CN115442804B - Authentication method, apparatus, and computer-readable medium - Google Patents
Authentication method, apparatus, and computer-readable medium Download PDFInfo
- Publication number
- CN115442804B CN115442804B CN202211064283.7A CN202211064283A CN115442804B CN 115442804 B CN115442804 B CN 115442804B CN 202211064283 A CN202211064283 A CN 202211064283A CN 115442804 B CN115442804 B CN 115442804B
- Authority
- CN
- China
- Prior art keywords
- terminal
- authentication
- node
- virtual node
- virtual
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 157
- 238000011156 evaluation Methods 0.000 claims abstract description 196
- 230000005540 biological transmission Effects 0.000 claims abstract description 82
- 230000004044 response Effects 0.000 claims abstract description 44
- 230000008569 process Effects 0.000 claims description 69
- 238000012545 processing Methods 0.000 claims description 63
- 238000012795 verification Methods 0.000 claims description 13
- 238000012797 qualification Methods 0.000 claims description 9
- 238000012854 evaluation process Methods 0.000 claims description 5
- 238000004590 computer program Methods 0.000 claims description 3
- 230000003993 interaction Effects 0.000 claims description 3
- 238000005516 engineering process Methods 0.000 abstract description 19
- 238000007726 management method Methods 0.000 description 74
- 238000011161 development Methods 0.000 description 12
- 238000010586 diagram Methods 0.000 description 7
- 238000004088 simulation Methods 0.000 description 7
- 241000700605 Viruses Species 0.000 description 4
- 238000012790 confirmation Methods 0.000 description 4
- 238000012546 transfer Methods 0.000 description 4
- 101100233916 Saccharomyces cerevisiae (strain ATCC 204508 / S288c) KAR5 gene Proteins 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 238000004891 communication Methods 0.000 description 2
- 238000013461 design Methods 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 230000010354 integration Effects 0.000 description 2
- 238000004519 manufacturing process Methods 0.000 description 2
- 238000010295 mobile communication Methods 0.000 description 2
- 101001121408 Homo sapiens L-amino-acid oxidase Proteins 0.000 description 1
- 101000827703 Homo sapiens Polyphosphoinositide phosphatase Proteins 0.000 description 1
- 102100026388 L-amino-acid oxidase Human genes 0.000 description 1
- 102100023591 Polyphosphoinositide phosphatase Human genes 0.000 description 1
- 101100012902 Saccharomyces cerevisiae (strain ATCC 204508 / S288c) FIG2 gene Proteins 0.000 description 1
- 238000013473 artificial intelligence Methods 0.000 description 1
- 230000003190 augmentative effect Effects 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000010365 information processing Effects 0.000 description 1
- 239000000463 material Substances 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000001737 promoting effect Effects 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 238000013468 resource allocation Methods 0.000 description 1
- 230000002123 temporal effect Effects 0.000 description 1
- 230000009466 transformation Effects 0.000 description 1
- 230000007723 transport mechanism Effects 0.000 description 1
- 238000012384 transportation and delivery Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/03—Protecting confidentiality, e.g. by encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/60—Context-dependent security
- H04W12/69—Identity-dependent
- H04W12/72—Subscriber identity
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
本发明公开了一种认证方法、设备和计算机可读介质,属于计算机技术领域,解决虚拟系统中数据传输的安全隐患问题。该方法包括:通过第一虚拟节点的数据接口接收第二虚拟节点的数据接口的数据传输请求,向第二虚拟节点的数据接口发送认证信息获取请求;通过第一虚拟节点的数据接口接收第二虚拟节点的数据接口响应于认证信息获取请求而返回的认证信息;发送第一广播消息至认证管理系统,接收运营商节点发送至认证管理系统的第二广播消息,从第二广播消息中获取对第二终端的信用评估结果,通过第一虚拟节点根据信用评估结果确定对数据传输请求的响应结果。该方法可以实现虚拟系统中节点之间文件传输的身份认证。
The present invention discloses an authentication method, device and computer-readable medium, which belongs to the field of computer technology and solves the potential safety hazard problem of data transmission in a virtual system. The method includes: receiving a data transmission request of a data interface of a second virtual node through a data interface of a first virtual node, and sending an authentication information acquisition request to the data interface of the second virtual node; receiving authentication information returned by the data interface of the second virtual node in response to the authentication information acquisition request through the data interface of the first virtual node; sending a first broadcast message to an authentication management system, receiving a second broadcast message sent by an operator node to the authentication management system, obtaining a credit evaluation result for a second terminal from the second broadcast message, and determining a response result to the data transmission request through the first virtual node according to the credit evaluation result. The method can realize identity authentication for file transmission between nodes in a virtual system.
Description
技术领域Technical Field
本发明涉及计算机技术领域,具体涉及一种认证方法、设备和计算机可读介质。The present invention relates to the field of computer technology, and in particular to an authentication method, device and computer-readable medium.
背景技术Background technique
元宇宙(Metaverse)是利用科技手段进行链接与创造的,与现实世界映射与交互的虚拟世界,具备新型社会体系的数字生活空间。The Metaverse is a virtual world that is linked and created using technological means, mapped and interacted with the real world, and is a digital living space with a new social system.
在虚拟世界中,若交互对象例如用户之间或者节点之间需要传输数据,则需要验证对方身份的可靠性,才敢接受对方传输的数据包,以避免不法黑客传输的文件带有病毒,给用户的终端带来安全隐患。In the virtual world, if data needs to be transmitted between interacting objects, such as users or nodes, it is necessary to verify the reliability of the other party's identity before accepting the data packets transmitted by the other party to avoid files transmitted by illegal hackers containing viruses, which will bring security risks to the user's terminal.
发明内容Summary of the invention
为此,本发明提供一种认证方法、设备和计算机可读介质,以解决相关技术中在虚拟系统中进行数据传输的安全隐患问题。To this end, the present invention provides an authentication method, device and computer-readable medium to solve the potential security problem of data transmission in a virtual system in the related art.
为了实现上述目的,本发明第一方面提供一种认证方法,该方法应用于认证管理系统中的第一终端,所述第一终端与虚拟系统中的第一虚拟节点相对应;所述认证管理系统中还包括至少一个认证节点和第二终端,所述第二终端与所述虚拟系统中的第二虚拟节点相对应;所述方法包括:In order to achieve the above object, the first aspect of the present invention provides an authentication method, which is applied to a first terminal in an authentication management system, wherein the first terminal corresponds to a first virtual node in a virtual system; the authentication management system further includes at least one authentication node and a second terminal, wherein the second terminal corresponds to a second virtual node in the virtual system; the method comprises:
在确定通过所述第一虚拟节点的数据接口接收到来自所述第二虚拟节点的数据接口的数据传输请求的情况下,通过所述第一虚拟节点的数据接口向所述第二虚拟节点的数据接口发送认证信息获取请求;In a case where it is determined that a data transmission request from the data interface of the second virtual node is received through the data interface of the first virtual node, sending an authentication information acquisition request to the data interface of the second virtual node through the data interface of the first virtual node;
通过所述第一虚拟节点的数据接口,接收所述第二虚拟节点的数据接口响应于所述认证信息获取请求而返回的认证信息;其中,所述认证信息中至少包括所述第二终端的真实号码的加密信息;Receiving, through the data interface of the first virtual node, authentication information returned by the data interface of the second virtual node in response to the authentication information acquisition request; wherein the authentication information at least includes encrypted information of the real number of the second terminal;
生成并发送第一广播消息至所述认证管理系统,所述第一广播消息用于广播所述真实号码的加密信息;Generate and send a first broadcast message to the authentication management system, where the first broadcast message is used to broadcast the encrypted information of the real number;
响应于接收到的所述认证节点发送至所述认证管理系统的第二广播消息,从所述第二广播消息中获取对所述第二终端的信用评估结果,以通过所述第一虚拟节点根据所述信用评估结果确定对所述数据传输请求的响应结果;其中,所述信用评估结果是由所述认证节点对所述真实号码的加密信息进行号码解密和信用评估处理得到的结果。In response to receiving a second broadcast message sent by the authentication node to the authentication management system, a credit evaluation result for the second terminal is obtained from the second broadcast message, so as to determine a response result to the data transmission request through the first virtual node according to the credit evaluation result; wherein the credit evaluation result is a result obtained by the authentication node performing number decryption and credit evaluation processing on the encrypted information of the real number.
其中,所述第一终端的真实号码所对应的认证节点的类型,与所述第二终端的真实号码所对应的认证节点不同;The type of the authentication node corresponding to the real number of the first terminal is different from the type of the authentication node corresponding to the real number of the second terminal;
所述第二终端的真实号码的加密信息,是预先在所述第二虚拟节点存储的经号码加密处理后得到的加密信息;其中,所述加密处理包括:使用所述第二终端的真实号码所对应的认证节点的公钥,按照预定加密算法对所述第二终端的真实号码加密;The encrypted information of the real number of the second terminal is the encrypted information obtained after the number encryption processing and stored in the second virtual node in advance; wherein the encryption processing includes: using the public key of the authentication node corresponding to the real number of the second terminal, encrypting the real number of the second terminal according to a predetermined encryption algorithm;
所述认证信息还包括:所述第二终端的真实号码所对应的运营商的标识;The authentication information also includes: an identifier of the operator corresponding to the real number of the second terminal;
所述生成并发送第一广播消息至所述认证管理系统,包括:The generating and sending the first broadcast message to the authentication management system comprises:
生成第一广播消息,所述第一广播消息中携带有所述第二终端的真实号码所对应的运营商的标识,以及所述第二终端的真实号码的加密信息;Generate a first broadcast message, where the first broadcast message carries an identifier of the operator corresponding to the real number of the second terminal and encrypted information of the real number of the second terminal;
使用所述第一终端的区块链私钥对所述第一广播消息签名,并将签名后的所述第一广播消息发送至所述认证管理系统。The first broadcast message is signed using the blockchain private key of the first terminal, and the signed first broadcast message is sent to the authentication management system.
其中,所述认证节点是归属于运营商的节点,若所述认证节点所属运营商的类别,与所述第二终端的真实号码所对应的运营商的类别相同,则所述认证节点对所述真实号码的加密信息进行的所述号码解密和所述信用评估处理,包括:The authentication node is a node belonging to an operator. If the category of the operator to which the authentication node belongs is the same as the category of the operator corresponding to the real number of the second terminal, the number decryption and credit evaluation processing performed by the authentication node on the encrypted information of the real number includes:
在所述第一广播消息携带第一终端签名的情况下,使用所述第一终端的区块链私钥,对所述第一终端签名进行验证;In the case where the first broadcast message carries the signature of the first terminal, using the blockchain private key of the first terminal to verify the signature of the first terminal;
若对所述第一终端签名验证成功,则使用所述第二终端的真实号码所对应的认证节点的公钥,按照预定加密算法对所述第二终端的真实号码解密,得到解密的所述第二终端的真实号码;If the signature verification of the first terminal succeeds, the public key of the authentication node corresponding to the real number of the second terminal is used to decrypt the real number of the second terminal according to a predetermined encryption algorithm to obtain the decrypted real number of the second terminal;
将解密的所述第二终端的真实号码作为待评估号码,在属于所述认证节点的数据库中查询所述待评估号码的信用评估项的取值,根据所述信用评估项的取值进行信用评估处理,得到信用评估结果。The decrypted real number of the second terminal is used as the number to be evaluated, and the value of the credit evaluation item of the number to be evaluated is queried in the database belonging to the authentication node. Credit evaluation processing is performed according to the value of the credit evaluation item to obtain a credit evaluation result.
其中,所述信用评估项包括所述待评估号码的信用等级和在网时长中的至少一者;所述信用评估处理包括:The credit evaluation item includes at least one of the credit rating and online time of the number to be evaluated; and the credit evaluation process includes:
若所述待评估号码的信用等级的等级值超过预设等级阈值,和/或,所述待评估号码的在网时长超过预设在网时长阈值,则确定所述待评估号码的信用合格,生成包含所述信用合格信息的信用评估结果;If the credit rating of the number to be evaluated exceeds a preset rating threshold, and/or the online time of the number to be evaluated exceeds a preset online time threshold, the credit of the number to be evaluated is determined to be qualified, and a credit evaluation result including the credit qualification information is generated;
根据预设的综合信用评分模型处理所述信用等级和所述在网时长,得到综合信用评估分数,若所述综合信用评估分数超过分数阈值,则确定所述待评估号码信用合格,生成包含所述综合信用评估分数的信用评估结果。The credit level and the online time are processed according to a preset comprehensive credit scoring model to obtain a comprehensive credit evaluation score. If the comprehensive credit evaluation score exceeds a score threshold, it is determined that the number to be evaluated is credit qualified, and a credit evaluation result including the comprehensive credit evaluation score is generated.
其中,在所述根据所述信用评估结果确定对所述数据传输请求的响应结果之后,所述方法还包括如下处理中的至少一种:Wherein, after determining the response result to the data transmission request according to the credit evaluation result, the method further includes at least one of the following processes:
在所述认证管理系统的新区块中记录第一认证过程信息,以将所述第一认证过程信息记录到所述第一终端的区块链账本中;其中,所述第一认证过程信息涉及如下过程的相关信息:从所述第一虚拟节点的数据接口接收到来自所述第二虚拟节点的数据接口的数据传输请求,至通过所述第一虚拟节点根据所述信用评估结果确定对所述数据传输请求的处理过程;Recording first authentication process information in a new block of the authentication management system, so as to record the first authentication process information in the blockchain account book of the first terminal; wherein the first authentication process information involves relevant information of the following process: receiving a data transmission request from a data interface of the first virtual node from a data interface of the second virtual node, to determining, by the first virtual node, a processing process for the data transmission request according to the credit evaluation result;
在对所述第二终端的信用评估结果为信用合格的情况下,在所述第一终端本地保存的白名单列表中添加第二虚拟节点的节点标识,以更新所述第一虚拟节点本地保存的白名单列表。When the credit evaluation result of the second terminal is that the second terminal is credit qualified, the node identifier of the second virtual node is added to the white list locally stored in the first terminal to update the white list locally stored in the first virtual node.
本发明第二方面提供一种认证方法,应用于认证管理系统中的第二终端,所述第二终端与虚拟系统中的第二虚拟节点相对应;所述认证管理系统中还包括认证节点和第一终端,所述第一终端与所述虚拟系统中的第一虚拟节点相对应;所述方法包括:A second aspect of the present invention provides an authentication method, which is applied to a second terminal in an authentication management system, wherein the second terminal corresponds to a second virtual node in a virtual system; the authentication management system further includes an authentication node and a first terminal, wherein the first terminal corresponds to a first virtual node in the virtual system; the method comprises:
在通过所述第二虚拟节点的数据接口发送数据传输请求至所述第一虚拟节点的数据接口之后,通过所述第二虚拟节点的数据接口,接收所述第一虚拟节点的数据接口响应于所述数据传输请求而发送的认证信息获取请求;After sending a data transmission request to the data interface of the first virtual node through the data interface of the second virtual node, receiving, through the data interface of the second virtual node, an authentication information acquisition request sent by the data interface of the first virtual node in response to the data transmission request;
通过所述第二虚拟节点的数据接口响应所述认证信息获取请求而向所述第一虚拟节点返回认证信息;其中,所述认证信息中至少包括所述第二终端的真实号码的加密信息;Responding to the authentication information acquisition request through the data interface of the second virtual node and returning authentication information to the first virtual node; wherein the authentication information at least includes encrypted information of the real number of the second terminal;
其中,所述真实号码的加密信息在所述第一终端被用于生成第一广播消息;所述第一广播消息被发送至所述认证管理系统后,在所述认证节点进行号码解密和信用评估处理后,得到所述第二终端的信用评估结果,以通过所述第一虚拟节点根据所述信用评估结果确定对所述数据传输请求的响应结果;The encryption information of the real number is used to generate a first broadcast message at the first terminal; after the first broadcast message is sent to the authentication management system, the authentication node performs number decryption and credit evaluation processing to obtain a credit evaluation result of the second terminal, so as to determine a response result to the data transmission request according to the credit evaluation result through the first virtual node;
通过所述第二虚拟节点的数据接口,接收来自所述第一虚拟节点的数据接口的与所述信用评估结果对应的数据传输结果。The data transmission result corresponding to the credit evaluation result is received from the data interface of the first virtual node through the data interface of the second virtual node.
其中,所述真实号码的加密信息,是预先在所述第二虚拟节点存储的经号码加密处理后得到的加密信息;在通过所述第二虚拟节点的数据接口发送数据传输请求至所述第一虚拟节点的数据接口之前,所述方法还包括:The encryption information of the real number is the encryption information obtained after the number is encrypted and stored in the second virtual node in advance; before sending the data transmission request to the data interface of the first virtual node through the data interface of the second virtual node, the method further includes:
在所述第二虚拟节点,使用所述第二终端的真实号码所对应的认证节点的公钥,按照预定加密算法对所述第二终端的真实号码加密,得到所述第二终端的真实号码的加密信息。At the second virtual node, the real number of the second terminal is encrypted using the public key of the authentication node corresponding to the real number of the second terminal according to a predetermined encryption algorithm to obtain encrypted information of the real number of the second terminal.
其中,在通过所述第二虚拟节点的数据接口接收所述第一虚拟节点的数据接口发送的与所述信用评估结果对应的数据传输结果之后,所述方法还包括如下处理中的至少一种:After receiving, through the data interface of the second virtual node, a data transmission result corresponding to the credit evaluation result and sent by the data interface of the first virtual node, the method further includes at least one of the following processes:
在所述认证管理系统的新区块中记录第二认证过程信息,以将所述第二认证过程信息记录到所述第二终端的区块链账本中;其中,所述第二认证过程信息涉及如下过程的相关信息:从通过所述第二虚拟节点的数据接口发送数据传输请求至所述第一虚拟节点的数据接口,至通过所述第二虚拟节点的数据接口接收所述第一虚拟节点的数据接口发送的与所述信用评估结果对应的数据传输结果的处理过程;Recording the second authentication process information in a new block of the authentication management system, so as to record the second authentication process information in the blockchain account book of the second terminal; wherein the second authentication process information involves relevant information of the following process: a process from sending a data transmission request to the data interface of the first virtual node through the data interface of the second virtual node to receiving, through the data interface of the second virtual node, a data transmission result corresponding to the credit evaluation result sent by the data interface of the first virtual node;
在对所述第二终端的信用评估结果为信用合格的情况下,通过所述第二虚拟节点,在所述第二虚拟节点本地保存的白名单列表中添加第一虚拟节点的节点标识,以更新所述第二虚拟节点本地保存的白名单列表。When the credit evaluation result of the second terminal is that the credit is qualified, the node identifier of the first virtual node is added to the whitelist list locally stored by the second virtual node through the second virtual node to update the whitelist list locally stored by the second virtual node.
本发明第三方面提供一种认证方法,应用于认证管理系统中的认证节点,所述认证管理系统中还包括第一终端和第二终端,所述第一终端与虚拟系统中的第一虚拟节点相对应,所述第二终端与所述虚拟系统中的第二虚拟节点相对应;所述方法包括:A third aspect of the present invention provides an authentication method, which is applied to an authentication node in an authentication management system, wherein the authentication management system further includes a first terminal and a second terminal, wherein the first terminal corresponds to a first virtual node in a virtual system, and the second terminal corresponds to a second virtual node in the virtual system; the method comprises:
接收所述第一终端发送到所述认证管理系统中的第一广播消息,获取由所述第一广播消息广播的认证信息;其中,所述认证信息用于所述第一虚拟节点对所述第二虚拟节点的身份认证,所述认证信息中至少包括所述第二终端的真实号码的加密信息;receiving a first broadcast message sent by the first terminal to the authentication management system, and acquiring authentication information broadcast by the first broadcast message; wherein the authentication information is used for the first virtual node to authenticate the identity of the second virtual node, and the authentication information at least includes encrypted information of the real number of the second terminal;
其中,所述第一广播消息是所述第一终端通过所述第一虚拟节点的数据接口接收到来自所述第二虚拟节点的数据接口的数据传输请求的情况下,通过所述第一虚拟节点的数据接口向所述第二虚拟节点的数据接口发送认证信息获取请求,并通过所述第一虚拟节点的数据接口,接收所述第二虚拟节点的数据接口响应于所述认证信息获取请求而返回的认证信息之后,生成并发送的广播消息;The first broadcast message is a broadcast message generated and sent after the first terminal receives a data transmission request from the data interface of the second virtual node through the data interface of the first virtual node, sends an authentication information acquisition request to the data interface of the second virtual node through the data interface of the first virtual node, and receives authentication information returned by the data interface of the second virtual node in response to the authentication information acquisition request through the data interface of the first virtual node;
对所述真实号码的加密信息进行号码解密和信用评估处理,得到所述第二终端的信用评估结果;Performing number decryption and credit evaluation processing on the encrypted information of the real number to obtain a credit evaluation result of the second terminal;
生成并发送第二广播消息至所述认证管理系统,所述第二广播消息中携带有所述第二终端的信用评估结果、所述真实号码的加密信息和第一终端的终端标识,以通过第一虚拟节点根据所述信用评估结果确定是否接收通过所述第二虚拟节点传输的文件。Generate and send a second broadcast message to the authentication management system, wherein the second broadcast message carries the credit evaluation result of the second terminal, the encryption information of the real number and the terminal identification of the first terminal, so that the first virtual node determines whether to receive the file transmitted through the second virtual node according to the credit evaluation result.
其中,所述对所述真实号码的加密信息进行号码解密和信用评估处理,得到所述第二终端的信用评估结果,包括:The step of performing number decryption and credit evaluation processing on the encrypted information of the real number to obtain the credit evaluation result of the second terminal includes:
使用当前认证节点自己的私钥按照预定解密算法对所述第二终端的真实号码解密,若当前认证节点是归属于运营商的节点且所属运营商的类别与所述第二终端的真实号码所对应的运营商的类别相同,则解密成功并得到所述第二终端的真实号码;Decrypting the real number of the second terminal using the private key of the current authentication node according to a predetermined decryption algorithm; if the current authentication node is a node belonging to an operator and the type of the operator to which it belongs is the same as the type of the operator corresponding to the real number of the second terminal, the decryption is successful and the real number of the second terminal is obtained;
对所述真实号码的加密信息进行信用评估处理,得到所述第二终端的信用评估结果。A credit evaluation process is performed on the encrypted information of the real number to obtain a credit evaluation result of the second terminal.
其中,所述对所述真实号码的加密信息进行信用评估处理,得到所述第二终端的信用评估结果,包括:The step of performing credit evaluation processing on the encrypted information of the real number to obtain a credit evaluation result of the second terminal includes:
将所述第二终端的真实号码作为待评估号码,在属于所述认证节点的数据库中查询所述待评估号码的信用评估项的取值;Taking the real number of the second terminal as the number to be evaluated, querying the value of the credit evaluation item of the number to be evaluated in the database belonging to the authentication node;
根据所述信用评估项的取值进行信用评估处理,得到信用评估结果;其中,所述信用评估处理包括:Performing credit evaluation processing according to the value of the credit evaluation item to obtain a credit evaluation result; wherein the credit evaluation processing includes:
若所述待评估号码的信用等级的等级值超过预设等级阈值,和/或,所述待评估号码的在网时长超过预设在网时长阈值,则确定所述待评估号码的信用合格,生成包含所述信用合格信息的信用评估结果;If the credit rating of the number to be evaluated exceeds a preset rating threshold, and/or the online time of the number to be evaluated exceeds a preset online time threshold, the credit of the number to be evaluated is determined to be qualified, and a credit evaluation result including the credit qualification information is generated;
根据预设的综合信用评分模型处理所述信用等级和所述在网时长,得到综合信用评估分数,若所述综合信用评估分数超过分数阈值,则确定所述待评估号码信用合格,生成包含所述综合信用评估分数的信用评估结果。The credit level and the online time are processed according to a preset comprehensive credit scoring model to obtain a comprehensive credit evaluation score. If the comprehensive credit evaluation score exceeds a score threshold, it is determined that the number to be evaluated is credit qualified, and a credit evaluation result including the comprehensive credit evaluation score is generated.
本发明第四方面提供一种认证装置,应用于认证管理系统中的第一终端,所述第一终端与虚拟系统中的第一虚拟节点相对应;所述认证管理系统中还包括至少一个认证节点和第二终端,所述第二终端与所述虚拟系统中的第二虚拟节点相对应;所述装置包括:A fourth aspect of the present invention provides an authentication device, which is applied to a first terminal in an authentication management system, wherein the first terminal corresponds to a first virtual node in a virtual system; the authentication management system further includes at least one authentication node and a second terminal, wherein the second terminal corresponds to a second virtual node in the virtual system; the device comprises:
第一发送模块,用于在确定通过所述第一虚拟节点的数据接口接收到来自所述第二虚拟节点的数据接口的数据传输请求的情况下,通过所述第一虚拟节点的数据接口向所述第二虚拟节点的数据接口发送认证信息获取请求;A first sending module, configured to send an authentication information acquisition request to the data interface of the second virtual node through the data interface of the first virtual node when it is determined that a data transmission request from the data interface of the second virtual node is received through the data interface of the first virtual node;
第一接收模块,用于通过所述第一虚拟节点的数据接口,接收所述第二虚拟节点的数据接口响应于所述认证信息获取请求而返回的认证信息;其中,所述认证信息中至少包括所述第二终端的真实号码的加密信息;A first receiving module, configured to receive, through the data interface of the first virtual node, authentication information returned by the data interface of the second virtual node in response to the authentication information acquisition request; wherein the authentication information at least includes encrypted information of the real number of the second terminal;
生成模块,用于生成并发送第一广播消息至所述认证管理系统,所述第一广播消息用于广播所述真实号码的加密信息;A generating module, used for generating and sending a first broadcast message to the authentication management system, wherein the first broadcast message is used for broadcasting the encrypted information of the real number;
确定模块,用于响应于接收到的所述认证节点发送至所述认证管理系统的第二广播消息,从所述第二广播消息中获取对所述第二终端的信用评估结果,以通过所述第一虚拟节点根据所述信用评估结果确定对所述数据传输请求的响应结果;其中,所述信用评估结果是由所述认证节点对所述真实号码的加密信息进行号码解密和信用评估处理得到的结果。A determination module is used to obtain a credit evaluation result of the second terminal from the second broadcast message in response to a second broadcast message received and sent by the authentication node to the authentication management system, so as to determine a response result to the data transmission request through the first virtual node according to the credit evaluation result; wherein the credit evaluation result is a result obtained by the authentication node performing number decryption and credit evaluation processing on the encrypted information of the real number.
本发明第五方面提供一种认证装置,应用于认证管理系统中的第二终端,所述第二终端与虚拟系统中的第二虚拟节点相对应;所述认证管理系统中还包括认证节点和第一终端,所述第一终端与虚拟系统中的第一虚拟节点相对应;所述装置包括:A fifth aspect of the present invention provides an authentication device, which is applied to a second terminal in an authentication management system, wherein the second terminal corresponds to a second virtual node in a virtual system; the authentication management system further includes an authentication node and a first terminal, wherein the first terminal corresponds to a first virtual node in the virtual system; the device includes:
第二接收模块,用于在通过所述第二虚拟节点的数据接口发送数据传输请求至所述第一虚拟节点的数据接口之后,通过所述第二虚拟节点的数据接口,接收所述第一虚拟节点的数据接口响应于所述数据传输请求而发送的认证信息获取请求;A second receiving module is used to receive, through the data interface of the second virtual node, an authentication information acquisition request sent by the data interface of the first virtual node in response to the data transmission request after sending the data transmission request to the data interface of the first virtual node through the data interface of the second virtual node;
第一发送模块,用于通过所述第二虚拟节点的数据接口响应所述认证信息获取请求而向所述第一虚拟节点返回认证信息;其中,所述认证信息中至少包括所述第二终端的真实号码的加密信息;A first sending module, configured to respond to the authentication information acquisition request through the data interface of the second virtual node and return authentication information to the first virtual node; wherein the authentication information at least includes encrypted information of the real number of the second terminal;
其中,所述真实号码的加密信息在所述第一终端被用于生成第一广播消息;所述第一广播消息被发送至所述认证管理系统后,在所述认证节点进行号码解密和信用评估处理后,得到所述第二终端的信用评估结果,以通过所述第一虚拟节点根据所述信用评估结果确定对所述数据传输请求的响应结果;The encryption information of the real number is used to generate a first broadcast message at the first terminal; after the first broadcast message is sent to the authentication management system, the authentication node performs number decryption and credit evaluation processing to obtain a credit evaluation result of the second terminal, so as to determine a response result to the data transmission request according to the credit evaluation result through the first virtual node;
所述第二接收模块,还用于通过所述第二虚拟节点的数据接口,接收来自所述第一虚拟节点的数据接口的与所述信用评估结果对应的数据传输结果。The second receiving module is further configured to receive, through the data interface of the second virtual node, a data transmission result corresponding to the credit evaluation result from the data interface of the first virtual node.
本发明第六方面提供一种认证装置,应用于认证管理系统中的认证节点,所述认证管理系统中还包括第一终端和第二终端,所述第一终端与虚拟系统中的第一虚拟节点相对应,所述第二终端与所述虚拟系统中的第二虚拟节点相对应;所述装置包括:A sixth aspect of the present invention provides an authentication device, which is applied to an authentication node in an authentication management system, wherein the authentication management system further includes a first terminal and a second terminal, wherein the first terminal corresponds to a first virtual node in a virtual system, and the second terminal corresponds to a second virtual node in the virtual system; the device includes:
第三接收模块,用于接收所述第一终端发送到所述认证管理系统中的第一广播消息,获取由所述第一广播消息广播的所述第二虚拟节点的认证信息;其中,所述认证信息用于所述第一虚拟节点对所述第二虚拟节点的身份认证,所述认证信息中至少包括所述第二终端的真实号码的加密信息;a third receiving module, configured to receive a first broadcast message sent by the first terminal to the authentication management system, and obtain authentication information of the second virtual node broadcast by the first broadcast message; wherein the authentication information is used by the first virtual node to authenticate the identity of the second virtual node, and the authentication information at least includes encrypted information of the real number of the second terminal;
其中,所述第一广播消息是所述第一终端通过所述第一虚拟节点的数据接口接收到来自所述第二虚拟节点的数据接口的数据传输请求的情况下,通过所述第一虚拟节点的数据接口向所述第二虚拟节点的数据接口发送认证信息获取请求,并通过所述第一虚拟节点的数据接口,接收所述第二虚拟节点的数据接口响应于所述认证信息获取请求而返回的认证信息之后,生成并发送的广播消息;The first broadcast message is a broadcast message generated and sent after the first terminal receives a data transmission request from the data interface of the second virtual node through the data interface of the first virtual node, sends an authentication information acquisition request to the data interface of the second virtual node through the data interface of the first virtual node, and receives authentication information returned by the data interface of the second virtual node in response to the authentication information acquisition request through the data interface of the first virtual node;
解密和评估模块,用于对所述真实号码的加密信息进行号码解密和信用评估处理,得到所述第二终端的信用评估结果;A decryption and evaluation module, used to perform number decryption and credit evaluation processing on the encrypted information of the real number to obtain a credit evaluation result of the second terminal;
第三发送模块,用于生成并发送第二广播消息至所述认证管理系统,所述第二广播消息中携带有所述第二终端的信用评估结果、所述真实号码的加密信息和第一终端的终端标识,以通过第一虚拟节点根据所述信用评估结果确定是否接收通过所述第二虚拟节点传输的文件。The third sending module is used to generate and send a second broadcast message to the authentication management system, wherein the second broadcast message carries the credit evaluation result of the second terminal, the encryption information of the real number and the terminal identification of the first terminal, so as to determine whether to receive the file transmitted through the second virtual node through the first virtual node according to the credit evaluation result.
本发明第七方面提供一种电子设备,包括:一个或多个处理器;存储器,其上存储有一个或多个程序,当所述一个或多个程序被所述一个或多个处理器执行,使得所述一个或多个处理器实现本发明的认证方法;一个或多个I/O接口,连接在所述处理器与存储器之间,配置为实现所述处理器与存储器的信息交互。The seventh aspect of the present invention provides an electronic device, comprising: one or more processors; a memory on which one or more programs are stored, and when the one or more programs are executed by the one or more processors, the one or more processors implement the authentication method of the present invention; one or more I/O interfaces, connected between the processor and the memory, configured to implement information interaction between the processor and the memory.
本发明第八方面提供一种计算机可读介质,其上存储有计算机程序,所述程序被处理器执行时实现根据本发明上述一种认证方法。An eighth aspect of the present invention provides a computer-readable medium having a computer program stored thereon, which, when executed by a processor, implements the above-mentioned authentication method according to the present invention.
本发明具有如下优点:本发明提出一种对虚拟系统中的虚拟节点的身份可靠性的认证方法,使用该认证方法,可以将虚拟系统中的虚拟节点之间身份的可靠性的确认和现实世界的认证节点的数据相结合,解决虚拟系统数据传输的安全隐患问题;实现虚拟系统内的节点的安全身份认证,以便于认可通过后才可以接收对方传输的数据。随着虚拟系统进一步发展,对整个现实世界的模拟程度加强,在虚拟世界里形成可信任的认证体系,促进了虚拟技术的应用和发展。The present invention has the following advantages: the present invention proposes an authentication method for the reliability of the identity of a virtual node in a virtual system. By using this authentication method, the reliability of the identity between virtual nodes in the virtual system can be confirmed and the data of the authentication node in the real world can be combined to solve the potential safety hazard of data transmission in the virtual system; the security identity authentication of the nodes in the virtual system is realized so that the data transmitted by the other party can be received only after the approval is passed. With the further development of the virtual system, the simulation degree of the entire real world is strengthened, and a trustworthy authentication system is formed in the virtual world, which promotes the application and development of virtual technology.
附图说明BRIEF DESCRIPTION OF THE DRAWINGS
附图是用来提供对本发明的进一步理解,并且构成说明书的一部分,与下面的具体实施方式一起用于解释本发明,但并不构成对本发明的限制。The accompanying drawings are used to provide further understanding of the present invention and constitute a part of the specification. Together with the following specific embodiments, they are used to explain the present invention, but do not constitute a limitation of the present invention.
图1为本发明实施例提供的一种认证方法的流程图;FIG1 is a flow chart of an authentication method provided by an embodiment of the present invention;
图2为本发明实施例提供的一种认证方法的流程图;FIG2 is a flow chart of an authentication method provided by an embodiment of the present invention;
图3为本发明实施例提供的一种认证方法的流程图;FIG3 is a flow chart of an authentication method provided by an embodiment of the present invention;
图4为本发明示例性实施例的认证方法的流程图;FIG4 is a flow chart of an authentication method according to an exemplary embodiment of the present invention;
图5为本发明实施例提供的一种认证装置的结构图;FIG5 is a structural diagram of an authentication device provided by an embodiment of the present invention;
图6为本发明实施例提供的一种认证装置的结构图;FIG6 is a structural diagram of an authentication device provided by an embodiment of the present invention;
图7为本发明实施例提供的一种认证装置的结构图;FIG7 is a structural diagram of an authentication device provided by an embodiment of the present invention;
图8为本发明实施例提供的一种电子设备的结构图。FIG8 is a structural diagram of an electronic device provided by an embodiment of the present invention.
具体实施方式Detailed ways
以下结合附图对本发明的具体实施方式进行详细说明。应当理解的是,此处所描述的具体实施方式仅用于说明和解释本发明,并不用于限制本发明。The specific implementation of the present invention is described in detail below in conjunction with the accompanying drawings. It should be understood that the specific implementation described here is only used to illustrate and explain the present invention, and is not used to limit the present invention.
如本发明所使用的,术语“和/或”包括一个或多个相关列举条目的任何和全部组合。As used herein, the term "and/or" includes any and all combinations of one or more of the associated listed items.
本发明所使用的术语仅用于描述特定实施例,且不意欲限制本发明。如本发明所使用的,单数形式“一个”和“该”也意欲包括复数形式,除非上下文另外清楚指出。The terms used in the present invention are only used to describe specific embodiments and are not intended to limit the present invention. As used in the present invention, the singular forms "a", "an" and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise.
当本发明中使用术语“包括”和/或“由……制成”时,指定存在所述特征、整体、步骤、操作、元件和/或组件,但不排除存在或添加一个或多个其它特征、整体、步骤、操作、元件、组件和/或其群组。When the terms “comprising” and/or “made of…” are used in the present invention, it specifies the existence of the stated features, integers, steps, operations, elements and/or components, but does not exclude the existence or addition of one or more other features, integers, steps, operations, elements, components and/or groups thereof.
本发明所述实施例可借助本发明的理想示意图而参考平面图和/或截面图进行描述。因此,可根据制造技术和/或容限来修改示例图示。The embodiments of the present invention may be described with reference to plan views and/or cross-sectional views by way of ideal schematic views of the present invention. Therefore, the exemplary illustrations may be modified according to manufacturing techniques and/or tolerances.
除非另外限定,否则本发明所用的全部术语(包括技术和科学术语)的含义与本领域普通技术人员通常理解的含义相同。还将理解,诸如那些在常用字典中限定的那些术语应当被解释为具有与其在相关技术以及本发明的背景下的含义一致的含义,且将不解释为具有理想化或过度形式上的含义,除非本发明明确如此限定。Unless otherwise defined, all terms (including technical and scientific terms) used in the present invention have the same meaning as those commonly understood by those of ordinary skill in the art. It will also be understood that terms such as those defined in commonly used dictionaries should be interpreted as having a meaning consistent with their meaning in the context of the relevant art and the present invention, and will not be interpreted as having an idealized or overly formal meaning unless the present invention clearly defines it as such.
在本发明实施例中,元宇宙本质上是对现实世界的虚拟化、数字化过程,需要对内容生产、经济系统、用户体验以及实体世界内容等进行大量改造。但元宇宙的发展是循序渐进的,是在共享的基础设施、标准及协议的支撑下,由众多工具、平台不断融合、进化而最终成形。它基于扩展现实技术提供沉浸式体验,基于数字孪生技术生成现实世界的镜像,基于区块链技术搭建经济体系,将虚拟世界与现实世界在经济系统、社交系统、身份系统上密切融合,并且允许每个用户进行内容生产和世界编辑。从时空性来看,元宇宙是一个空间维度上虚拟而时间维度上真实的数字世界;从真实性来看,元宇宙中既有现实世界的数字化复制物,也有虚拟世界的创造物;从独立性来看,元宇宙是一个与外部真实世界既紧密相连,又高度独立的平行空间;从连接性来看,元宇宙是一个把网络、硬件终端和用户囊括进来的一个永续的、广覆盖的虚拟现实系统。In the embodiment of the present invention, the metaverse is essentially a virtualization and digitization process of the real world, which requires a lot of transformation of content production, economic system, user experience and content in the physical world. However, the development of the metaverse is gradual. It is supported by shared infrastructure, standards and protocols, and is finally formed by the continuous integration and evolution of many tools and platforms. It provides an immersive experience based on extended reality technology, generates a mirror image of the real world based on digital twin technology, builds an economic system based on blockchain technology, and closely integrates the virtual world with the real world in the economic system, social system, and identity system, and allows each user to produce content and edit the world. From the perspective of time and space, the metaverse is a digital world that is virtual in the spatial dimension and real in the temporal dimension; from the perspective of authenticity, the metaverse contains both digital replicas of the real world and creations of the virtual world; from the perspective of independence, the metaverse is a parallel space that is closely connected to the external real world and highly independent; from the perspective of connectivity, the metaverse is a sustainable and wide-coverage virtual reality system that includes networks, hardware terminals and users.
根据相关学者的研究和技术资料的记载,元宇宙本身不是一种技术,而是一个理念和概念,它需要整合不同的新技术,如第五代移动通信技术(5th Generation MobileCommunication Technology,5G)、第六代移动通信技术(6th Generation MobileCommunication Technology,6G)、人工智能、大数据等,强调虚实相融。According to the research of relevant scholars and records of technical data, the metaverse itself is not a technology, but an idea and concept. It needs to integrate different new technologies, such as the fifth generation mobile communication technology (5G), the sixth generation mobile communication technology (6G), artificial intelligence, big data, etc., emphasizing the integration of virtual and real.
元宇宙主要有以下几项核心技术:一是扩展现实技术,包括虚拟现实(VirtualReality,VR)和增强现实(Augmented Reality,AR)。扩展现实技术可以提供沉浸式的体验,可以解决手机解决不了的问题。二是数字孪生,能够把现实世界镜像到虚拟世界里面去。这也意味着在元宇宙里面,我们可以看到很多自己的虚拟分身。三是用区块链来搭建经济体系。随着元宇宙进一步发展,对整个现实世界的模拟程度加强,我们在元宇宙当中还可以进行一系列资源交换处理,例如资源获取和资源分配,再例如进行经济活动例如费用支出、费用进账、花钱、赚钱等,从而在虚拟世界里同样形成资源体系、经济体系等。The Metaverse mainly has the following core technologies: First, extended reality technology, including virtual reality (VR) and augmented reality (AR). Extended reality technology can provide an immersive experience and solve problems that mobile phones cannot solve. Second, digital twins can mirror the real world into the virtual world. This also means that in the Metaverse, we can see many of our own virtual avatars. The third is to use blockchain to build an economic system. As the Metaverse develops further and the degree of simulation of the entire real world is strengthened, we can also carry out a series of resource exchange processes in the Metaverse, such as resource acquisition and resource allocation, and for example, economic activities such as expense expenditure, expense income, spending money, making money, etc., thereby forming a resource system and economic system in the virtual world.
由于目前对元宇宙的具体设想还停留在概念性阶段,缺乏具体的技术实现方式和核心架构。而且元宇宙这个虚拟世界中,既然交互双方例如用户和用户之间或者节点和节点之间需要传输数据,那么就需要先验证对方身份的可靠性,再接受对方传输的数据包,避免不法黑客传输的文件带有病毒给用户的终端带来安全隐患。基于此,本发明可以提供一种认证方法、设备和计算机可读介质,解决如何验证元宇宙中节点的身份的安全可靠性的问题。Since the specific conception of the Metaverse is still in the conceptual stage, there is a lack of specific technical implementation methods and core architecture. Moreover, in the virtual world of the Metaverse, since the two interacting parties, such as users and users or nodes and nodes, need to transmit data, they need to verify the reliability of the other party's identity before accepting the data packet transmitted by the other party to avoid the files transmitted by illegal hackers containing viruses and posing a security risk to the user's terminal. Based on this, the present invention can provide an authentication method, device and computer-readable medium to solve the problem of how to verify the security and reliability of the identity of nodes in the Metaverse.
下面结合附图,详细描述本发明实施例的认证方法、设备和计算机可读介质。下面各实施例均可以应用于本实施例的系统架构。为了描述简洁,下面各个实施例可以相互参考和引用。The following describes in detail the authentication method, device and computer readable medium of the embodiments of the present invention in conjunction with the accompanying drawings. The following embodiments can be applied to the system architecture of the present embodiment. For the sake of brevity, the following embodiments can be referenced and quoted to each other.
本发明实施例的认证方法涉及两个不同系统,该两个系统之间的节点存在一一对应关系。例如两个不同系统包括认证管理系统和虚拟系统;该虚拟系统中的节点之间进行数据传输时,需要先验证对方身份的可靠性,再接受对方传输的数据包。The authentication method of the embodiment of the present invention involves two different systems, and there is a one-to-one correspondence between the nodes of the two systems. For example, the two different systems include an authentication management system and a virtual system; when data is transmitted between nodes in the virtual system, it is necessary to first verify the reliability of the other party's identity and then accept the data packet transmitted by the other party.
本发明实施例的认证管理系统和虚拟系统可以涉及两个时间和空间平行的世界,示例性地,认证管理系统对应真实世界(也称真实场景、现实世界,例如认证管理系统可以是区块链系统),虚拟系统可以对应虚拟世界(例如虚拟系统可以是元宇宙系统)。The authentication management system and virtual system of the embodiment of the present invention may involve two parallel worlds in time and space. Exemplarily, the authentication management system corresponds to the real world (also called the real scene, the real world, for example, the authentication management system may be a blockchain system), and the virtual system may correspond to the virtual world (for example, the virtual system may be a metaverse system).
为了便于理解,在下述实施例的描述中,可以将认证管理系统中的第一终端称为是节点B,将认证管理系统中的第二终端称为是节点A;将虚拟系统中的第一虚拟节点称为是节点D,将第二虚拟节点称为是节点C;其中,虚拟系统中的节点B与虚拟系统中节点D相对应,认证管理系统中的节点A与认证管理系统中节点C相对应。For ease of understanding, in the description of the following embodiments, the first terminal in the authentication management system may be referred to as node B, and the second terminal in the authentication management system may be referred to as node A; the first virtual node in the virtual system may be referred to as node D, and the second virtual node may be referred to as node C; wherein node B in the virtual system corresponds to node D in the virtual system, and node A in the authentication management system corresponds to node C in the authentication management system.
在本发明实施例中,在认证管理系统是区块链系统,虚拟系统是元宇宙系统(简称元宇宙)的情况下,区块链系统中的节点A与元宇宙系统中的节点C相对应,区块链系统中的节点B和元宇宙系统中的节点D。In an embodiment of the present invention, when the authentication management system is a blockchain system and the virtual system is a metaverse system (referred to as Metaverse), node A in the blockchain system corresponds to node C in the Metaverse system, and node B in the blockchain system corresponds to node D in the Metaverse system.
第一方面,本发明实施例提供一种认证方法;该认证方法可以应用于认证管理系统中的第一终端,第一终端与虚拟系统中的第一虚拟节点相对应;认证管理系统中还包括至少一个认证节点和第二终端,第二终端与虚拟系统中的第二虚拟节点相对应。In a first aspect, an embodiment of the present invention provides an authentication method; the authentication method can be applied to a first terminal in an authentication management system, and the first terminal corresponds to a first virtual node in a virtual system; the authentication management system also includes at least one authentication node and a second terminal, and the second terminal corresponds to a second virtual node in the virtual system.
图1是示出根据本发明实施例的认证方法的流程图。如图1所示,本发明实施例中的认证方法包括以下步骤。Fig. 1 is a flow chart showing an authentication method according to an embodiment of the present invention. As shown in Fig. 1, the authentication method in the embodiment of the present invention includes the following steps.
步骤S110,在确定通过第一虚拟节点的数据接口接收到来自第二虚拟节点的数据接口的数据传输请求的情况下,通过第一虚拟节点的数据接口向第二虚拟节点的数据接口发送认证信息获取请求。Step S110: When it is determined that a data transmission request from a data interface of a second virtual node is received through the data interface of the first virtual node, an authentication information acquisition request is sent to the data interface of the second virtual node through the data interface of the first virtual node.
示例性地,虚拟系统中的第一虚拟节点(例如节点D)接收到第二虚拟节点(例如节点C)的数据传输请求,说明虚拟系统中的节点C中要向虚拟系统中的节点D传输数据;在没有对节点C进行身份认证的情况下,节点D若直接接受虚拟系统里的陌生节点传输的文件,则会存在文件中包含病毒的安全隐患;因此,节点D向节点C发起认证信息获取请求,认证信息获取请求中可以包含挑战信息,通过该挑战信息询问:节点C所属的现实世界中的对应节点(例如节点A)所对应的运营商的标识、以及节点C所属的现实世界中的对应节点的手机号码的加密文件。Exemplarily, the first virtual node in the virtual system (for example, node D) receives a data transmission request from the second virtual node (for example, node C), indicating that node C in the virtual system wants to transmit data to node D in the virtual system; without authenticating the identity of node C, if node D directly accepts files transmitted by unfamiliar nodes in the virtual system, there will be a security risk that the files contain viruses; therefore, node D initiates an authentication information acquisition request to node C, and the authentication information acquisition request may include challenge information, through which the challenge information is used to inquire: the identifier of the operator corresponding to the corresponding node in the real world to which node C belongs (for example, node A), and the encrypted file of the mobile phone number of the corresponding node in the real world to which node C belongs.
步骤S120,通过第一虚拟节点的数据接口,接收第二虚拟节点的数据接口响应于认证信息获取请求而返回的认证信息;其中,认证信息中至少包括第二终端的真实号码的加密信息。Step S120: receiving, via the data interface of the first virtual node, authentication information returned by the data interface of the second virtual node in response to the authentication information acquisition request; wherein the authentication information at least includes encrypted information of the real number of the second terminal.
步骤S130,生成并发送第一广播消息至认证管理系统,第一广播消息用于广播该真实号码的加密信息。Step S130: Generate and send a first broadcast message to the authentication management system, where the first broadcast message is used to broadcast the encrypted information of the real number.
步骤S140,响应于接收到的认证节点发送至认证管理系统的第二广播消息,从第二广播消息中获取对第二终端的信用评估结果,以通过第一虚拟节点根据信用评估结果确定对数据传输请求的响应结果;其中,信用评估结果是由认证节点对真实号码的加密信息进行号码解密和信用评估处理得到的结果。Step S140, in response to the second broadcast message sent by the received authentication node to the authentication management system, obtain the credit evaluation result of the second terminal from the second broadcast message, so as to determine the response result of the data transmission request through the first virtual node according to the credit evaluation result; wherein the credit evaluation result is the result obtained by the authentication node performing number decryption and credit evaluation processing on the encrypted information of the real number.
根据本发明实施例的认证方法,提出一种基于对虚拟系统中的虚拟节点的身份可靠性的认证方法,使用该认证方法,可以将虚拟系统中的虚拟节点之间身份的可靠性的确认和现实世界的认证节点的数据相结合,解决虚拟系统数据传输的安全隐患问题;实现虚拟系统内的节点的安全身份认证,以便于认可通过后才可以接收对方传输的数据。随着虚拟系统进一步发展,对整个现实世界的模拟程度加强,在虚拟世界里形成可信任的认证体系,促进了虚拟技术的应用和发展。According to the authentication method of the embodiment of the present invention, an authentication method based on the reliability of the identity of the virtual node in the virtual system is proposed. By using this authentication method, the reliability of the identity between the virtual nodes in the virtual system can be confirmed and the data of the authentication node in the real world can be combined to solve the potential security problems of data transmission in the virtual system; the security identity authentication of the nodes in the virtual system is realized so that the data transmitted by the other party can be received only after approval. With the further development of the virtual system, the simulation degree of the entire real world is strengthened, and a trustworthy authentication system is formed in the virtual world, which promotes the application and development of virtual technology.
在一些实施例中,第一终端的真实号码所对应的认证节点的类型,与第二终端的真实号码所对应的认证节点不同。In some embodiments, the type of authentication node corresponding to the real number of the first terminal is different from the type of authentication node corresponding to the real number of the second terminal.
作为示例,第一终端的真实号码包括第一终端在真实世界中的电话号码;作为示例,本发明实施例中的运营商包括不同类别,示例性地,运营商的类别也可以通过运营商名称来确定,例如不同类别的运营商可以包括如下运营商中的至少一种:联通、移动、电信。As an example, the real number of the first terminal includes the telephone number of the first terminal in the real world; as an example, the operators in the embodiment of the present invention include different categories. Exemplarily, the category of the operator can also be determined by the operator name. For example, different categories of operators can include at least one of the following operators: China Unicom, China Mobile, and China Telecom.
作为示例:现实世界中的区块链系统作为认证管理系统时,该区块链系统的中节点包括:至少两个区块链节点,例如节点A、节点B等节点;至少一个类型的运营商节点,例如运营商联通节点、运营商移动节点、运营商电信节点等运营商节点,并且,多个运营商节点可以共同作为本区块链的创始人节点,每个运营商节点的公钥和身份标识写入到创世区块中。本发明实施例中,多个表示至少两个。As an example: When a blockchain system in the real world is used as an authentication management system, the middle nodes of the blockchain system include: at least two blockchain nodes, such as node A, node B, etc.; at least one type of operator node, such as operator Unicom node, operator mobile node, operator telecom node, etc., and multiple operator nodes can be used as the founder node of this blockchain together, and the public key and identity of each operator node are written into the genesis block. In the embodiment of the present invention, multiple means at least two.
作为示例,节点A和节点B分别在现实世界的认证管理系统(区块链系统)和虚拟系统中都有自己对应的身份和标识;以及,节点A和节点B现实世界的手机号码分别是186xxxxxxxx,138xxxxxxxx。该两个手机号码的运营商的类别不同。节点A和节点B一个是现实世界的手机号码所属运营商为联通运营商的节点,一个是现实世界的手机号码所属运营商为移动运营商的用户的节点。As an example, node A and node B have their own corresponding identities and identifications in the real-world authentication management system (blockchain system) and the virtual system respectively; and the real-world mobile phone numbers of node A and node B are 186xxxxxxxx and 138xxxxxxxx respectively. The categories of operators of the two mobile phone numbers are different. Node A and node B are nodes whose real-world mobile phone number belongs to China Unicom operator and whose real-world mobile phone number belongs to China Mobile operator.
本发明实施例中的两个终端对应两个节点(例如节点B和节点D)所对应的运营商可以是不同的两个运营商;应理解,当该两个节点所对应的运营商为同一运营商时,同样使用于该认证方法。In the embodiment of the present invention, the operators corresponding to the two nodes (for example, node B and node D) corresponding to the two terminals may be two different operators; it should be understood that when the operators corresponding to the two nodes are the same operator, the authentication method is also used.
在一些实施例中,第二终端的真实号码的加密信息,是预先在第二虚拟节点存储的经号码加密处理后得到的加密信息;其中,加密处理包括:使用第二终端的真实号码所对应的认证节点的公钥,按照预定加密算法对第二终端的真实号码加密。In some embodiments, the encryption information of the real number of the second terminal is the encrypted information obtained after the number encryption processing and stored in the second virtual node in advance; wherein, the encryption processing includes: using the public key of the authentication node corresponding to the real number of the second terminal, and encrypting the real number of the second terminal according to a predetermined encryption algorithm.
在一些实施例中,虚拟系统中的虚拟节点可以保存有:节点本身所对应的现实世界的终端的手机号码的使用了本手机号码所对应的运营商节点的公钥,按照预先约定的算法加密得到的加密文件。In some embodiments, a virtual node in a virtual system may store: an encrypted file of the mobile phone number of a real-world terminal corresponding to the node itself, which is encrypted using the public key of the operator node corresponding to the mobile phone number according to a pre-agreed algorithm.
在本发明实施例中,虚拟系统中的虚拟节点之所以要使用该加密文件,是因为可以对所对应的现实世界的终端的手机号码进行保密,不需要虚拟系统中的其他虚拟节点和现实世界的其他终端知道该手机号码的明文,提升了验证过程的安全性。In the embodiment of the present invention, the reason why the virtual nodes in the virtual system use the encrypted file is that the mobile phone number of the corresponding real-world terminal can be kept confidential. There is no need for other virtual nodes in the virtual system and other terminals in the real world to know the plain text of the mobile phone number, thereby improving the security of the verification process.
作为示例,节点C保存有使用所对应的现实世界的节点A对应的联通节点的公钥按照预先约定的算法加密的节点A的手机号码186xxxxxxxx所对应的加密文件1;节点C使用加密文件1,可以对节点A的手机号码进行保密,从而不需要节点D和节点B知道该手机号码的明文,进而可以提高验证过程的安全性。As an example, node C stores an encrypted file 1 corresponding to node A's mobile phone number 186xxxxxxxx, which is encrypted using the public key of the connected node corresponding to the corresponding real-world node A according to a pre-agreed algorithm; node C uses encrypted file 1 to keep node A's mobile phone number confidential, thereby eliminating the need for node D and node B to know the plaintext of the mobile phone number, thereby improving the security of the verification process.
步骤S130中生成并发送第一广播消息至认证管理系统的步骤,具体可以包括如下步骤。The step of generating and sending the first broadcast message to the authentication management system in step S130 may specifically include the following steps.
S11,生成第一广播消息,第一广播消息中携带有第二终端的真实号码所对应的运营商的标识,以及第二终端的真实号码的加密信息;S12,使用第一终端的区块链私钥对第一广播消息签名,并将签名后的第一广播消息发送至认证管理系统。S11, generate a first broadcast message, the first broadcast message carries the identifier of the operator corresponding to the real number of the second terminal, and the encrypted information of the real number of the second terminal; S12, use the blockchain private key of the first terminal to sign the first broadcast message, and send the signed first broadcast message to the authentication management system.
在该实施例中,第一终端发送到认证管理系统中的广播消息中,携带第一终端在真实世界中的电话号码的加密文件,而不是具体的手机号码,则可以让其他节点也不知道该手机号码,并且只有该手机号码对应的运营商节点才可以对该加密文件进行解密,大大提升了身份认证过程的安全性。In this embodiment, the first terminal sends a broadcast message to the authentication management system, which carries an encrypted file of the first terminal's real-world telephone number instead of a specific mobile phone number. This allows other nodes to be unaware of the mobile phone number, and only the operator node corresponding to the mobile phone number can decrypt the encrypted file, greatly improving the security of the identity authentication process.
在一些实施例中,认证节点是归属于运营商的节点,若认证节点所属运营商的类别,与第二终端的真实号码所对应的运营商的类别相同,则运营商节点对电话号码的加密信息进行的解密和信息评估处理,包括如下步骤。In some embodiments, the authentication node is a node belonging to an operator. If the category of the operator to which the authentication node belongs is the same as the category of the operator corresponding to the real number of the second terminal, the operator node decrypts and evaluates the encrypted information of the telephone number, including the following steps.
S21,在第一广播消息携带第一终端签名的情况下,使用第一终端的区块链私钥,对第一终端签名进行验证。S21, when the first broadcast message carries the signature of the first terminal, use the blockchain private key of the first terminal to verify the signature of the first terminal.
S22,若对第一终端签名验证成功,则使用第二终端的真实号码所对应的认证节点的公钥,按照预定加密算法对第二终端的真实号码解密,得到解密的第二终端的真实号码。S22, if the signature verification of the first terminal is successful, the public key of the authentication node corresponding to the real number of the second terminal is used to decrypt the real number of the second terminal according to a predetermined encryption algorithm to obtain the decrypted real number of the second terminal.
S23,将解密的第二终端的真实号码作为待评估号码,在属于认证节点的数据库中查询待评估号码的信用评估项的取值,根据信用评估项的取值进行信用评估处理,得到信用评估结果。S23, taking the decrypted real number of the second terminal as the number to be evaluated, querying the value of the credit evaluation item of the number to be evaluated in the database belonging to the authentication node, performing credit evaluation processing according to the value of the credit evaluation item, and obtaining a credit evaluation result.
通过上述步骤S21-S23,区块链中的运营商节点可以根据自己的数据库内查询到的该手机号码的信用评估项的相关信息,进而根据查询到的上述信息进行信用评估处理,生成信用评估结果。Through the above steps S21-S23, the operator node in the blockchain can perform credit evaluation processing based on the relevant information of the credit evaluation items of the mobile phone number queried in its own database, and generate a credit evaluation result based on the queried information.
在一些实施例中,认证信息还包括第二终端的真实号码所对应的运营商的标识。In some embodiments, the authentication information also includes an identifier of the operator corresponding to the real number of the second terminal.
在该实施例中,若上述步骤S120中的认证信息中既包括:第二终端在真实世界中的电话号码所对应的运营商的标识,还包括:第二终端在真实世界中的电话号码的加密文件;则当前运营商节点可以从第一广播消息中提取出该加密文件和运营商的标识;此时,若当前运营商节点所对应的运营商的标识与提取出的该运营商的标识不同,则可以停止后续的号码解密和信用评估操作,从而提高数据处理效率。In this embodiment, if the authentication information in the above step S120 includes both: the identifier of the operator corresponding to the telephone number of the second terminal in the real world, and the encrypted file of the telephone number of the second terminal in the real world; the current operator node can extract the encrypted file and the operator identifier from the first broadcast message; at this time, if the operator identifier corresponding to the current operator node is different from the extracted operator identifier, the subsequent number decryption and credit assessment operations can be stopped, thereby improving data processing efficiency.
在另一些实施例中,认证信息中可以包括第二终端在真实世界中的电话号码的加密信息;此时,当前运营商节点可以从第一广播消息中提取出该加密文件,对该加密文件进行号码解密后,得到第二终端在真实世界中的电话号码;此时,若当前运营商节点所对应的运营商的标识与提取出的电话号码对应的运营商的标识不同时,则可以停止后续的信用评估操作。上述过程可以减少广播消息中携带的信息量,减少网络中的数据传输量,提高数据传输效率。In other embodiments, the authentication information may include encrypted information of the phone number of the second terminal in the real world; at this time, the current operator node may extract the encrypted file from the first broadcast message, decrypt the encrypted file by number, and obtain the phone number of the second terminal in the real world; at this time, if the operator identifier corresponding to the current operator node is different from the operator identifier corresponding to the extracted phone number, the subsequent credit evaluation operation may be stopped. The above process can reduce the amount of information carried in the broadcast message, reduce the amount of data transmission in the network, and improve data transmission efficiency.
在实际应用场景中,可以根据实际需要确定第一广播消息中携带的认证信息中携带的具体内容,本发明实施例不做具体限定。In actual application scenarios, the specific content carried in the authentication information carried in the first broadcast message may be determined according to actual needs, and the embodiment of the present invention does not make any specific limitation.
在一些实施例中,信用评估项包括待评估号码的信用等级和在网时长中的至少一者;步骤S23中的信用评估处理可以包括如下步骤。In some embodiments, the credit evaluation item includes at least one of the credit rating and online time of the number to be evaluated; the credit evaluation process in step S23 may include the following steps.
S31,若待评估号码的信用等级的等级值超过预设等级阈值,和/或,待评估号码的在网时长超过预设在网时长阈值,则确定待评估号码的信用合格,生成包含信用合格信息的信用评估结果;S32,根据预设的综合信用评分模型处理信用等级和在网时长,得到综合信用评估分数,若综合信用评估分数超过分数阈值,则确定待评估号码信用合格,生成包含综合信用评估分数的信用评估结果。S31, if the grade value of the credit grade of the number to be evaluated exceeds the preset grade threshold, and/or the online time of the number to be evaluated exceeds the preset online time threshold, the credit of the number to be evaluated is determined to be qualified, and a credit evaluation result including credit qualification information is generated; S32, the credit grade and online time are processed according to the preset comprehensive credit scoring model to obtain a comprehensive credit evaluation score. If the comprehensive credit evaluation score exceeds the score threshold, the credit of the number to be evaluated is determined to be qualified, and a credit evaluation result including the comprehensive credit evaluation score is generated.
通过上述步骤S31和S32,区块链节点可以根据待评估号码的信用等级和在网时长中的至少一者进行信用评估处理,得到待评估号码信用合格或不合格的评估结果(对应定性结果)和/或得到待评估号码的综合信用评估分数(对应量化结果)。Through the above steps S31 and S32, the blockchain node can perform credit assessment processing based on at least one of the credit level and online time of the number to be assessed, and obtain an assessment result of whether the number to be assessed is credit qualified or unqualified (corresponding to a qualitative result) and/or obtain a comprehensive credit assessment score of the number to be assessed (corresponding to a quantitative result).
在一些实施例中,在步骤S140之后,认证方法还包括如下处理中的至少一种:S150,在认证管理系统的新区块中记录第一认证过程信息,以将第一认证过程信息记录到第一终端的区块链账本中;其中,第一认证过程信息涉及如下过程的相关信息:从第一虚拟节点的数据接口接收到来自第二虚拟节点的数据接口的数据传输请求,至通过第一虚拟节点根据信用评估结果确定对数据传输请求的处理过程。In some embodiments, after step S140, the authentication method also includes at least one of the following processes: S150, recording the first authentication process information in a new block of the authentication management system to record the first authentication process information in the blockchain ledger of the first terminal; wherein the first authentication process information involves relevant information of the following process: receiving a data transmission request from the data interface of the first virtual node from the data interface of the second virtual node, to determining the processing process of the data transmission request through the first virtual node according to the credit evaluation result.
在步骤S150,将上述认证过程记录的相关信息到区块链的新区块中,进而记录到区块链账本中,可以便于后续追溯和验证。In step S150, the relevant information of the above authentication process is recorded in a new block of the blockchain, and then recorded in the blockchain ledger, which can facilitate subsequent tracing and verification.
S160,在对第二终端的信用评估结果为信用合格的情况下,在第一终端本地保存的白名单列表中添加第二虚拟节点的节点标识,以更新第一虚拟节点本地保存的白名单列表。S160: When the credit evaluation result of the second terminal is that the credit is qualified, add the node identifier of the second virtual node to the white list stored locally in the first terminal to update the white list stored locally in the first virtual node.
作为示例,虚拟系统为元宇宙系统时,第二虚拟节点的节点标识,也可以称为是第二虚拟节点的节点标识,用于标识第二虚拟节点在元宇宙系统中的身份信息。As an example, when the virtual system is a metaverse system, the node identifier of the second virtual node may also be referred to as the node identifier of the second virtual node, which is used to identify the identity information of the second virtual node in the metaverse system.
在步骤S160,本次确认身份后,第一终端可以更新自己本地保存的白名单列表,可以将虚拟系统中的第二虚拟节点的标识加入到列表中;例如,节点B也可以更新自己本地保存的白名单列表,将虚拟系统中的节点C的标识加入到列表中,以便于后续文件传输时,直接通过白名单确定对方节点的被认证的身份,提高文件传输效率。In step S160, after the identity is confirmed, the first terminal can update its locally saved whitelist and add the identifier of the second virtual node in the virtual system to the list; for example, node B can also update its locally saved whitelist and add the identifier of node C in the virtual system to the list, so that in subsequent file transfers, the authenticated identity of the other node can be directly determined through the whitelist, thereby improving file transfer efficiency.
根据本发明实施例的认证方法,涉及到虚拟系统中的通信双方的两个节点的互相身份认证可靠性的过程,虚拟系统中的节点和用户,与现实生活中的节点和用户可以一一对应,通过该认证方法来保障互相传输数据的双方的安全性。The authentication method according to the embodiment of the present invention involves a process of mutual identity authentication reliability of two nodes of the communicating parties in a virtual system. The nodes and users in the virtual system can correspond one-to-one with the nodes and users in real life. The authentication method is used to ensure the security of both parties transmitting data to each other.
第二方面,本发明实施例提供一种认证方法;该认证方法可以应用于认证管理系统中的第二终端,第二终端与虚拟系统中的第二虚拟节点相对应;认证管理系统中还包括认证节点和第一终端,第一终端与虚拟系统中的第一虚拟节点相对应;图2是示出根据本发明实施例的认证方法的流程图。In the second aspect, an embodiment of the present invention provides an authentication method; the authentication method can be applied to a second terminal in an authentication management system, and the second terminal corresponds to a second virtual node in the virtual system; the authentication management system also includes an authentication node and a first terminal, and the first terminal corresponds to a first virtual node in the virtual system; Figure 2 is a flowchart showing an authentication method according to an embodiment of the present invention.
如图2所示,该认证方法包括如下步骤。As shown in FIG. 2 , the authentication method includes the following steps.
S210,在通过第二虚拟节点的数据接口发送数据传输请求至第一虚拟节点的数据接口之后,通过第二虚拟节点的数据接口,接收第一虚拟节点的数据接口响应于数据传输请求而发送的认证信息获取请求。S210, after sending a data transmission request to the data interface of the first virtual node through the data interface of the second virtual node, receiving, through the data interface of the second virtual node, an authentication information acquisition request sent by the data interface of the first virtual node in response to the data transmission request.
S220,通过第二虚拟节点的数据接口响应认证信息获取请求而向第一虚拟节点返回认证信息;其中,认证信息中至少包括第二终端的真实号码的加密信息。S220, responding to the authentication information acquisition request through the data interface of the second virtual node and returning authentication information to the first virtual node; wherein the authentication information at least includes encrypted information of the real number of the second terminal.
其中,该真实号码的加密信息在第一终端被用于生成第一广播消息;第一广播消息被发送至认证管理系统后,在认证节点进行号码解密和信用评估处理后,得到第二终端的信用评估结果,以通过第一虚拟节点根据信用评估结果确定对数据传输请求的响应结果;The encryption information of the real number is used to generate a first broadcast message at the first terminal; after the first broadcast message is sent to the authentication management system, the authentication node performs number decryption and credit evaluation processing, and obtains the credit evaluation result of the second terminal, so as to determine the response result to the data transmission request according to the credit evaluation result through the first virtual node;
S230,通过第二虚拟节点的数据接口,接收来自第一虚拟节点的数据接口的与信用评估结果对应的数据传输结果。S230, receiving, through the data interface of the second virtual node, a data transmission result corresponding to the credit evaluation result from the data interface of the first virtual node.
在本发明实施例中,可以将虚拟系统中的虚拟节点之间身份的可靠性的确认和现实世界的运营商的数据相结合,实现虚拟系统内的节点的安全身份认证,以便于认可通过后才可以接收对方传输的数据。随着虚拟系统系统对整个现实世界的模拟程度加强,在虚拟世界里形成可信任的认证体系,促进了虚拟系统技术的应用和发展。In the embodiment of the present invention, the reliability of the identity between virtual nodes in the virtual system can be combined with the data of operators in the real world to achieve secure identity authentication of nodes in the virtual system, so that data transmitted by the other party can be received only after approval. As the virtual system strengthens the simulation of the entire real world, a trusted authentication system is formed in the virtual world, which promotes the application and development of virtual system technology.
在一些实施例中,真实号码的加密信息,是预先在第二虚拟节点存储的经号码加密处理后得到的加密信息;在步骤S210之前,认证方法还包括:S41,在第二虚拟节点,使用第二终端的真实号码所对应的认证节点的公钥,按照预定加密算法对第二终端的真实号码加密,得到第二终端的真实号码的加密信息。In some embodiments, the encrypted information of the real number is the encrypted information obtained after the number encryption processing and stored in the second virtual node in advance; before step S210, the authentication method also includes: S41, in the second virtual node, using the public key of the authentication node corresponding to the real number of the second terminal, the real number of the second terminal is encrypting according to a predetermined encryption algorithm to obtain the encrypted information of the real number of the second terminal.
在该实施例中,虚拟系统中的虚拟节点之所以要使用该加密文件,是因为可以对所对应的现实世界的终端的手机号码进行保密,不需要虚拟系统中的其他虚拟节点和现实世界的其他终端知道该手机号码的明文,提升了验证过程的安全性。In this embodiment, the virtual nodes in the virtual system use the encrypted file because the mobile phone number of the corresponding real-world terminal can be kept confidential. Other virtual nodes in the virtual system and other terminals in the real world do not need to know the plain text of the mobile phone number, thereby improving the security of the verification process.
在一些实施例中,在步骤S230之后,本发明实施例的认证方法还包括如下处理中的至少一种。In some embodiments, after step S230, the authentication method of the embodiment of the present invention further includes at least one of the following processes.
S240,在认证管理系统的新区块中记录第二认证过程信息,以将第二认证过程信息记录到第二终端的区块链账本中;其中,第二认证过程信息涉及如下过程的相关信息:从通过第二虚拟节点的数据接口发送数据传输请求至第一虚拟节点的数据接口,至通过第二虚拟节点的数据接口接收第一虚拟节点的数据接口发送的与信用评估结果对应的数据传输结果的处理过程。S240, recording the second authentication process information in a new block of the authentication management system to record the second authentication process information in the blockchain account book of the second terminal; wherein the second authentication process information involves relevant information of the following process: from sending a data transmission request to the data interface of the first virtual node through the data interface of the second virtual node, to receiving the data transmission result corresponding to the credit assessment result sent by the data interface of the first virtual node through the data interface of the second virtual node.
在该步骤中,本终端可以将认证过程的相关信息记录到区块链的新区块中,进而记录到区块链账本中,可以便于后续追溯和验证。In this step, the terminal can record the relevant information of the authentication process into a new block of the blockchain, and then record it into the blockchain ledger, which can facilitate subsequent tracing and verification.
S250,在对第二终端的信用评估结果为信用合格的情况下,通过第二虚拟节点,在第二虚拟节点本地保存的白名单列表中添加第一虚拟节点的节点标识,以更新第二虚拟节点本地保存的白名单列表。S250, when the credit evaluation result of the second terminal is credit qualified, add the node identifier of the first virtual node to the white list locally stored in the second virtual node through the second virtual node to update the white list locally stored in the second virtual node.
在该步骤中,本次确认身份后,第二终端可以更新自己本地保存的白名单列表,可以将虚拟系统中的第一虚拟节点的标识加入到列表中;例如,节点A也可以更新自己本地保存的白名单列表,将虚拟系统中的节点D的标识加入到列表中,以便于后续文件传输时,直接通过白名单确定对方节点的被认证的身份,提高文件传输效率。In this step, after the identity is confirmed, the second terminal can update its locally saved whitelist and add the identifier of the first virtual node in the virtual system to the list; for example, node A can also update its locally saved whitelist and add the identifier of node D in the virtual system to the list, so that in subsequent file transfers, the authenticated identity of the other node can be directly determined through the whitelist, thereby improving file transfer efficiency.
根据本发明实施例的认证方法,涉及到虚拟系统中的通信双方的两个节点的互相身份认证可靠性的过程,虚拟系统中的节点和用户,与现实生活中的节点和用户可以一一对应,通过该认证方法来保障互相传输数据的双方的安全性。The authentication method according to the embodiment of the present invention involves a process of mutual identity authentication reliability of two nodes of the communicating parties in a virtual system. The nodes and users in the virtual system can correspond one-to-one with the nodes and users in real life. The authentication method is used to ensure the security of both parties transmitting data to each other.
第三方面,本发明实施例提供一种认证方法;该认证方法可以应用于认证管理系统中的认证节点,认证管理系统中还包括第一终端和第二终端,第一终端与虚拟系统中的第一虚拟节点相对应,第二终端与虚拟系统中的第二虚拟节点相对应。In a third aspect, an embodiment of the present invention provides an authentication method; the authentication method can be applied to an authentication node in an authentication management system, which also includes a first terminal and a second terminal, the first terminal corresponding to a first virtual node in the virtual system, and the second terminal corresponding to a second virtual node in the virtual system.
图3示出本发明实施例的认证方法的流程图;如图3所示,在一些实施例中,该认证方法包括如下步骤。FIG3 shows a flow chart of an authentication method according to an embodiment of the present invention; as shown in FIG3 , in some embodiments, the authentication method includes the following steps.
S310,接收第一终端发送到认证管理系统中的第一广播消息,获取由第一广播消息广播的认证信息;其中,认证信息用于第一虚拟节点对第二虚拟节点的身份认证,认证信息中至少包括第二终端的真实号码的加密信息。S310, receiving a first broadcast message sent by a first terminal to an authentication management system, and obtaining authentication information broadcast by the first broadcast message; wherein the authentication information is used for the first virtual node to authenticate the identity of the second virtual node, and the authentication information includes at least encrypted information of the real number of the second terminal.
其中,第一广播消息是第一终端通过第一虚拟节点的数据接口接收到来自第二虚拟节点的数据接口的数据传输请求的情况下,通过第一虚拟节点的数据接口向第二虚拟节点的数据接口发送认证信息获取请求,并通过第一虚拟节点的数据接口,接收第二虚拟节点的数据接口响应于认证信息获取请求而返回的认证信息之后,生成并发送的广播消息。Among them, the first broadcast message is a broadcast message generated and sent after the first terminal receives a data transmission request from the data interface of the second virtual node through the data interface of the first virtual node, sends an authentication information acquisition request to the data interface of the second virtual node through the data interface of the first virtual node, and receives the authentication information returned by the data interface of the second virtual node in response to the authentication information acquisition request through the data interface of the first virtual node.
S320,对真实号码的加密信息进行号码解密和信用评估处理,得到第二终端的信用评估结果。S320, performing number decryption and credit evaluation processing on the encrypted information of the real number to obtain a credit evaluation result of the second terminal.
S330,生成并发送第二广播消息至认证管理系统,第二广播消息中携带有第二终端的信用评估结果、真实号码的加密信息和第一终端的终端标识,以通过第一虚拟节点根据信用评估结果确定是否接收通过第二虚拟节点传输的文件。S330, generate and send a second broadcast message to the authentication management system, the second broadcast message carries the credit evaluation result of the second terminal, the encryption information of the real number and the terminal identification of the first terminal, so that the first virtual node determines whether to receive the file transmitted through the second virtual node according to the credit evaluation result.
在步骤S330,在第二广播消息中携带电话号码的加密信息,可以便于第一终端获知该信用评估结果作为第一广播消息的回复结果所对应的加密文件,避免了第一终端同时询问了两个号码的加密文件的情况下,第一终端分不清运营商节点的回复结果中的信用评估结果所针对的是哪个号码的加密文件,从而有利于第一终端对信用评估结果的准确获取。In step S330, the encrypted information of the telephone number is carried in the second broadcast message, so that the first terminal can obtain the credit assessment result as the encrypted file corresponding to the reply result of the first broadcast message, thereby avoiding the situation where the first terminal simultaneously inquires about the encrypted files of two numbers and the first terminal cannot distinguish which number's encrypted file the credit assessment result in the reply result of the operator node is for, thereby facilitating the first terminal to accurately obtain the credit assessment result.
根据本发明实施例的认证方法,运营商节点可以响应于第一终端的请求,对第二终端的真实号码进行信用评估,从而得到第二终端的信用评估结果;根据该信用评估结果,与第一终端对应的虚拟系统系统中的第一虚拟节点,可以判断接收虚拟系统系统中的第二虚拟节点的传输文件的安全性,从而实现虚拟系统内的节点的安全身份认证,以便于认可通过后才可以接收对方传输的数据。According to the authentication method of an embodiment of the present invention, the operator node can perform a credit assessment on the real number of the second terminal in response to the request of the first terminal, thereby obtaining a credit assessment result of the second terminal; based on the credit assessment result, the first virtual node in the virtual system corresponding to the first terminal can judge the security of the transmission file received from the second virtual node in the virtual system, thereby realizing the security identity authentication of the nodes within the virtual system, so that the data transmitted by the other party can be received only after approval.
在一些实施例中,S320具体可以包括:S321,使用当前认证节点自己的私钥按照预定解密算法对第二终端的真实号码解密,若当前认证节点是归属于运营商的节点且所属运营商的类别与第二终端的真实号码所对应的运营商的类别相同,则解密成功并得到第二终端的真实号码;S322,对真实号码的加密信息进行信用评估处理,得到第二终端的信用评估结果。In some embodiments, S320 may specifically include: S321, using the current authentication node's own private key to decrypt the real number of the second terminal according to a predetermined decryption algorithm. If the current authentication node is a node belonging to an operator and the category of the operator to which it belongs is the same as the category of the operator corresponding to the real number of the second terminal, the decryption is successful and the real number of the second terminal is obtained; S322, performing credit evaluation processing on the encrypted information of the real number to obtain the credit evaluation result of the second terminal.
在该实施例中,对第二终端的真实号码解密后,得到第二终端的真实号码,若该真实号码对应的运营商的类别与当前认证节点所属运营商的类别相同,则确定解密成功,从而继续对第二终端的真实号码进行信用评估,信用评估结果用于在第一虚拟节点确定是否接收第二虚拟节点传输的文件。In this embodiment, after decrypting the real number of the second terminal, the real number of the second terminal is obtained. If the category of the operator corresponding to the real number is the same as the category of the operator to which the current authentication node belongs, the decryption is determined to be successful, thereby continuing to perform credit evaluation on the real number of the second terminal. The credit evaluation result is used to determine at the first virtual node whether to receive the file transmitted by the second virtual node.
在一些实施例中,步骤S322具体可以包括如下步骤。In some embodiments, step S322 may specifically include the following steps.
S51,将第二终端的真实号码作为待评估号码,在属于认证节点的数据库中查询待评估号码的信用评估项的取值;S52,根据信用评估项的取值进行信用评估处理,得到信用评估结果。S51, taking the real number of the second terminal as the number to be evaluated, and querying the value of the credit evaluation item of the number to be evaluated in the database belonging to the authentication node; S52, performing credit evaluation processing according to the value of the credit evaluation item to obtain a credit evaluation result.
其中,信用评估处理包括:S61,若待评估号码的信用等级的等级值超过预设等级阈值,和/或,待评估号码的在网时长超过预设在网时长阈值,则确定待评估号码的信用合格,生成包含信用合格信息的信用评估结果;S62,根据预设的综合信用评分模型处理信用等级和在网时长,得到综合信用评估分数;若综合信用评估分数超过分数阈值,则确定待评估号码信用合格,生成包含综合信用评估分数的信用评估结果。Among them, the credit assessment processing includes: S61, if the grade value of the credit grade of the number to be evaluated exceeds the preset grade threshold, and/or the online time of the number to be evaluated exceeds the preset online time threshold, then the credit of the number to be evaluated is determined to be qualified, and a credit assessment result including credit qualification information is generated; S62, the credit grade and online time are processed according to a preset comprehensive credit scoring model to obtain a comprehensive credit assessment score; if the comprehensive credit assessment score exceeds the score threshold, then the credit of the number to be evaluated is determined to be qualified, and a credit assessment result including the comprehensive credit assessment score is generated.
在本发明实施例中,认证管理系统可以是区块链系统,虚拟系统可以是元宇宙系统;区块链节点可以根据待评估号码的信用等级和在网时长中的至少一者进行信用评估处理,得到待评估号码信用合格或不合格的评估结果和/或得到待评估号码的综合信用评估分数;通过对虚拟节点所对应现实世界区块链系统中的终端的电话号码的信用评估,实现对元宇宙内的虚拟节点的安全身份认证,以便于认可通过后才可以接收对方传输的数据。随着元宇宙进一步发展,对整个现实世界的模拟程度加强,在虚拟世界里形成可信任的认证体系,促进了元宇宙技术的应用和发展。In an embodiment of the present invention, the authentication management system can be a blockchain system, and the virtual system can be a metaverse system; the blockchain node can perform credit evaluation processing based on at least one of the credit rating and online time of the number to be evaluated, and obtain the evaluation result of whether the number to be evaluated is qualified or unqualified and/or obtain the comprehensive credit evaluation score of the number to be evaluated; by evaluating the credit of the phone number of the terminal in the real-world blockchain system corresponding to the virtual node, the secure identity authentication of the virtual node in the metaverse is realized, so that the data transmitted by the other party can be received only after approval. With the further development of the metaverse, the simulation degree of the entire real world is strengthened, and a trustworthy authentication system is formed in the virtual world, which promotes the application and development of metaverse technology.
上面各种方法的步骤划分,只是为了描述清楚,实现时可以合并为一个步骤或者对某些步骤进行拆分,分解为多个步骤,只要包括相同的逻辑关系,都在本专利的保护范围内;对算法中或者流程中添加无关紧要的修改或者引入无关紧要的设计,但不改变其算法和流程的核心设计都在该专利的保护范围内。The step division of the above methods is only for clear description. When implemented, they can be combined into one step or some steps can be split and decomposed into multiple steps. As long as they include the same logical relationship, they are all within the scope of protection of this patent; adding insignificant modifications to the algorithm or process or introducing insignificant designs without changing the core design of the algorithm and process are all within the scope of protection of this patent.
下面通过具体实施例,描述本发明实施例的认证方法的具体流程;在该实施例中,涉及到两个时间和空间平行的世界,一个是现实世界,一个是元宇宙的虚拟世界,节点A和节点B分别在现实世界和元宇宙中都有自己对应的身份和标识以及现实世界的手机号码分别是186xxxxxxxx,138xxxxxxxx,并且这两个手机号码分别为第一运营商(例如联通运营商)的用户号码和第二运营商(例如移动运营商)的用户号码。The following describes the specific process of the authentication method of the embodiment of the present invention through a specific example. In this embodiment, two worlds parallel in time and space are involved, one is the real world, and the other is the virtual world of the metaverse. Node A and node B have their own corresponding identities and identifiers in the real world and the metaverse respectively, and the mobile phone numbers in the real world are 186xxxxxxxx and 138xxxxxxxx respectively, and these two mobile phone numbers are the user numbers of the first operator (for example, China Unicom operator) and the user numbers of the second operator (for example, China Mobile operator).
在该实施例中,认证管理系统中节点包括:节点A和节点B,具体地,认证管理系统中的第一终端为节点B,认证管理系统中的第二终端为节点A;虚拟系统中的第一虚拟节点为节点D,虚拟系统中的第二虚拟节点为节点C;其中,认证管理系统中的节点B与虚拟系统中节点D相对应,认证管理系统中的节点A与虚拟系统中节点C相对应。In this embodiment, the nodes in the authentication management system include: node A and node B. Specifically, the first terminal in the authentication management system is node B, and the second terminal in the authentication management system is node A; the first virtual node in the virtual system is node D, and the second virtual node in the virtual system is node C; wherein, node B in the authentication management system corresponds to node D in the virtual system, and node A in the authentication management system corresponds to node C in the virtual system.
在认证管理系统是区块链系统,虚拟系统是元宇宙系统(简称元宇宙)的情况下,区块链系统中的节点A和节点B,在元宇宙系统中分别对应节点C和节点D。When the authentication management system is a blockchain system and the virtual system is a metaverse system (metaverse for short), nodes A and B in the blockchain system correspond to nodes C and D in the metaverse system, respectively.
在该实施例中,区块链系统中包括至少一个认证节点,认证节点可以是归属于运营商的节点设备(简称运营商节点);运营商节点包括多种类别,例如运营商联通节点、运营商移动节点、运营商电信节点;并且不同类别的运营商节点可以共同作为本区块链的创始人节点,每个运营商节点的公钥和身份标识可以预先写入到创世区块中。In this embodiment, the blockchain system includes at least one authentication node, which can be a node device belonging to an operator (referred to as an operator node); operator nodes include multiple categories, such as operator Unicom nodes, operator mobile nodes, and operator telecommunications nodes; and operator nodes of different categories can jointly serve as the founder nodes of this blockchain, and the public key and identity of each operator node can be pre-written into the genesis block.
图4示出本发明示例性实施例的认证方法的流程图。如图4所示,该认证方法包括如下步骤。Fig. 4 shows a flow chart of an authentication method according to an exemplary embodiment of the present invention. As shown in Fig. 4, the authentication method includes the following steps.
S401,通过第二虚拟节点向第一虚拟节点的数据接口发送数据传输请求。S401: Send a data transmission request to a data interface of a first virtual node through a second virtual node.
在该步骤中,节点C在虚拟系统中向虚拟系统里面的节点D传输数据,该数据可以是文件材料,也可以是请求、字符串等任意信息,具体可以根据实际情况来确定,本发明实施例不做具体限定。In this step, node C transmits data to node D in the virtual system in the virtual system. The data may be file material, or any information such as a request or a character string. The specific information may be determined according to actual conditions and is not specifically limited in the embodiment of the present invention.
S402,通过第一虚拟节点的数据接口响应于该数据传输请求,向第二虚拟节点的数据接口发送信息获取请求。S402: In response to the data transmission request, the data interface of the first virtual node sends an information acquisition request to the data interface of the second virtual node.
示例性地,由于节点D不敢接受虚拟系统里的陌生节点传输的文件,怕里面有病毒;所以节点D通过信息获取请求向节点C发起身份认证的挑战信息,以用于询问节点C所属的现实世界中的对应节点所对应的运营商的标识、以及节点C的手机号码的加密文件。For example, since node D does not dare to accept files transmitted by unfamiliar nodes in the virtual system for fear that they may contain viruses, node D sends an identity authentication challenge message to node C through an information acquisition request, in order to inquire about the identifier of the operator corresponding to the corresponding node in the real world to which node C belongs, as well as the encrypted file of node C's mobile phone number.
在该实施例中,每个虚拟系统中的虚拟节点都保存有自己所对应现实世界的终端设备的手机号码的使用了本手机号码所对应的运营商节点的公钥按照预先约定的算法加密得到的加密文件,也就是说节点C保存有使用了第一运营商节点(例如联通节点)的公钥按照预先约定的算法加密的节点A的手机号码186xxxxxxxx所对应的加密文件1。In this embodiment, each virtual node in the virtual system stores an encrypted file of the mobile phone number of the terminal device corresponding to the real world, which is encrypted using the public key of the operator node corresponding to the mobile phone number according to a pre-agreed algorithm. That is to say, node C stores the encrypted file 1 corresponding to the mobile phone number 186xxxxxxxx of node A, which is encrypted using the public key of the first operator node (for example, China Unicom node) according to a pre-agreed algorithm.
在本发明实施例中,之所以使用加密文件1,是因为可以对节点A的手机号码进行保密,不需要节点D和节点B知道该手机号码的明文,而且后续在区块链网络中广播消息中发送加密文件1,而不是直接发动具体手机号码,则可以让区块链网络中的其他终端设备也不知道该手机号码,并且只有该手机号码对应的运营商节点才可以对该加密文件进行成功解密,大大提升了本文验证过程的安全性。In the embodiment of the present invention, the encrypted file 1 is used because the mobile phone number of node A can be kept confidential, and node D and node B do not need to know the plain text of the mobile phone number. In addition, the encrypted file 1 is subsequently sent in a broadcast message in the blockchain network instead of directly launching a specific mobile phone number. This allows other terminal devices in the blockchain network to not know the mobile phone number, and only the operator node corresponding to the mobile phone number can successfully decrypt the encrypted file, which greatly improves the security of the verification process in this article.
S403,通过第二虚拟节点的数据接口响应于信息获取请求,向第一虚拟节点回复认证信息。S403, responding to the information acquisition request through the data interface of the second virtual node and replying authentication information to the first virtual node.
作为示例,节点C在虚拟系统中通过IP网络收到节点D通过认证信息获取请求传送给节点C的用于询问节点C所属运营商和加密文件的询问,节点C通过原路径回复节点D,第一运营商的运营商标识和加密文件1(使用了第一运营商节点的公钥按照预先约定的加密算法进行加密的节点A的手机号码的加密文件)。As an example, node C receives a query in the virtual system through the IP network, which is sent to node C by node D through an authentication information acquisition request to inquire about the operator to which node C belongs and the encrypted file. Node C replies to node D through the original path, with the operator identifier of the first operator and encrypted file 1 (an encrypted file of node A's mobile phone number encrypted using the public key of the first operator node according to a pre-agreed encryption algorithm).
S404,第一终端发送第一广播消息至区块链网络。S404: The first terminal sends a first broadcast message to the blockchain network.
作为示例,节点D收到该联通标识和加密文件1之后,节点D所对应的现实世界的节点B将加密文件1和联通标识使用自己的私钥签名的广播消息的方法发送到区块链网络中。As an example, after node D receives the Unicom ID and encrypted file 1, node B in the real world corresponding to node D sends the encrypted file 1 and the Unicom ID to the blockchain network using a broadcast message signed by its own private key.
S405,运营商节点进行号码解密和信用评估处理,得到信用评估结果。S405: The operator node performs number decryption and credit assessment processing to obtain a credit assessment result.
作为示例,联通节点收到该第一广播消息后,对该第一广播消息的私钥签名进行验证,如果验证通过,提取出来加密文件1,然后联通节点使用自己的私钥按照预先约定的算法对该加密文件1进行解密得到手机号码186xxxxxxxx。As an example, after receiving the first broadcast message, the Unicom node verifies the private key signature of the first broadcast message. If the verification passes, the encrypted file 1 is extracted, and then the Unicom node uses its own private key to decrypt the encrypted file 1 according to the pre-agreed algorithm to obtain the mobile phone number 186xxxxxxxx.
作为示例,联通节点在自己的数据库内查询该手机号码的信用登记和在网时长,如果发现该信用等级超过信用等级阈值和/或在网时长超过在网时长阈值(信用等级阈值和/或在网时长阈值为预先设定的信用阈值),或者,根据预设的综合信用评分模型处理信用等级和在网时长,得到综合信用评估分数,则联通节点私钥签名的广播消息方式发送信用评估结果(信用合格的信息或者综合信用评估分数)、加密文件1和节点B的标识。As an example, the Unicom node queries the credit registration and online time of the mobile phone number in its own database. If it is found that the credit level exceeds the credit level threshold and/or the online time exceeds the online time threshold (the credit level threshold and/or the online time threshold are pre-set credit thresholds), or the credit level and online time are processed according to a preset comprehensive credit scoring model to obtain a comprehensive credit assessment score, the credit assessment result (credit qualification information or comprehensive credit assessment score), encrypted file 1 and the identifier of node B are sent as a broadcast message signed by the Unicom node private key.
在该示例中,发送加密文件1是为了让节点B知道该信用合格的信息或者综合信用评估分数是对应的哪个加密文件的回复结果,避免了节点B同时询问了两个号码的加密文件,分不清运营商回复的结果是哪个号码的加密文件对应的结果,提高信息获取准确性,提高信息处理效率。In this example, encrypted file 1 is sent to let node B know which encrypted file the credit qualification information or the comprehensive credit assessment score corresponds to, thereby avoiding the situation where node B simultaneously inquires about the encrypted files of two numbers and cannot tell which number's encrypted file the result replied by the operator corresponds to, thereby improving the accuracy of information acquisition and the efficiency of information processing.
S406,第一终端根据信用评估结果,判断是否通过第一虚拟节点的数据接口接收第二虚拟节点的数据接口发送的文件。S406: The first terminal determines, based on the credit evaluation result, whether to receive the file sent by the data interface of the second virtual node through the data interface of the first virtual node.
作为示例,节点B收到该广播消息后,对该广播消息的私钥签名进行验证,若验证通过,则提取出来加密文件1和信用合格的信息或者综合信用评估分数,节点D即可根据节点B给自己的该加密文件对应的运营商节点发送的信用评估结果,决定是否接受节点C给自己发送的文件;若信用评估结果为信用合格,则节点D同意接受节点C给自己发送的文件;否则,节点D拒绝接受节点C给自己发送的文件。As an example, after receiving the broadcast message, node B verifies the private key signature of the broadcast message. If the verification is successful, the encrypted file 1 and the credit qualification information or the comprehensive credit assessment score are extracted. Node D can decide whether to accept the file sent by node C based on the credit assessment result sent by the operator node corresponding to the encrypted file given to it by node B. If the credit assessment result is that the credit is qualified, node D agrees to accept the file sent by node C; otherwise, node D refuses to accept the file sent by node C.
在本发明实施例中,通过第一终端例如节点B、第二终端例如节点A和参与认证过程的运营商节点,可以将以上认证过程可以被记录到区块链的新区块中,进而记录到区块链账本中,便于后续追溯和验证。In an embodiment of the present invention, the above authentication process can be recorded in a new block of the blockchain through a first terminal such as node B, a second terminal such as node A and an operator node participating in the authentication process, and then recorded in a blockchain ledger to facilitate subsequent tracing and verification.
本发明实施例的认证方法,可以利用现实世界的手机号码的信用等级,来确认虚拟系统中两个不认识的节点是否可以接受对方传输的资料的情况,以此来保障了节点身份的真实性和可靠性,本次确认身份后,节点可以A更新自己本地保存的白名单列表,从而将虚拟系统中的节点D的标识加入到列表中;相应的,节点B也可以更新自己本地保存的白名单列表,可以将虚拟系统中的节点C的标识加入到列表中。The authentication method of the embodiment of the present invention can use the credit rating of the mobile phone number in the real world to confirm whether two unknown nodes in the virtual system can accept the data transmitted by each other, so as to ensure the authenticity and reliability of the node identity. After this identity confirmation, node A can update its locally saved white list, thereby adding the identifier of node D in the virtual system to the list; correspondingly, node B can also update its locally saved white list, and can add the identifier of node C in the virtual system to the list.
根据本发明实施例的认证方法,可以将虚拟系统中的虚拟节点之间身份的可靠性的确认和现实世界的运营商的数据相结合,实现虚拟系统内的节点的安全身份认证,以便于认可通过后才可以接收对方传输的数据,从而在虚拟世界里形成可信任的认证体系,促进虚拟系统技术的应用和发展。According to the authentication method of the embodiment of the present invention, the confirmation of the reliability of the identities between virtual nodes in the virtual system can be combined with the data of operators in the real world to realize the secure identity authentication of the nodes in the virtual system, so that the data transmitted by the other party can be received only after approval, thereby forming a trusted authentication system in the virtual world and promoting the application and development of virtual system technology.
第四方面,本发明实施例提供一种认证装置。In a fourth aspect, an embodiment of the present invention provides an authentication device.
图5示出了根据本发明一实施例提供的认证装置的结构示意图。在一些实施例中,该装置应用于认证管理系统中的第一终端,第一终端与虚拟系统中的第一虚拟节点相对应;认证管理系统中还包括至少一个认证节点和第二终端,第二终端与虚拟系统中的第二虚拟节点相对应;如图5所示,认证装置500包括如下模块。Fig. 5 shows a schematic diagram of the structure of an authentication device provided according to an embodiment of the present invention. In some embodiments, the device is applied to a first terminal in an authentication management system, and the first terminal corresponds to a first virtual node in a virtual system; the authentication management system also includes at least one authentication node and a second terminal, and the second terminal corresponds to a second virtual node in the virtual system; as shown in Fig. 5, the authentication device 500 includes the following modules.
第一发送模块510,用于在确定通过第一虚拟节点的数据接口接收到来自第二虚拟节点的数据接口的数据传输请求的情况下,通过第一虚拟节点的数据接口向第二虚拟节点的数据接口发送认证信息获取请求;A first sending module 510 is used to send an authentication information acquisition request to the data interface of the second virtual node through the data interface of the first virtual node when it is determined that a data transmission request from the data interface of the second virtual node is received through the data interface of the first virtual node;
第一接收模块520,用于通过第一虚拟节点的数据接口,接收第二虚拟节点的数据接口响应于认证信息获取请求而返回的认证信息;其中,认证信息中至少包括第二终端的真实号码的加密信息;The first receiving module 520 is used to receive, through the data interface of the first virtual node, the authentication information returned by the data interface of the second virtual node in response to the authentication information acquisition request; wherein the authentication information at least includes the encrypted information of the real number of the second terminal;
生成模块530,用于生成并发送第一广播消息至认证管理系统,第一广播消息用于广播真实号码的加密信息;A generating module 530, configured to generate and send a first broadcast message to the authentication management system, wherein the first broadcast message is used to broadcast encrypted information of a real number;
确定模块540,用于响应于接收到的认证节点发送至认证管理系统的第二广播消息,从第二广播消息中获取对第二终端的信用评估结果,以通过第一虚拟节点根据信用评估结果确定对数据传输请求的响应结果;其中,信用评估结果是由认证节点对真实号码的加密信息进行号码解密和信用评估处理得到的结果。The determination module 540 is used to obtain a credit evaluation result of the second terminal from the second broadcast message in response to the second broadcast message sent by the authentication node to the authentication management system, so as to determine a response result to the data transmission request through the first virtual node according to the credit evaluation result; wherein the credit evaluation result is a result obtained by the authentication node performing number decryption and credit evaluation processing on the encrypted information of the real number.
在一些实施例中,第一终端的真实号码所对应的认证节点的类型,与第二终端的真实号码所对应的认证节点不同;第二终端的真实号码的加密信息,是预先在第二虚拟节点存储的经号码加密处理后得到的加密信息。In some embodiments, the type of authentication node corresponding to the real number of the first terminal is different from the type of authentication node corresponding to the real number of the second terminal; the encryption information of the real number of the second terminal is the encrypted information obtained after the number encryption processing and stored in the second virtual node in advance.
其中,该加密处理包括:使用第二终端的真实号码所对应的认证节点的公钥,按照预定加密算法对第二终端的真实号码加密。The encryption process includes: using the public key of the authentication node corresponding to the real number of the second terminal to encrypt the real number of the second terminal according to a predetermined encryption algorithm.
在一些实施例中,认证信息还包括:第二终端的真实号码所对应的运营商的标识。In some embodiments, the authentication information also includes: an identifier of an operator corresponding to the real number of the second terminal.
在一些实施例中,生成模块530,在用于生成并发送第一广播消息至认证管理系统时,具体用于:生成第一广播消息,第一广播消息中携带有第二终端的真实号码所对应的运营商的标识,以及第二终端的真实号码的加密信息;使用第一终端的区块链私钥对第一广播消息签名,并将签名后的第一广播消息发送至认证管理系统。In some embodiments, the generation module 530, when used to generate and send a first broadcast message to an authentication management system, is specifically used to: generate a first broadcast message, the first broadcast message carrying an identifier of the operator corresponding to the real number of the second terminal, and encryption information of the real number of the second terminal; sign the first broadcast message using the blockchain private key of the first terminal, and send the signed first broadcast message to the authentication management system.
在一些实施例中,认证节点是归属于运营商的节点,若若认证节点所属运营商的类别,与第二终端的真实号码所对应的运营商的类别相同,则认证节点,在用于对真实号码的加密信息进行的号码解密和信用评估处理的情况下,具体用于:In some embodiments, the authentication node is a node belonging to an operator. If the category of the operator to which the authentication node belongs is the same as the category of the operator corresponding to the real number of the second terminal, the authentication node, when used for number decryption and credit evaluation processing of encrypted information of the real number, is specifically used to:
在第一广播消息携带第一终端签名的情况下,使用第一终端的区块链私钥,对第一终端签名进行验证;In the case where the first broadcast message carries the signature of the first terminal, the blockchain private key of the first terminal is used to verify the signature of the first terminal;
若对第一终端签名验证成功,则使用第二终端的真实号码所对应的认证节点的公钥,按照预定加密算法对第二终端的真实号码解密,得到解密的第二终端的真实号码;If the signature verification of the first terminal is successful, the public key of the authentication node corresponding to the real number of the second terminal is used to decrypt the real number of the second terminal according to a predetermined encryption algorithm to obtain the decrypted real number of the second terminal;
将解密的第二终端的真实号码作为待评估号码,在属于认证节点的数据库中查询待评估号码的信用评估项的取值,根据信用评估项的取值进行信用评估处理,得到信用评估结果。The decrypted real number of the second terminal is used as the number to be evaluated, and the value of the credit evaluation item of the number to be evaluated is queried in the database belonging to the authentication node. Credit evaluation processing is performed according to the value of the credit evaluation item to obtain a credit evaluation result.
在一些实施例中,信用评估项包括待评估号码的信用等级和在网时长中的至少一者;运营商节点,在用于进行信用评估处理时,具体用于:In some embodiments, the credit evaluation item includes at least one of the credit rating and the network time of the number to be evaluated; the operator node, when used for credit evaluation processing, is specifically used to:
若待评估号码的信用等级的等级值超过预设等级阈值,和/或,待评估号码的在网时长超过预设在网时长阈值,则确定待评估号码的信用合格,生成包含信用合格信息的信用评估结果;If the credit rating of the number to be evaluated exceeds the preset rating threshold, and/or the online time of the number to be evaluated exceeds the preset online time threshold, the number to be evaluated is determined to be credit qualified, and a credit evaluation result including credit qualified information is generated;
根据预设的综合信用评分模型处理信用等级和在网时长,得到综合信用评估分数,若综合信用评估分数超过分数阈值,则确定待评估号码信用合格,生成包含综合信用评估分数的信用评估结果。The credit rating and online time are processed according to the preset comprehensive credit scoring model to obtain a comprehensive credit assessment score. If the comprehensive credit assessment score exceeds the score threshold, the credit of the number to be assessed is determined to be qualified, and a credit assessment result including the comprehensive credit assessment score is generated.
在一些实施例中,认证装置500还可以包括如下模块。In some embodiments, the authentication device 500 may further include the following modules.
第一记录模块,用于在根据信用评估结果确定对数据传输请求的响应结果之后,在认证管理系统的新区块中记录第一认证过程信息,以将第一认证过程信息记录到第一终端的区块链账本中;其中,第一认证过程信息涉及如下过程的相关信息:从第一虚拟节点的数据接口接收到来自第二虚拟节点的数据接口的数据传输请求,至通过第一虚拟节点根据信用评估结果确定对数据传输请求的处理过程;A first recording module is used to record first authentication process information in a new block of the authentication management system after determining a response result to the data transmission request according to the credit evaluation result, so as to record the first authentication process information in the blockchain account book of the first terminal; wherein the first authentication process information involves relevant information of the following process: from the data interface of the first virtual node receiving a data transmission request from the data interface of the second virtual node to the first virtual node determining, according to the credit evaluation result, a processing process of the data transmission request;
更新模块,用于在根据信用评估结果确定对数据传输请求的响应结果之后,在对第二终端的信用评估结果为信用合格的情况下,在第一终端本地保存的白名单列表中添加第二虚拟节点的节点标识,以更新第一虚拟节点本地保存的白名单列表。The update module is used to add the node identifier of the second virtual node to the white list locally saved by the first terminal after determining the response result to the data transmission request according to the credit evaluation result, if the credit evaluation result of the second terminal is credit qualified, so as to update the white list locally saved by the first virtual node.
根据本发明实施例的认证装置,可以将虚拟系统中的虚拟节点之间身份的可靠性的确认和现实世界的运营商的数据相结合,实现虚拟系统内的节点的安全身份认证,以便于认可通过后才可以接收对方传输的数据。随着虚拟系统进一步发展,对整个现实世界的模拟程度加强,在虚拟世界里形成可信任的认证体系,促进了虚拟系统技术的应用和发展。According to the authentication device of the embodiment of the present invention, the reliability of the identity confirmation between virtual nodes in the virtual system can be combined with the data of operators in the real world to realize the secure identity authentication of nodes in the virtual system, so that data transmitted by the other party can be received only after approval. With the further development of virtual systems, the simulation degree of the entire real world is strengthened, and a trustworthy authentication system is formed in the virtual world, which promotes the application and development of virtual system technology.
第五方面,本发明实施例提供一种认证装置。In a fifth aspect, an embodiment of the present invention provides an authentication device.
图6示出了根据本发明一实施例提供的认证装置的结构示意图。在本发明实施例中,认证装置可以应用于认证管理系统中的第二终端,第二终端与虚拟系统中的第二虚拟节点相对应;认证管理系统中还包括认证节点和第一终端,第一终端与虚拟系统中的第一虚拟节点相对应。如图6所示,认证装置600包括如下模块。FIG6 shows a schematic diagram of the structure of an authentication device provided according to an embodiment of the present invention. In an embodiment of the present invention, the authentication device can be applied to a second terminal in an authentication management system, and the second terminal corresponds to a second virtual node in a virtual system; the authentication management system also includes an authentication node and a first terminal, and the first terminal corresponds to a first virtual node in the virtual system. As shown in FIG6, the authentication device 600 includes the following modules.
第二接收模块610,用于在通过第二虚拟节点的数据接口发送数据传输请求至第一虚拟节点的数据接口之后,通过第二虚拟节点的数据接口,接收第一虚拟节点的数据接口响应于数据传输请求而发送的认证信息获取请求;The second receiving module 610 is used to receive, through the data interface of the second virtual node, an authentication information acquisition request sent by the data interface of the first virtual node in response to the data transmission request after sending the data transmission request to the data interface of the first virtual node through the data interface of the second virtual node;
第一发送模块620,用于通过第二虚拟节点的数据接口响应认证信息获取请求而向第一虚拟节点返回认证信息;其中,认证信息中至少包括第二终端的真实号码的加密信息;The first sending module 620 is used to respond to the authentication information acquisition request through the data interface of the second virtual node and return the authentication information to the first virtual node; wherein the authentication information at least includes the encrypted information of the real number of the second terminal;
其中,真实号码的加密信息在第一终端被用于生成第一广播消息;第一广播消息被发送至认证管理系统后,在认证节点进行号码解密和信用评估处理后,得到第二终端的信用评估结果,以通过第一虚拟节点根据信用评估结果确定对数据传输请求的响应结果;The encrypted information of the real number is used to generate a first broadcast message at the first terminal; after the first broadcast message is sent to the authentication management system, the authentication node performs number decryption and credit evaluation processing, and obtains the credit evaluation result of the second terminal, so as to determine the response result of the data transmission request according to the credit evaluation result through the first virtual node;
第二接收模块610,还用于通过第二虚拟节点的数据接口,接收来自第一虚拟节点的数据接口的与信用评估结果对应的数据传输结果。The second receiving module 610 is further configured to receive, through the data interface of the second virtual node, a data transmission result corresponding to the credit evaluation result from the data interface of the first virtual node.
在一些实施例中,真实号码的加密信息,是预先在第二虚拟节点存储的经号码加密处理后得到的加密信息;认证装置600还包括:加密模块,用于在通过第二虚拟节点的数据接口发送数据传输请求至第一虚拟节点的数据接口之前,在第二虚拟节点,使用第二终端的真实号码所对应的认证节点的公钥,按照预定加密算法对第二终端的真实号码加密,得到第二终端的真实号码的加密信息。In some embodiments, the encryption information of the real number is the encrypted information obtained after the number encryption processing and stored in advance in the second virtual node; the authentication device 600 also includes: an encryption module, which is used to encrypt the real number of the second terminal in the second virtual node using the public key of the authentication node corresponding to the real number of the second terminal according to a predetermined encryption algorithm before sending a data transmission request to the data interface of the first virtual node through the data interface of the second virtual node, so as to obtain the encryption information of the real number of the second terminal.
在一些实施例中,认证装置600还包括:第二记录模块,用于在通过第二虚拟节点的数据接口接收第一虚拟节点的数据接口发送的与信用评估结果对应的数据传输结果之后,具体用于:In some embodiments, the authentication device 600 further includes: a second recording module, which is used, after receiving the data transmission result corresponding to the credit evaluation result sent by the data interface of the first virtual node through the data interface of the second virtual node, to:
在认证管理系统的新区块中记录第二认证过程信息,以将第二认证过程信息记录到第二终端的区块链账本中;其中,第二认证过程信息涉及如下过程的相关信息:从通过第二虚拟节点的数据接口发送数据传输请求至第一虚拟节点的数据接口,至通过第二虚拟节点的数据接口接收第一虚拟节点的数据接口发送的与信用评估结果对应的数据传输结果的处理过程;Recording the second authentication process information in a new block of the authentication management system, so as to record the second authentication process information in the blockchain account book of the second terminal; wherein the second authentication process information involves relevant information of the following process: a process from sending a data transmission request to the data interface of the first virtual node through the data interface of the second virtual node to receiving, through the data interface of the second virtual node, a data transmission result corresponding to the credit assessment result sent by the data interface of the first virtual node;
在对第二终端的信用评估结果为信用合格的情况下,通过第二虚拟节点,在第二虚拟节点本地保存的白名单列表中添加第一虚拟节点的节点标识,以更新第二虚拟节点本地保存的白名单列表。When the credit evaluation result of the second terminal is that the credit is qualified, the node identifier of the first virtual node is added to the white list locally stored in the second virtual node through the second virtual node to update the white list locally stored in the second virtual node.
根据本发明实施例的认证装置,可以将虚拟系统中的虚拟节点之间身份的可靠性的确认和现实世界的运营商的数据相结合,实现虚拟系统内的节点的安全身份认证,以便于认可通过后才可以接收对方传输的数据。随着虚拟系统系统对整个现实世界的模拟程度加强,在虚拟世界里形成可信任的认证体系,促进了虚拟系统技术的应用和发展。According to the authentication device of the embodiment of the present invention, the reliability of the identity confirmation between virtual nodes in the virtual system can be combined with the data of operators in the real world to realize the secure identity authentication of nodes in the virtual system, so that data transmitted by the other party can be received only after approval. As the virtual system strengthens the simulation of the entire real world, a trusted authentication system is formed in the virtual world, which promotes the application and development of virtual system technology.
第六方面,本发明实施例提供一种认证装置。在一些实施例中,该装置可以应用于认证管理系统中的认证节点,认证管理系统中还包括第一终端和第二终端,第一终端与虚拟系统中的第一虚拟节点相对应,第二终端与虚拟系统中的第二虚拟节点相对应。In a sixth aspect, an embodiment of the present invention provides an authentication device. In some embodiments, the device can be applied to an authentication node in an authentication management system, wherein the authentication management system further includes a first terminal and a second terminal, wherein the first terminal corresponds to a first virtual node in a virtual system, and the second terminal corresponds to a second virtual node in the virtual system.
图7示出了根据本发明一实施例提供的认证装置的结构示意图。如图7所示,认证装置700包括如下模块。Fig. 7 shows a schematic diagram of the structure of an authentication device provided according to an embodiment of the present invention. As shown in Fig. 7, the authentication device 700 includes the following modules.
第三接收模块710,用于接收第一终端发送到认证管理系统中的第一广播消息,获取由第一广播消息广播的认证信息;其中,认证信息用于第一虚拟节点对第二虚拟节点的身份认证,认证信息中至少包括第二终端的真实号码的加密信息。The third receiving module 710 is used to receive the first broadcast message sent by the first terminal to the authentication management system, and obtain the authentication information broadcast by the first broadcast message; wherein the authentication information is used for the first virtual node to authenticate the identity of the second virtual node, and the authentication information includes at least the encrypted information of the real number of the second terminal.
其中,第一广播消息是第一终端通过第一虚拟节点的数据接口接收到来自第二虚拟节点的数据接口的数据传输请求的情况下,通过第一虚拟节点的数据接口向第二虚拟节点的数据接口发送认证信息获取请求,并通过第一虚拟节点的数据接口,接收第二虚拟节点的数据接口响应于认证信息获取请求而返回的认证信息之后,生成并发送的广播消息。Among them, the first broadcast message is a broadcast message generated and sent after the first terminal receives a data transmission request from the data interface of the second virtual node through the data interface of the first virtual node, sends an authentication information acquisition request to the data interface of the second virtual node through the data interface of the first virtual node, and receives the authentication information returned by the data interface of the second virtual node in response to the authentication information acquisition request through the data interface of the first virtual node.
解密和评估模块720,用于对真实号码的加密信息进行号码解密和信用评估处理,得到第二终端的信用评估结果。The decryption and evaluation module 720 is used to perform number decryption and credit evaluation processing on the encrypted information of the real number to obtain the credit evaluation result of the second terminal.
第三发送模块730,用于生成并发送第二广播消息至认证管理系统,第二广播消息中携带有第二终端的信用评估结果、真实号码的加密信息和第一终端的终端标识,以通过第一虚拟节点根据信用评估结果确定是否接收通过第二虚拟节点传输的文件。The third sending module 730 is used to generate and send a second broadcast message to the authentication management system. The second broadcast message carries the credit evaluation result of the second terminal, the encryption information of the real number and the terminal identification of the first terminal, so as to determine whether to receive the file transmitted through the second virtual node through the first virtual node according to the credit evaluation result.
在一些实施例中,解密和评估模块720,包括解密模块和评估模块;解密模块,用于使用当前认证节点自己的私钥按照预定解密算法对第二终端的真实号码解密,若当前认证节点是归属于运营商的节点且所属运营商的类别与第二终端的真实号码所对应的运营商的类别相同,则解密成功并得到第二终端的真实号码;评估模块,用于对真实号码的加密信息进行信用评估处理,得到第二终端的信用评估结果。In some embodiments, the decryption and evaluation module 720 includes a decryption module and an evaluation module; the decryption module is used to use the current authentication node's own private key to decrypt the real number of the second terminal according to a predetermined decryption algorithm. If the current authentication node is a node belonging to an operator and the category of the operator to which it belongs is the same as the category of the operator corresponding to the real number of the second terminal, the decryption is successful and the real number of the second terminal is obtained; the evaluation module is used to perform credit evaluation processing on the encrypted information of the real number to obtain the credit evaluation result of the second terminal.
在一些实施例中,评估模块可以包括如下单元。In some embodiments, the evaluation module may include the following units.
取值获取单元,用于将第二终端的真实号码作为待评估号码,在属于认证节点的数据库中查询待评估号码的信用评估项的取值。The value acquisition unit is used to use the real number of the second terminal as the number to be evaluated, and query the value of the credit evaluation item of the number to be evaluated in the database belonging to the authentication node.
取值处理单元,用于根据信用评估项的取值进行信用评估处理,得到信用评估结果;其中,取值处理单元在用于信用评估处理时,具体用于:The value processing unit is used to perform credit evaluation processing according to the value of the credit evaluation item to obtain a credit evaluation result; wherein the value processing unit, when used for credit evaluation processing, is specifically used to:
若待评估号码的信用等级的等级值超过预设等级阈值,和/或,待评估号码的在网时长超过预设在网时长阈值,则确定待评估号码的信用合格,生成包含信用合格信息的信用评估结果;If the credit rating of the number to be evaluated exceeds the preset rating threshold, and/or the online time of the number to be evaluated exceeds the preset online time threshold, the number to be evaluated is determined to be credit qualified, and a credit evaluation result including credit qualified information is generated;
根据预设的综合信用评分模型处理信用等级和在网时长,得到综合信用评估分数,若综合信用评估分数超过分数阈值,则确定待评估号码信用合格,生成包含综合信用评估分数的信用评估结果。The credit rating and online time are processed according to the preset comprehensive credit scoring model to obtain a comprehensive credit assessment score. If the comprehensive credit assessment score exceeds the score threshold, the credit of the number to be assessed is determined to be qualified, and a credit assessment result including the comprehensive credit assessment score is generated.
根据本发明实施例的认证装置,运营商节点可以响应于第一终端的请求,对第二终端在真实世界中的电话号码进行信用评估,从而得到第二终端的信用评估结果;根据该信用评估结果,与第一终端对应的虚拟系统系统中的第一虚拟节点,可以判断接收虚拟系统系统中的第二虚拟节点的传输文件的安全性,从而实现虚拟系统内的节点的安全身份认证,以便于认可通过后才可以接收对方传输的数据。According to the authentication device of the embodiment of the present invention, the operator node can respond to the request of the first terminal to perform a credit assessment on the telephone number of the second terminal in the real world, thereby obtaining a credit assessment result of the second terminal; based on the credit assessment result, the first virtual node in the virtual system corresponding to the first terminal can judge the security of the transmission file received from the second virtual node in the virtual system, thereby realizing the security identity authentication of the node within the virtual system, so that the data transmitted by the other party can be received only after approval.
需要明确的是,本发明并不局限于上文实施例中所描述并在图中示出的特定配置和处理。为了描述的方便和简洁,这里省略了对已知方法的详细描述,并且上述描述的系统、模块和单元的具体工作过程,可以参考前述方法实施例中的对应过程,在此不再赘述。It should be clear that the present invention is not limited to the specific configurations and processes described in the above embodiments and shown in the figures. For the convenience and brevity of description, a detailed description of the known methods is omitted here, and the specific working processes of the systems, modules and units described above can refer to the corresponding processes in the aforementioned method embodiments, which will not be repeated here.
参照图8,本发明实施例提供一种电子设备,其包括:8, an embodiment of the present invention provides an electronic device, comprising:
一个或多个处理器801;One or more processors 801;
存储器802,其上存储有一个或多个程序,当一个或多个程序被一个或多个处理器执行,使得一个或多个处理器实现上述任意一项的认证方法;A memory 802 having one or more programs stored thereon, which, when executed by one or more processors, enables the one or more processors to implement any one of the above authentication methods;
一个或多个I/O接口803,连接在处理器801与存储器802之间,配置为实现处理器801与存储器802的信息交互。One or more I/O interfaces 803 are connected between the processor 801 and the memory 802 and are configured to implement information exchange between the processor 801 and the memory 802 .
其中,处理器801为具有数据处理能力的器件,其包括但不限于中央处理器(CPU)等;存储器802为具有数据存储能力的器件,其包括但不限于随机存取存储器(RAM,更具体如SDRAM、DDR等)、只读存储器(ROM)、带电可擦可编程只读存储器(EEPROM)、闪存(FLASH);I/O接口(读写接口)803连接在处理器801与存储器802间,能实现处理器801与存储器802的信息交互,其包括但不限于数据总线(Bus)等。Among them, the processor 801 is a device with data processing capabilities, including but not limited to a central processing unit (CPU), etc.; the memory 802 is a device with data storage capabilities, including but not limited to random access memory (RAM, more specifically SDRAM, DDR, etc.), read-only memory (ROM), electrically erasable programmable read-only memory (EEPROM), flash memory (FLASH); the I/O interface (read-write interface) 803 is connected between the processor 801 and the memory 802, and can realize information interaction between the processor 801 and the memory 802, including but not limited to a data bus (Bus), etc.
在一些实施例中,处理器801、存储器802和I/O接口803通过总线相互连接,进而与计算设备的其它组件连接。In some embodiments, the processor 801 , the memory 802 , and the I/O interface 803 are connected to each other through a bus, and further connected to other components of the computing device.
本实施例还提供一种计算机可读介质,其上存储有计算机程序,程序被处理器执行时实现本实施例提供的认证方法,为避免重复描述,在此不再赘述本实施例的认证方法的具体步骤。This embodiment further provides a computer-readable medium on which a computer program is stored. When the program is executed by a processor, the authentication method provided by this embodiment is implemented. To avoid repeated description, the specific steps of the authentication method of this embodiment are not repeated here.
本领域普通技术人员可以理解,上文中所发明方法中的全部或某些步骤、系统、装置中的功能模块/单元可以被实施为软件、固件、硬件及其适当的组合。在硬件实施方式中,在以上描述中提及的功能模块/单元之间的划分不一定对应于物理组件的划分;例如,一个物理组件可以具有多个功能,或者一个功能或步骤可以由若干物理组件合作执行。某些物理组件或所有物理组件可以被实施为由处理器,如中央处理器、数字信号处理器或微处理器执行的软件,或者被实施为硬件,或者被实施为集成电路,如专用集成电路。这样的软件可以分布在计算机可读介质上,计算机可读介质可以包括计算机存储介质(或非暂时性介质)和通信介质(或暂时性介质)。如本领域普通技术人员公知的,术语计算机存储介质包括在用于存储信息(诸如计算机可读指令、数据结构、程序模块或其它数据)的任何方法或技术中实施的易失性和非易失性、可移除和不可移除介质。计算机存储介质包括但不限于RAM、ROM、EEPROM、闪存或其它存储器技术、CD-ROM、数字多功能盘(DVD)或其它光盘存储、磁盒、磁带、磁盘存储或其它磁存储装置、或者可以用于存储期望的信息并且可以被计算机访问的任何其它的介质。此外,本领域普通技术人员公知的是,通信介质通常包含计算机可读指令、数据结构、程序模块或者诸如载波或其它传输机制之类的调制数据信号中的其它数据,并且可包括任何信息递送介质。It will be appreciated by those skilled in the art that all or some of the steps, systems, and functional modules/units in the invented method described above may be implemented as software, firmware, hardware, and appropriate combinations thereof. In hardware implementations, the division between the functional modules/units mentioned in the above description does not necessarily correspond to the division of physical components; for example, a physical component may have multiple functions, or a function or step may be performed by several physical components in cooperation. Some or all physical components may be implemented as software executed by a processor, such as a central processing unit, a digital signal processor, or a microprocessor, or implemented as hardware, or implemented as an integrated circuit, such as an application-specific integrated circuit. Such software may be distributed on a computer-readable medium, which may include a computer storage medium (or non-transitory medium) and a communication medium (or temporary medium). As known to those skilled in the art, the term computer storage medium includes volatile and non-volatile, removable and non-removable media implemented in any method or technology for storing information (such as computer-readable instructions, data structures, program modules, or other data). Computer storage media include, but are not limited to, RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, digital versatile disks (DVD) or other optical disk storage, magnetic cassettes, magnetic tapes, magnetic disk storage or other magnetic storage devices, or any other medium that can be used to store the desired information and can be accessed by a computer. In addition, it is well known to those skilled in the art that communication media typically contain computer-readable instructions, data structures, program modules, or other data in a modulated data signal such as a carrier wave or other transport mechanism, and may include any information delivery media.
需要说明的是,在本文中,术语“包括”、“包含”或者其任何其他变体意在涵盖非排他性的包含,从而使得包括一系列要素的过程、方法、物品或者装置不仅包括那些要素,而且还包括没有明确列出的其他要素,或者是还包括为这种过程、方法、物品或者装置所固有的要素。在没有更多限制的情况下,由语句“包括一个……”限定的要素,并不排除在包括该要素的过程、方法、物品或者装置中还存在另外的相同要素。It should be noted that, in this article, the terms "include", "comprises" or any other variations thereof are intended to cover non-exclusive inclusion, so that a process, method, article or device including a series of elements includes not only those elements, but also other elements not explicitly listed, or also includes elements inherent to such process, method, article or device. In the absence of further restrictions, an element defined by the sentence "comprises a ..." does not exclude the existence of other identical elements in the process, method, article or device including the element.
本领域的技术人员能够理解,尽管在此所述的一些实施例包括其它实施例中所包括的某些特征而不是其它特征,但是不同实施例的特征的组合意味着处于本实施例的范围之内并且形成不同的实施例。Those skilled in the art will appreciate that although some embodiments described herein include certain features included in other embodiments but not other features, the combination of features from different embodiments is meant to be within the scope of the present embodiment and to form different embodiments.
可以理解的是,以上实施方式仅仅是为了说明本发明的原理而采用的示例性实施方式,然而本发明并不局限于此。对于本领域内的普通技术人员而言,在不脱离本发明的精神和实质的情况下,可以做出各种变型和改进,这些变型和改进也视为本发明的保护范围。It is to be understood that the above embodiments are merely exemplary embodiments used to illustrate the principles of the present invention, but the present invention is not limited thereto. For those of ordinary skill in the art, various modifications and improvements can be made without departing from the spirit and essence of the present invention, and these modifications and improvements are also considered to be within the scope of protection of the present invention.
Claims (16)
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211064283.7A CN115442804B (en) | 2022-09-01 | 2022-09-01 | Authentication method, apparatus, and computer-readable medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211064283.7A CN115442804B (en) | 2022-09-01 | 2022-09-01 | Authentication method, apparatus, and computer-readable medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115442804A CN115442804A (en) | 2022-12-06 |
| CN115442804B true CN115442804B (en) | 2024-08-02 |
Family
ID=84243719
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211064283.7A Active CN115442804B (en) | 2022-09-01 | 2022-09-01 | Authentication method, apparatus, and computer-readable medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115442804B (en) |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP1909436A1 (en) * | 2006-10-03 | 2008-04-09 | International Business Machines Corporation | System and method of integrating a node into a virtual ring |
| CN114338086A (en) * | 2021-12-03 | 2022-04-12 | 浙江毫微米科技有限公司 | Identity authentication method and device |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20100153722A1 (en) * | 2008-12-11 | 2010-06-17 | International Business Machines Corporation | Method and system to prove identity of owner of an avatar in virtual world |
-
2022
- 2022-09-01 CN CN202211064283.7A patent/CN115442804B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP1909436A1 (en) * | 2006-10-03 | 2008-04-09 | International Business Machines Corporation | System and method of integrating a node into a virtual ring |
| CN114338086A (en) * | 2021-12-03 | 2022-04-12 | 浙江毫微米科技有限公司 | Identity authentication method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115442804A (en) | 2022-12-06 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111970129B (en) | Data processing method and device based on block chain and readable storage medium | |
| CN107770182B (en) | Data storage method of home gateway and home gateway | |
| US8813243B2 (en) | Reducing a size of a security-related data object stored on a token | |
| CN108064440A (en) | FIDO authentication method, device and system based on block chain | |
| KR20200034728A (en) | Computer-implemented system and method to enable secure storage of large-scale blockchain through multiple storage nodes | |
| CN113255014B (en) | Data processing method based on block chain and related equipment | |
| CN110602140A (en) | Encryption and decryption method and system for chip authorization | |
| CN110636037A (en) | No. 1 multi-card service application method, user node, operator system and blockchain | |
| CN101990201B (en) | Method, system and device for generating general bootstrapping architecture (GBA) secret key | |
| CN110324815A (en) | Activating method, server, terminal and the block chain network system that No.1 is blocked more | |
| WO2025031042A1 (en) | Data processing method and apparatus based on blockchain key, and device and storage medium | |
| CN114629684A (en) | Blockchain-based authorization token processing method, system, device and storage medium | |
| CN115426178B (en) | Calling method, calling device, electronic equipment and computer readable medium | |
| KR102667293B1 (en) | Method and appratus for providing blackchain-based secure messenger service | |
| CN115442804B (en) | Authentication method, apparatus, and computer-readable medium | |
| CN112150158B (en) | A blockchain transaction delivery verification method and device | |
| WO2020147854A1 (en) | Authentication method, apparatus and system, and storage medium | |
| CN103107881A (en) | Access method, device and system of smart card | |
| CN113114465B (en) | Processing method and device for attribution authority, storage medium, and electronic device | |
| CN115426183B (en) | Identity authentication method, device, equipment and computer readable medium | |
| CN115442123B (en) | Real-name authentication method, device, electronic equipment and computer readable medium | |
| CN116506138A (en) | Safe interaction method, device and related equipment | |
| CN112084485A (en) | Data acquisition method, device, equipment and computer storage medium | |
| CN115426179B (en) | Information retrieval method, device and electronic device | |
| CN118869361B (en) | Method, device and system for obtaining private data |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |