
sending the target user identity information to the second platform so that the second platform verifies the target user identity information;
and under the condition that the second platform passes the verification of the target user identity information, sending a verification passing message to the user so that the user accesses the second platform based on the target user identity information.
2. A federation communication method as claimed in claim 1, wherein before generating target user identity information for accessing a second platform from the second platform and user identity information, the method further comprises:
generating an identity conversion rule according to a mapping rule and an intelligent contract, wherein the mapping rule and the intelligent contract are constructed by the first platform and the second platform in a negotiation manner;
generating target user identity information for accessing the second platform according to the second platform and the user identity information, wherein the target user identity information comprises:
and generating target user identity information for accessing the second platform according to the second platform, the user identity information and the identity conversion rule.
3. A federation communication method as claimed in claim 2, wherein said intelligent contract comprises: the federation platform identity metadata, the federation platform address, the federation public key, and the federation platform node generation rules.
4. A federation communication method as claimed in claim 2, wherein the user identity information comprises:
the method comprises the steps of obtaining user role information on a first platform, user attribute information on the first platform and user identification on the first platform.
5. A federation communication method as claimed in claim 2, wherein said target user identity information comprises:
the role information of the user on the second platform, the attribute information of the user on the second platform and the identification of the user on the second platform.
6. A federation communication method as recited in claim 1, wherein before sending the target user identity information to the second platform for the second platform to verify the target user identity information, the method further comprises:
encrypting the target user identity information by using a private key to obtain encrypted target user identity information;
sending the target user identity information to the second platform so that the second platform verifies the target user identity information, wherein the method comprises the following steps:
and sending the encrypted target user identity information to the second platform so that the second platform decrypts the encrypted target user identity information according to the public key and verifies the target user identity information obtained after decryption.
7. An alliance communication system, wherein the system is applied to a first platform under alliance, the system comprises: the system comprises an acquisition device, a sending device and a plurality of alliance identity providing devices, wherein each alliance identity providing device corresponds to a platform;
the acquiring device is used for acquiring an access request of a user, the access request comprises user identity information and an access platform identifier, a second platform corresponding to the access platform identifier is determined according to the access platform identifier, the second platform comprises platforms under other alliances except the current alliance, an alliance identity providing device corresponding to the second platform is determined according to the second platform, and the user identity information is sent to the alliance identity providing device;
the alliance identity providing device is used for generating target user identity information for accessing the second platform according to the second platform and the user identity information and sending the target identity information to the sending device;
the sending device is configured to send the target user identity information to the second platform, so that the second platform verifies the target user identity information, and send a verification passing message to the user when the second platform passes the verification of the target user identity information, so that the user accesses the second platform based on the target user identity information.
8. An federated communication device, applied to a first platform under a federation, the device comprising:
the system comprises an acquisition module, a storage module and a processing module, wherein the acquisition module is used for acquiring an access request of a user, and the access request comprises user identity information and an access platform identifier;
a determining module, configured to determine, according to the access platform identifier, a second platform corresponding to the access platform identifier, where the second platform includes platforms outside a current federation and under other federations;
the first generation module is used for generating target user identity information for accessing the second platform according to the second platform and the user identity information;
the first sending module is used for sending the target user identity information to the second platform so that the second platform verifies the target user identity information;
and the second sending module is used for sending a verification passing message to the user under the condition that the second platform passes the verification of the target user identity information so as to enable the user to access the second platform based on the target user identity information.
9. An electronic device, comprising:
a processor; and
a memory for storing executable instructions of the processor;
wherein the processor is configured to perform the federation communication method of any one of claims 1 to 6 via execution of the executable instructions.
10. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the resource communication method according to any one of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211160397.1A CN115515135A (en) | 2022-09-22 | 2022-09-22 | Alliance communication method, system, device, equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211160397.1A CN115515135A (en) | 2022-09-22 | 2022-09-22 | Alliance communication method, system, device, equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115515135A true CN115515135A (en) | 2022-12-23 |
Family
ID=84505576
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211160397.1A Pending CN115515135A (en) | 2022-09-22 | 2022-09-22 | Alliance communication method, system, device, equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115515135A (en) |
-
2022
- 2022-09-22 CN CN202211160397.1A patent/CN115515135A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP3916604B1 (en) | Method and apparatus for processing privacy data of block chain, device, storage medium and computer program product | |
| US11196561B2 (en) | Authorized data sharing using smart contracts | |
| US11200334B2 (en) | Data sharing via distributed ledgers | |
| US20110167263A1 (en) | Wireless connections to a wireless access point | |
| KR101541591B1 (en) | System and method for single-sign-on in virtual desktop infrastructure environment | |
| CN113132388B (en) | Data security interaction method and system | |
| WO2020233049A1 (en) | Data authorization method and apparatus of blockchain system, storage medium, and electronic device | |
| CN111199037B (en) | Login method, system and device | |
| CN107463848B (en) | Application-oriented ciphertext search method, device, proxy server and system | |
| CN111698264A (en) | Method and apparatus for maintaining user authentication sessions | |
| CN112560003A (en) | User authority management method and device | |
| CN113709111B (en) | Connection establishment method and device | |
| CN113329242A (en) | Resource management method and device | |
| CN114840739B (en) | Information retrieval method, device, electronic equipment and storage medium | |
| CN115515135A (en) | Alliance communication method, system, device, equipment and storage medium | |
| CN114598549B (en) | Customer SSL certificate verification method and device | |
| CN108958771A (en) | Update method, device, server and the storage medium of application program | |
| CN113420331B (en) | Method and device for managing file downloading permission | |
| CN115242492B (en) | Firmware hard-coded encryption method, device, electronic equipment and storage medium | |
| CN115801252B (en) | Safe cloud desktop system combined with quantum encryption technology | |
| CN113626873B (en) | Authentication method, device, electronic equipment and computer readable medium | |
| CN115664797A (en) | Information transmission method, device, equipment and storage medium | |
| CN116055805A (en) | Video encryption method, video decryption method and related equipment | |
| CN116112156A (en) | Encryption method, decryption method, device, equipment and storage medium | |
| CN114978736A (en) | Method and device for encrypting cookie based on load balancing equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |