CN116915482A - Identity authentication platform and method integrating multi-platform identity information - Google Patents
Identity authentication platform and method integrating multi-platform identity information Download PDFInfo
- Publication number
- CN116915482A CN116915482A CN202311000577.8A CN202311000577A CN116915482A CN 116915482 A CN116915482 A CN 116915482A CN 202311000577 A CN202311000577 A CN 202311000577A CN 116915482 A CN116915482 A CN 116915482A
- Authority
- CN
- China
- Prior art keywords
- identity authentication
- platform
- identity information
- user
- identity
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 20
- 238000012795 verification Methods 0.000 claims description 13
- 230000005540 biological transmission Effects 0.000 claims description 4
- 238000007726 management method Methods 0.000 description 23
- 239000008186 active pharmaceutical agent Substances 0.000 description 20
- 238000010586 diagram Methods 0.000 description 10
- 230000010354 integration Effects 0.000 description 10
- 238000006243 chemical reaction Methods 0.000 description 5
- 238000011161 development Methods 0.000 description 5
- 230000006870 function Effects 0.000 description 5
- 238000004891 communication Methods 0.000 description 4
- 230000008569 process Effects 0.000 description 4
- 230000001737 promoting effect Effects 0.000 description 4
- 238000012546 transfer Methods 0.000 description 4
- 238000013475 authorization Methods 0.000 description 3
- 238000010276 construction Methods 0.000 description 3
- 238000013461 design Methods 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 230000004927 fusion Effects 0.000 description 3
- 230000007246 mechanism Effects 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 230000009286 beneficial effect Effects 0.000 description 2
- 239000003814 drug Substances 0.000 description 2
- 230000036541 health Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- LPLLVINFLBSFRP-UHFFFAOYSA-N 2-methylamino-1-phenylpropan-1-one Chemical compound CNC(C)C(=O)C1=CC=CC=C1 LPLLVINFLBSFRP-UHFFFAOYSA-N 0.000 description 1
- 240000003023 Cosmos bipinnatus Species 0.000 description 1
- 235000005956 Cosmos caudatus Nutrition 0.000 description 1
- 241000280258 Dyschoriste linearis Species 0.000 description 1
- 230000002159 abnormal effect Effects 0.000 description 1
- 230000004308 accommodation Effects 0.000 description 1
- 230000009471 action Effects 0.000 description 1
- 230000006978 adaptation Effects 0.000 description 1
- 238000012550 audit Methods 0.000 description 1
- 230000000903 blocking effect Effects 0.000 description 1
- 210000004556 brain Anatomy 0.000 description 1
- 238000005336 cracking Methods 0.000 description 1
- 230000006378 damage Effects 0.000 description 1
- 238000013523 data management Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000000586 desensitisation Methods 0.000 description 1
- 208000037265 diseases, disorders, signs and symptoms Diseases 0.000 description 1
- 208000035475 disorder Diseases 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000003621 hammer milling Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 238000009440 infrastructure construction Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 230000002427 irreversible effect Effects 0.000 description 1
- 238000003032 molecular docking Methods 0.000 description 1
- 238000013439 planning Methods 0.000 description 1
- 239000013049 sediment Substances 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/045—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0815—Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
Abstract
The invention relates to the technical field of multi-platform identity authentication, and provides an identity authentication platform and method integrating multi-platform identity information. The method comprises the following steps: the system comprises a user, an application service server and a real-name identity authentication server; the application service server is used for uploading the user identity information to the real-name identity authentication server; the user identity information comprises user identity information in various APP (application) which needs to provide user identity authentication; the real-name identity authentication server is used for fusing the user identity information in the plurality of APP to generate a unique user identity authentication code, and transmitting the unique user identity authentication code to the user side according to a request instruction of the user side; the user terminal is used for displaying the unique user identity authentication code.
Description
Technical Field
The invention relates to the technical field of multi-platform identity authentication, in particular to an identity authentication platform and method integrating multi-platform identity information.
Background
The statements in this section merely provide background information related to the present disclosure and may not necessarily constitute prior art.
At present, various platforms have two-dimensional codes independent of user identity information, which brings confusing and splitting risks to the aspects of core data assets of digital economy, and the following problems exist in detail due to the numerous platforms:
1. inlet non-uniformity
The various portals cause that the masses often need to switch among a plurality of APP or a plurality of portals when using the two-dimensional codes, and the people often have to wait for the trouble of using and repeated learning cost are caused.
2. Standard disagreement
Different industries may employ different two-dimensional code identity authentication technical standards and protocols, resulting in interoperability problems between systems. Lack of uniform technical standards may increase complexity of development and integration and limit the convenience of users using the same identity authentication between different industries.
3. Data not sharing
Various design systems of two-dimensional codes are related to a personal information database and a business information database, but because various two-dimensional code systems are not designed uniformly in the whole, even some two-dimensional codes design a set of system by themselves only because data of other two-dimensional codes cannot be obtained so as to realize the effect of information collection, almost no unified standard exists in the aspects of digital dictionary, data specification, data management, data safety and the like of data among various two-dimensional codes, and even though the sharing of the data is not referred to, repeated acquisition and repeated construction of a large amount of data are caused, and finally, the risks of a large number of data but sediment mixing and more disorder of the data are formed.
4. Safety and security difficulty guarantee
The two-dimensional code identity authentication system may be subjected to security threats such as data disclosure, identity counterfeiting, malicious tampering and the like. An attacker can obtain the identity information of other people through cracking an algorithm or utilizing a system vulnerability, so as to perform illegal operation or impersonate other people.
Each two-dimensional code relates to personal information of citizens and privacy data in various aspects, and has many technical problems and risk management requirements in the aspects of data acquisition, transmission, storage, application, exchange, destruction and the like. In particular, laws and regulations such as "personal data protection law," data security law, "network security law," etc. have definite legal requirements for protecting personal data, and if the design of the two-dimensional code system cannot meet legal requirements and technical requirements for protecting data security and privacy, various risks such as data disclosure and privacy exposure are easily caused.
Disclosure of Invention
In order to solve the defects of the prior art, the invention provides an identity authentication platform and a method for fusing multi-platform identity information.
In order to achieve the above purpose, the present invention adopts the following technical scheme:
the first aspect of the invention provides an identity authentication platform integrating multi-platform identity information.
An identity authentication platform incorporating multi-platform identity information, comprising: the system comprises a user, an application service server and a real-name identity authentication server;
the application service server is used for uploading the user identity information to the real-name identity authentication server; the user identity information comprises user identity information in various APP (application) which needs to provide user identity authentication;
the real-name identity authentication server is used for fusing the user identity information in the plurality of APP to generate a unique user identity authentication code, and transmitting the unique user identity authentication code to the user side according to a request instruction of the user side;
the user terminal is used for displaying the unique user identity authentication code.
Further, the real-name identity authentication server comprises a trusted identity authentication platform service layer, wherein the trusted identity authentication platform service layer comprises a first interface service module, an API gateway service module and a second interface service module;
the first interface service module is used for providing a protocol for connecting an application service server;
the API gateway service module is used for providing an identity protocol XID-API gateway for connecting the first interface service module and the second interface service module;
the second interface service module is used for providing an identity authentication interface, a business system interface, a database interface, an expansion interface and a network certificate interface which are connected with the public security information system.
Further, the real-name identity authentication server further comprises; the management layer is connected with the trusted identity authentication platform service layer and is used for fusing the user identity information in the plurality of APP to generate a unique user identity authentication code, and the unique user identity authentication code is sent to the user side according to a request instruction of the user side.
Still further, the management layer includes a query module for querying relevant data of the user identity information.
Still further, the management layer further includes a verification module, where the verification module is configured to verify user identity information.
Still further, the management layer also includes a transmission module for transmitting the authenticated user identity information from one blockchain network to another blockchain network.
Still further, the management layer further includes an encryption module, where the encryption module is configured to encrypt the user identity information.
Still further, the management layer further includes a rights management module for setting an administrator right to allow viewing of user identity information.
Further, the various APPs that are required to provide user identity authentication include, but are not limited to: finance APP, risk APP, government APP, social security APP, public security APP, traffic system APP, education APP, community system APP, hotel APP and civilian APP.
The second aspect of the invention provides an identity authentication method integrating multi-platform identity information.
An identity authentication method integrating multi-platform identity information is applied to a real-name identity authentication server and comprises the following steps:
receiving user identity information uploaded by an application service server; the user identity information comprises user identity information in various APP (application) which needs to provide user identity authentication;
fusing the user identity information in the plurality of APPs to generate a unique user identity authentication code;
and responding to the request instruction of the user terminal, and sending the unique user identity authentication code to the user terminal so that the user terminal displays the unique user identity authentication code.
Compared with the prior art, the invention has the beneficial effects that:
the invention fuses the user identity information in various APP which needs to provide user identity authentication to obtain the unique user identity authentication code, realizes data sharing, and can authenticate on each platform by only displaying the unique user identity authentication code with unified standard without independent identity authentication code display on each platform when the user needs to authenticate the identity on each platform, thereby providing convenience for the user and promoting digital city construction.
The code is applied to the scene of building a whole city, realizing the code in eight fields of government service, transportation, medicine and health, public place management, cultural travel, basic community management, commerce and trade circulation and internal transaction management, and promoting the innovative application of multi-code fusion and mutual recognition and intercommunication of two-dimension codes in each field.
In the process of multi-platform data transmission, user identity information fusion and the like, the encryption algorithm is adopted, so that the safety of the unique user identity authentication code is ensured, and the leakage of the user identity information is avoided.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this specification, illustrate embodiments of the invention and together with the description serve to explain the invention.
FIG. 1 is a block diagram of an identity authentication platform incorporating multi-platform identity information shown in the present invention;
FIG. 2 is a functional and traceability diagram of the identity authentication platform of the present invention incorporating multi-platform identity information;
FIG. 3 is a diagram of an identity protocol API gateway architecture shown in the present invention;
FIG. 4 is a partial block diagram of an identity authentication platform incorporating multi-platform identity information shown in the present invention;
FIG. 5 is a specific block diagram of the identity authentication platform incorporating multi-platform identity information shown in the present invention;
fig. 6 is an application example diagram of an identity authentication platform with multi-platform identity information integrated in an internet government scene;
FIG. 7 is an exemplary diagram of an application of the identity authentication platform of the present invention in a secure urban scenario, where the identity authentication platform is fused with multi-platform identity information;
FIG. 8 is an exemplary diagram of an application of the identity authentication platform of the present invention in a traffic city scenario, where the identity authentication platform is integrated with multi-platform identity information;
FIG. 9 is an exemplary diagram of an application of an authentication platform with integrated multi-platform identity information in an on-code financial scenario;
fig. 10 is an application example diagram of an identity authentication platform application fusing multi-platform identity information in a city innovation management scenario, which is shown in the present invention.
Detailed Description
The invention will be further described with reference to the drawings and examples.
It should be noted that the following detailed description is exemplary and is intended to provide further explanation of the invention. Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs.
It is noted that the terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of exemplary embodiments according to the present invention. As used herein, the singular is also intended to include the plural unless the context clearly indicates otherwise, and furthermore, it is to be understood that the terms "comprises" and/or "comprising" when used in this specification are taken to specify the presence of stated features, steps, operations, devices, components, and/or combinations thereof.
In the present invention, terms such as "coupled," "connected," and the like are to be construed broadly and mean either directly or indirectly via an intermediary. The specific meaning of the terms in the present invention can be determined according to circumstances by a person skilled in the relevant art or the art, and is not to be construed as limiting the present invention.
Embodiments of the invention and features of the embodiments may be combined with each other without conflict.
Example 1
As shown in fig. 1 and 5, this embodiment provides an identity authentication platform integrating multiple platform identity information, including: the system comprises a user, an application service server and a real-name identity authentication server;
the application service server is used for uploading the user identity information to the real-name identity authentication server; the user identity information comprises user identity information in various APP (application) which needs to provide user identity authentication;
the real-name identity authentication server is used for fusing the user identity information in the plurality of APP to generate a unique user identity authentication code, and transmitting the unique user identity authentication code to the user side according to a request instruction of the user side;
the user terminal is used for displaying the unique user identity authentication code.
The present embodiment will be described in detail with reference to the accompanying drawings:
by means of the national digital identity card resource, province and municipal administration big data platform, the unified identity authentication platform based on portrait identification, digital identity and entity identity is provided by building an accurate identity authentication platform, and the authentication system integrating face recognition, digital identity and entity identity is pushed in places such as government administration service, convenience administration service and public places, so that government administration service and convenience administration service level are further improved, approval efficiency is continuously improved, the business environment is optimized, and convenience and satisfaction of masses are improved.
A network credible identity authentication system with multiple factors, multiple layers and multiple security levels is constructed by relying on a CTID platform, so that the identity authentication requirements of different industries, different application scenes and different security levels are met, as shown in figure 2.
A safe and noninductive digital identity city root data system is established, and a digital identity data base is provided for novel smart cities and city brains.
Provides basic support for comprehensively implementing deepened 'Internet plus' action plan in cities, promoting network real-name strategy, facilitating online business of enterprises and masses, realizing online and offline identity management integration,
the support and guarantee are provided for public security authorities to prevent network illegal crimes and practically maintain national network security, power-assisted public security big data strategy and build intelligent public security.
Resident code development planning for responding to national call of 'identity card electronization' enhances popularization and application of electronic certificates and electronic certificates, builds unified 'resident codes', 'enterprise codes', associates various electronic 'certificates, photographs, cards and codes' issued by various departments at each level with the resident codes, and quickens realization of 'one-code passing (city)'.
And constructing a safe and noninductive digital identity root data platform, breaking the 'ten thousand codes Pentium' and realizing 'one-code city'.
1. Trusted identity authentication platform for building urban level unified network
The technology, security and management system based on resident identity card uses national cryptographic algorithm to perform irreversible desensitization treatment on legal identity card information to form network function certificate (network card for short) uniquely mapped with legal identity card, establishes city level unified network credible identity authentication platform, i.e. provides unified identity authentication platform based on portrait identification, digital identity and entity identity.
The method realizes multi-mode, large-scale and high-concurrency online safety authentication, and solves the problems of privacy protection and data safety of online identity authentication from the source.
The method takes an administrative area city as a unit, and provides a government authority with judicial law enforcement and administrative law enforcement, and provides the government authority with a biological identity noninductive accurate identification identity terminal device and an application platform for urban personnel by using a safety device, a super algorithm, authoritative data and a controlled system.
(1) Cross-chain interoperability:
to enable cross-chain authentication and information sharing between different blockchain networks, cross-chain standards and protocols, such as Interledger, polkadot, cosmos, etc., may be used. By supporting these standards, the API gateway is able to interoperate with different blockchain networks and perform cross-chain identity transfer and sharing.
(2) Security and privacy protection:
the existing RSA+AES hybrid encryption algorithm is adopted to conduct security policy data protection, firstly an RSA asymmetric encryption algorithm is used for conducting key exchange, and then an AES symmetric encryption algorithm is conducted on symmetric keys obtained through exchange to encrypt actual data. The existing RSA is adopted for key exchange and digital signature verification. The use of HTTPS (SSL/TLS based) secure transport protocol may encrypt and protect the security of data and communications in network communications, and the like. Meanwhile, the API gateway should implement strict authentication, access control and authority management mechanisms to ensure that legal users have access to and operate identity information, and protect personal privacy from being revealed or abused.
(3) Performance and extensibility:
with high performance server architecture and distributed technology, using nmginx as a load balancer can help distribute incoming requests to multiple backend servers, balance load and improve system performance. The application features of the Kubernetes include micro-service architecture, containerized application programs, high availability and elasticity, multi-cloud deployment and automation operation and management, and by using the Kubernetes, the reliability, expandability, management efficiency and other related measures of the application programs can be improved to process a large number of concurrent requests and support the horizontal expansion of the system. This satisfies the ever-increasing user demands and ensures the stability and scalability of the system.
(4) Heterogeneous chain integration:
heterogeneous chain integration refers to integrating different platforms and protocols together to support cross-chain interactions and communications. To enable heterogeneous chain integration, an adapter and plug-in system may be employed to enable support for different blockchain platforms and protocols.
An adapter is a piece of middleware software that connects and translates different platforms and protocols. It provides a unified interface and data format so that different systems can interact and communicate with each other. The adapter can perform data format conversion, transaction forwarding, verification and other operations according to the requirements of a specific platform and protocol.
A plug-in system is an extensible architecture for dynamically loading and managing different platform plug-ins. Each plug-in may implement support for a particular platform or protocol and provide corresponding functionality and services. Through the plug-in system, proper plug-ins can be selected and loaded according to the needs, so that integration of different platforms and protocols is realized. In heterogeneous chain integration, the adapter and plug-in system may work together to achieve seamless integration of various platforms and protocols. The adapter is responsible for handling communications and data conversion between different platforms, while the plug-in system provides an extensible architecture so that new platforms and protocols can be easily added and integrated.
It should be noted that, when heterogeneous chain integration is performed, security, compatibility and other issues need to be carefully considered, so as to ensure stability and reliability of integration. In this way, the API gateway can adapt according to the characteristics of different chains and interface specifications, so as to realize interoperability with different platform networks.
(5) Error handling and fault tolerance mechanisms:
robust error handling and fault tolerance mechanisms should be implemented to detect and handle abnormal situations in time. By periodically sending heartbeat signals in the system, it is detected whether the system is still responding and operating. If the heartbeat signal is not received within a set time, the system may be deemed to be faulty or unusable. The retry strategy can be used to automatically retry when the system fails to operate, so as to improve the success rate of operation. Upon failure or error, the system may automatically re-perform the operation until the operation is successful or the maximum number of retries is reached. With primary-to-backup system failover techniques, the load of the system is transferred to a backup machine or backup system upon failure to maintain system continuity and availability. The system is ensured to continue to provide service when a fault event occurs, the problem can be found out in time and processed, and the stable operation of the system is ensured.
The access identity protocol XID-API gateway based on the authoritative CTID platform can provide safety and efficient service of cross-chain identity verification and information sharing, and solves the technical problems of safety, accuracy, interoperability and the like in the identity authentication process.
2. Building city one-code city-passing APP
And constructing an area integrated one-code-linked city service system according to the ideas of a unified login platform, a unified identity two-dimensional code and unified data resource management, and further integrating government affairs and public service resources.
Accessing an identity protocol XID-API gateway based on an authoritative CTID platform: identity authentication API gateway, main working content: protocol SDK access, protocol format conversion and protocol unified output; (1) The method ensures that no matter what format the data at the back end is, the final presentation at the front end is Web Service and Restful API, and ensures the consistency of the data; (2) The conversion of the data protocol format provides technical support for enterprise business application, and simultaneously greatly reduces the interconnection and intercommunication cost of external data of enterprises.
Currently, various cities are built to complete various city operation APP or enterprise informatization APP, and user identity verification schemes are often defined by APP developers for verification technical schemes of resident identities. The resident identity network trusted Certificate (CTID) system is developed and realized for many years, and is demonstrated by a plurality of rounds of national authorities and experts, so that a technical standard system of more than ten lines of countries is formed, and the resident identity network trusted Certificate (CTID) system is subjected to hammer milling for a long time from the aspects of technology, standard and product realization. However, how to upgrade the existing city APP or industry APP to CTID and authoritative identity authentication interface has more existing software modification work. The authoritative identity CTID access API gateway supports a related standard protocol, can carry out custom adaptation development on the developed APP identity authentication protocol, realizes the smooth upgrading of the identity authentication of the original system, and supports the CTID identity authentication function.
(1) The authoritative identity CTID platform is docked, as shown in FIG. 3;
oauth2.0 (RFC 6759) authentication protocol interfacing;
docking of an OpenID authentication protocol;
the SAML authentication protocol interfaces;
(2) application field:
a. the built operation APP identity authentication is upgraded to CTID identity authentication
b. Conversion mutual authentication of multiple different identity authentication protocols
(3) The main functions are as follows:
authentication and registration:
and the API gateway is used as an identity verification entrance, receives an identity verification request of a user, and verifies the identity through a CTID network card identity protocol. It also provides a user registration function for creating new identity credentials.
Querying identity information:
the API gateway may provide a query function allowing a user to query for relevant data of his identity information, such as basic information, authentication records, etc.
Identity information verification and authorization:
the API gateway can verify the identity information of the user and ensure its validity and authenticity. It also allows for identity authorization of operations requiring authorization, ensuring that only authenticated users are authorized to perform certain operations.
Cross-chain identity transfer and sharing:
the API gateway supports cross-chain identity transfer and sharing, allows users to transfer their authenticated identity information from one blockchain network to another, and enables portability and shareability of identities on different chains.
Security protection and access control:
the API gateway is responsible for the security protection and access control of the identity information, and adopts necessary encryption and authority control measures to ensure the confidentiality and the integrity of the identity information of the user.
Logging and auditing:
the API gateway records the identity verification and operation log of the user so as to facilitate subsequent audit and tracking and ensure the safety and compliance of the system.
High performance and scalability:
the API gateway needs to have high performance and scalability, be able to handle a large number of concurrent requests, and support horizontal expansion of the system.
The identity protocol XID-API gateway business process is shown in fig. 4.
Under the technical framework of intelligent X 'cloud, five platforms and multidimensional application', the public service platform for one-code city through is used for uniformly logging in the platform, so that the ticket service platform in the convenience fields such as travel, culture, sports, scenic spots and the like is unified.
Code city-through platform energized service scene
(1) Enabling scenario 1: trusted digital identity + internet government affairs as shown in figure 6.
(2) Enabling scenario 2: trusted digital identity + secure city as shown in figure 7.
(3) Enabling scene 3: trusted digital identity + traffic city as shown in figure 8.
(4) Enabling scene 4: trusted digital identity + code finance, as shown in figure 9.
(5) Enabling scene 4: trusted digital identity + innovation management as shown in figure 10.
The code is applied to the scene of building a whole city, realizing the code in eight fields of government service, transportation, medicine and health, public place management, cultural travel, basic community management, commerce and trade circulation and internal transaction management, and promoting the innovative application of multi-code fusion and mutual recognition and intercommunication of two-dimension codes in each field.
The urban operation platform for establishing digital identities will greatly contribute to the development of urban digital economic infrastructure construction. The digital identity verification platform is based on authoritative complete identity data, and provides reliable identity authentication support for the fields of Internet, education, medical treatment, finance, accommodation, judicial, social security and the like, so that digital identity ecology is constructed.
The code-through city is applied to the channels such as government service, transportation trip, literature performance, sports event, park scenic spot and the like from the pain point of city management and development, from the blocking point of enterprises and citizens, from the foothold point of enhanced information and beneficial to citizens, so that more citizens can enjoy service through one code. The method realizes that one identity code plays a convenient life scene of the whole city, and promotes the digital social construction.
Example two
The embodiment provides an identity authentication method integrating multi-platform identity information.
The identity authentication method integrating the multi-platform identity information is characterized by being applied to a real-name identity authentication server and comprising the following steps of:
receiving user identity information uploaded by an application service server; the user identity information comprises user identity information in various APP (application) which needs to provide user identity authentication;
fusing the user identity information in the plurality of APPs to generate a unique user identity authentication code;
and responding to the request instruction of the user terminal, and sending the unique user identity authentication code to the user terminal so that the user terminal displays the unique user identity authentication code.
The above description is only of the preferred embodiments of the present invention and is not intended to limit the present invention, but various modifications and variations can be made to the present invention by those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present invention should be included in the protection scope of the present invention.
Claims (10)
1. An identity authentication platform integrating multi-platform identity information, comprising: the system comprises a user, an application service server and a real-name identity authentication server;
the application service server is used for uploading the user identity information to the real-name identity authentication server; the user identity information comprises user identity information in various APP (application) which needs to provide user identity authentication;
the real-name identity authentication server is used for fusing the user identity information in the plurality of APP to generate a unique user identity authentication code, and transmitting the unique user identity authentication code to the user side according to a request instruction of the user side;
the user terminal is used for displaying the unique user identity authentication code.
2. The identity authentication platform incorporating multi-platform identity information of claim 1, wherein the real-name identity authentication server comprises a trusted identity authentication platform service layer comprising a first interface service module, an API gateway service module, and a second interface service module;
the first interface service module is used for providing a protocol for connecting an application service server;
the API gateway service module is used for providing an identity protocol XID-API gateway for connecting the first interface service module and the second interface service module;
the second interface service module is used for providing an identity authentication interface, a business system interface, a database interface, an expansion interface and a network certificate interface which are connected with the public security information system.
3. The identity authentication platform incorporating multi-platform identity information of claim 2, wherein the real-name identity authentication server further comprises; the management layer is connected with the trusted identity authentication platform service layer and is used for fusing the user identity information in the plurality of APP to generate a unique user identity authentication code, and the unique user identity authentication code is sent to the user side according to a request instruction of the user side.
4. The identity authentication platform incorporating multi-platform identity information of claim 3, wherein the management layer comprises a query module for querying relevant data of the user identity information.
5. The identity authentication platform incorporating multi-platform identity information of claim 3, wherein the management layer further comprises a verification module for verifying user identity information.
6. The multi-platform identity information converged identity authentication platform of claim 3, wherein the management layer further comprises a transmission module for transmitting verified user identity information from one blockchain network to another blockchain network.
7. The identity authentication platform incorporating multi-platform identity information of claim 3, wherein the management layer further comprises an encryption module for encrypting user identity information.
8. The identity authentication platform incorporating multi-platform identity information of claim 3, wherein the management layer further comprises a rights management module for setting administrator rights that allow viewing of user identity information.
9. The identity authentication platform incorporating multi-platform identity information according to claim 1, wherein the various APPs that need to provide user identity authentication include, but are not limited to: finance APP, risk APP, government APP, social security APP, public security APP, traffic system APP, education APP, community system APP, hotel APP and civilian APP.
10. The identity authentication method integrating the multi-platform identity information is characterized by being applied to a real-name identity authentication server and comprising the following steps of:
receiving user identity information uploaded by an application service server; the user identity information comprises user identity information in various APP (application) which needs to provide user identity authentication;
fusing the user identity information in the plurality of APPs to generate a unique user identity authentication code;
and responding to the request instruction of the user terminal, and sending the unique user identity authentication code to the user terminal so that the user terminal displays the unique user identity authentication code.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311000577.8A CN116915482A (en) | 2023-08-09 | 2023-08-09 | Identity authentication platform and method integrating multi-platform identity information |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311000577.8A CN116915482A (en) | 2023-08-09 | 2023-08-09 | Identity authentication platform and method integrating multi-platform identity information |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116915482A true CN116915482A (en) | 2023-10-20 |
Family
ID=88353183
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311000577.8A Pending CN116915482A (en) | 2023-08-09 | 2023-08-09 | Identity authentication platform and method integrating multi-platform identity information |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116915482A (en) |
-
2023
- 2023-08-09 CN CN202311000577.8A patent/CN116915482A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10829088B2 (en) | Identity management for implementing vehicle access and operation management | |
| US10789373B2 (en) | System and method for securely storing and sharing information | |
| US20190042776A1 (en) | Secure data parser method and system | |
| US7607008B2 (en) | Authentication broker service | |
| CN112580102A (en) | Multi-dimensional digital identity authentication system based on block chain | |
| US8019990B2 (en) | Authority-neutral certification for multiple-authority PKI environments | |
| AU2012315674B2 (en) | Parameter based key derivation | |
| Panda et al. | A blockchain based decentralized authentication framework for resource constrained iot devices | |
| CN101689991A (en) | Device provisioning and domain join emulation over non-secured networks | |
| CN102281286A (en) | Flexible end-point compliance and strong authentication for distributed hybrid enterprises | |
| CN101527634B (en) | System and method for binding account information with certificates | |
| WO2001022650A2 (en) | Server-side implementation of a cryptographic system | |
| CN103152179A (en) | Uniform identity authentication method suitable for multiple application systems | |
| CN102893575B (en) | By means of the disposal password of IPSEC and IKE the 1st edition certification | |
| WO2021101632A1 (en) | Know your customer (kyc) and anti-money laundering (aml) verification in a multi-decentralized private blockchains network | |
| CN104113412A (en) | PaaS platform-based identity authentication method and identity authentication apparatus | |
| CN1601954B (en) | Moving principals across security boundaries without service interruption | |
| CN113487321A (en) | Identity identification and verification method and system based on block chain wallet | |
| CN102255870A (en) | Security authentication method and system for distributed network | |
| CN113259350A (en) | Cryptographic user authorization and authentication system based on key generation algorithm | |
| KR101458820B1 (en) | Secure Data Management Scheme in Cloud Environment in the Public Sector | |
| EP3664363B1 (en) | Device and method for processing public key of user in communication system that includes a plurality of nodes | |
| CN116915482A (en) | Identity authentication platform and method integrating multi-platform identity information | |
| KR102407432B1 (en) | A custody and federated service apparatus for the digital identity | |
| US20210319116A1 (en) | Systems and methods of access validation using distributed ledger identity management |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |