CN115515135A - Alliance communication method, system, device, equipment and storage medium - Google Patents
Alliance communication method, system, device, equipment and storage medium Download PDFInfo
- Publication number
- CN115515135A CN115515135A CN202211160397.1A CN202211160397A CN115515135A CN 115515135 A CN115515135 A CN 115515135A CN 202211160397 A CN202211160397 A CN 202211160397A CN 115515135 A CN115515135 A CN 115515135A
- Authority
- CN
- China
- Prior art keywords
- platform
- identity information
- user identity
- alliance
- target user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
- 238000004891 communication Methods 0.000 title claims abstract description 69
- 238000000034 method Methods 0.000 title claims abstract description 60
- 238000012795 verification Methods 0.000 claims abstract description 24
- 238000013507 mapping Methods 0.000 claims description 13
- 238000006243 chemical reaction Methods 0.000 claims description 12
- 238000004590 computer program Methods 0.000 claims description 4
- 238000005516 engineering process Methods 0.000 abstract description 12
- 238000012545 processing Methods 0.000 description 8
- 238000010586 diagram Methods 0.000 description 6
- 230000006870 function Effects 0.000 description 5
- 230000008569 process Effects 0.000 description 4
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 230000003287 optical effect Effects 0.000 description 3
- 230000006978 adaptation Effects 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 2
- 238000007726 management method Methods 0.000 description 2
- 230000009471 action Effects 0.000 description 1
- 238000003491 array Methods 0.000 description 1
- 238000013473 artificial intelligence Methods 0.000 description 1
- 230000003190 augmentative effect Effects 0.000 description 1
- 238000007796 conventional method Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 230000000644 propagated effect Effects 0.000 description 1
- 239000013589 supplement Substances 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0815—Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/03—Protecting confidentiality, e.g. by encryption
- H04W12/033—Protecting confidentiality, e.g. by encryption of the user plane, e.g. user's traffic
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Information Transfer Between Computers (AREA)
Abstract
本公开提供了一种联盟通信方法、系统、装置、设备及存储介质,涉及计算机技术领域。该方法包括获取用户的访问请求,访问请求包括用户身份信息以及访问平台标识,根据访问平台标识确定访问平台标识对应的第二平台,第二平台包括当前联盟外,其他联盟下的平台,根据第二平台以及用户身份信息生成用于访问第二平台的目标用户身份信息,将目标用户身份信息发送至第二平台,以使第二平台对目标用户身份信息进行验证,在第二平台对目标用户身份信息验证通过的情况下,将验证通过消息发送至用户,以使用户基于目标用户身份信息对第二平台进行访问。克服了当前多个联盟之间通信不成熟的问题。
The disclosure provides an alliance communication method, system, device, equipment and storage medium, and relates to the field of computer technology. The method includes acquiring a user's access request, where the access request includes user identity information and an access platform identifier, and determining a second platform corresponding to the access platform identifier according to the access platform identifier, the second platform includes platforms under other alliances other than the current alliance, according to the first The second platform and user identity information generate the target user identity information for accessing the second platform, and send the target user identity information to the second platform, so that the second platform can verify the target user identity information, and then verify the target user identity information on the second platform. If the identity information is verified successfully, a verification pass message is sent to the user, so that the user can access the second platform based on the identity information of the target user. Overcomes the current immature communication between multiple alliances.
Description
技术领域technical field
本公开涉及计算机技术领域,尤其涉及一种联盟通信方法、系统、装置、设备及存储介质。The present disclosure relates to the field of computer technology, and in particular to an alliance communication method, system, device, equipment and storage medium.
背景技术Background technique
随着信息化社会的进一步深入,当前的业务量逐渐增多。为了对大量的业务进行处理,多平台协同服务应运而生。With the further deepening of the information society, the current business volume is gradually increasing. In order to process a large number of businesses, multi-platform collaborative services emerged as the times require.
为了实现多平台协同服务,需要在多个平台之间建立信任。在多个平台建立信任之后,进行多个平台之间的通信。但是当前的通信仅限于在一个联盟内多个平台之间的通信,如何在多个联盟之间进行通信,是当前亟待解决的问题。In order to realize multi-platform collaborative services, trust needs to be established between multiple platforms. After multiple platforms have established trust, communication between multiple platforms takes place. However, the current communication is limited to the communication between multiple platforms in one alliance. How to communicate between multiple alliances is an urgent problem to be solved.
发明内容Contents of the invention
本公开提供一种联盟通信方法、系统、装置、设备及存储介质,至少在一定程度上克服了当前多个联盟之间通信不成熟的问题。The present disclosure provides an alliance communication method, system, device, device, and storage medium, which overcomes the current problem of immature communication among multiple alliances at least to a certain extent.
本公开的其他特性和优点将通过下面的详细描述变得显然,或部分地通过本公开的实践而习得。Other features and advantages of the present disclosure will become apparent from the following detailed description, or in part, be learned by practice of the present disclosure.
根据本公开的一个方面,提供一种联盟通信方法,应用于联盟下的第一平台,方法包括:According to one aspect of the present disclosure, there is provided a federation communication method applied to a first platform under the federation, the method comprising:
获取用户的访问请求,访问请求包括用户身份信息以及访问平台标识;Obtain the user's access request, which includes user identity information and access platform identification;
根据访问平台标识确定访问平台标识对应的第二平台,第二平台包括当前联盟外,其他联盟下的平台;Determine the second platform corresponding to the access platform identifier according to the access platform identifier, where the second platform includes platforms under other alliances other than the current alliance;
根据第二平台以及用户身份信息生成用于访问第二平台的目标用户身份信息;generating target user identity information for accessing the second platform according to the second platform and the user identity information;
将目标用户身份信息发送至第二平台,以使第二平台对目标用户身份信息进行验证;Sending the target user identity information to the second platform, so that the second platform verifies the target user identity information;
在第二平台对目标用户身份信息验证通过的情况下,将验证通过消息发送至用户,以使用户基于目标用户身份信息对第二平台进行访问。When the second platform passes the verification of the target user's identity information, a verification pass message is sent to the user, so that the user can access the second platform based on the target user's identity information.
在本公开的一个实施例中,在根据第二平台以及用户身份信息生成用于访问第二平台的目标用户身份信息之前,方法还包括:In an embodiment of the present disclosure, before generating target user identity information for accessing the second platform according to the second platform and the user identity information, the method further includes:
根据映射规则与智能合约生成身份转换规则,其中,映射规则与智能合约是由第一平台与第二平台协商构建的;Generate identity conversion rules according to the mapping rules and smart contracts, wherein the mapping rules and smart contracts are negotiated and constructed by the first platform and the second platform;
根据第二平台以及用户身份信息生成用于访问第二平台的目标用户身份信息,包括:Generate target user identity information for accessing the second platform according to the second platform and user identity information, including:
根据第二平台、用户身份信息以及身份转换规则生成用于访问第二平台的目标用户身份信息。Generate target user identity information for accessing the second platform according to the second platform, user identity information, and identity conversion rules.
在本公开的一个实施例中,智能合约包括:联盟平台身份元数据、联盟平台地址、联盟公钥以及联盟平台节点生成规则。In one embodiment of the present disclosure, the smart contract includes: alliance platform identity metadata, alliance platform address, alliance public key, and alliance platform node generation rules.
在本公开的一个实施例中,用户身份信息包括:In one embodiment of the present disclosure, user identity information includes:
用户在第一平台角色信息、用户在第一平台属性信息以及用户在第一平台的标识。The user's role information on the first platform, the user's attribute information on the first platform, and the user's identification on the first platform.
在本公开的一个实施例中,目标用户身份信息包括:In an embodiment of the present disclosure, the target user identity information includes:
用户在第二平台角色信息、用户在第二平台属性信息以及用户在第二平台的标识。The user's role information on the second platform, the user's attribute information on the second platform, and the user's identification on the second platform.
在本公开的一个实施例中,在将目标用户身份信息发送至第二平台,以使第二平台对目标用户身份信息进行验证之前,方法还包括:In an embodiment of the present disclosure, before sending the target user identity information to the second platform, so that the second platform verifies the target user identity information, the method further includes:
将目标用户身份信息利用私钥进行加密,得到加密后的目标用户身份信息;Encrypt the identity information of the target user with a private key to obtain the encrypted identity information of the target user;
将目标用户身份信息发送至第二平台,以使第二平台对目标用户身份信息进行验证,包括:Sending the identity information of the target user to the second platform, so that the second platform can verify the identity information of the target user, including:
将加密后的目标用户身份信息发送至第二平台,以使第二平台根据公钥对加密后的目标用户身份信息解密并会对解密后得到的目标用户身份信息进行验证。Send the encrypted target user identity information to the second platform, so that the second platform decrypts the encrypted target user identity information according to the public key and verifies the decrypted target user identity information.
根据本公开的另一个方面,提供一种联盟通信系统,系统应用于联盟下的第一平台,系统包括:获取装置、发送装置以及多个联盟身份提供装置,每个联盟身份提供装置对应一个平台;According to another aspect of the present disclosure, an alliance communication system is provided. The system is applied to the first platform under the alliance. The system includes: an acquisition device, a sending device, and a plurality of alliance identity providing devices, and each alliance identity providing device corresponds to a platform ;
获取装置,用于获取用户的访问请求,访问请求包括用户身份信息以及访问平台标识,根据访问平台标识确定访问平台标识对应的第二平台,第二平台包括当前联盟外,其他联盟下的平台,根据第二平台确定与第二平台对应的联盟身份提供装置,并将用户身份信息发送至联盟身份提供装置;The obtaining device is used to obtain the user's access request. The access request includes user identity information and the access platform identifier, and determines the second platform corresponding to the access platform identifier according to the access platform identifier. The second platform includes platforms under other alliances outside the current alliance, determining the federated identity providing device corresponding to the second platform according to the second platform, and sending the user identity information to the federated identity providing device;
联盟身份提供装置,用于根据第二平台以及用户身份信息生成用于访问第二平台的目标用户身份信息并将目标身份信息发送至发送装置;The alliance identity providing device is used to generate target user identity information for accessing the second platform according to the second platform and user identity information and send the target identity information to the sending device;
发送装置,用于将目标用户身份信息发送至第二平台,以使第二平台对目标用户身份信息进行验证,在第二平台对目标用户身份信息验证通过的情况下,将验证通过消息发送至用户,以使用户基于目标用户身份信息对第二平台进行访问。The sending device is used to send the target user identity information to the second platform, so that the second platform can verify the target user identity information, and when the second platform passes the verification of the target user identity information, send a verification message to A user, so that the user accesses the second platform based on the target user identity information.
根据本公开的再一个方面,提供一种联盟通信装置,应用于联盟下的第一平台,装置包括:According to still another aspect of the present disclosure, an alliance communication device is provided, which is applied to a first platform under the alliance, and the device includes:
获取模块,用于获取用户的访问请求,访问请求包括用户身份信息以及访问平台标识;The obtaining module is used to obtain the user's access request, and the access request includes user identity information and access platform identification;
确定模块,用于根据访问平台标识确定访问平台标识对应的第二平台,第二平台包括当前联盟外,其他联盟下的平台;A determining module, configured to determine a second platform corresponding to the access platform identifier according to the access platform identifier, where the second platform includes platforms under other alliances other than the current alliance;
第一生成模块,用于根据第二平台以及用户身份信息生成用于访问第二平台的目标用户身份信息;The first generation module is used to generate target user identity information for accessing the second platform according to the second platform and user identity information;
第一发送模块,用于将目标用户身份信息发送至第二平台,以使第二平台对目标用户身份信息进行验证;The first sending module is configured to send the target user identity information to the second platform, so that the second platform verifies the target user identity information;
第二发送模块,在第二平台对目标用户身份信息验证通过的情况下,用于将验证通过消息发送至用户,以使用户基于目标用户身份信息对第二平台进行访问。The second sending module is configured to send a verification pass message to the user when the second platform passes the verification of the target user's identity information, so that the user can access the second platform based on the target user's identity information.
在本公开的一个实施例中,联盟通信装置还包括:In an embodiment of the present disclosure, the alliance communication device further includes:
第二生成模块,在根据第二平台以及用户身份信息生成用于访问第二平台的目标用户身份信息之前,用于根据映射规则与智能合约生成身份转换规则,其中,映射规则与智能合约是由第一平台与第二平台协商构建的;The second generation module is used to generate identity conversion rules according to mapping rules and smart contracts before generating target user identity information for accessing the second platform according to the second platform and user identity information, wherein the mapping rules and smart contracts are determined by The first platform and the second platform are negotiated and constructed;
第一生成模块,包括:The first build module, including:
第一生成单元,用于根据第二平台、用户身份信息以及身份转换规则生成用于访问第二平台的目标用户身份信息。The first generating unit is configured to generate target user identity information for accessing the second platform according to the second platform, user identity information, and identity conversion rules.
在本公开的一个实施例中,智能合约包括:联盟平台身份元数据、联盟平台地址、联盟公钥以及联盟平台节点生成规则。In one embodiment of the present disclosure, the smart contract includes: alliance platform identity metadata, alliance platform address, alliance public key, and alliance platform node generation rules.
在本公开的一个实施例中,用户身份信息包括:In one embodiment of the present disclosure, user identity information includes:
用户在第一平台角色信息、用户在第一平台属性信息以及用户在第一平台的标识。The user's role information on the first platform, the user's attribute information on the first platform, and the user's identification on the first platform.
在本公开的一个实施例中,目标用户身份信息包括:In an embodiment of the present disclosure, the target user identity information includes:
用户在第二平台角色信息、用户在第二平台属性信息以及用户在第二平台的标识。The user's role information on the second platform, the user's attribute information on the second platform, and the user's identification on the second platform.
在本公开的一个实施例中,联盟通信装置还包括:In an embodiment of the present disclosure, the alliance communication device further includes:
加密模块,用于在将目标用户身份信息发送至第二平台,以使第二平台对目标用户身份信息进行验证之前,用于将目标用户身份信息利用私钥进行加密,得到加密后的目标用户身份信息;An encryption module, used to encrypt the target user identity information with a private key before sending the target user identity information to the second platform so that the second platform verifies the target user identity information to obtain the encrypted target user Identity Information;
第三发送模块,用于将目标用户身份信息发送至第二平台,以使第二平台对目标用户身份信息进行验证,包括:The third sending module is configured to send the target user identity information to the second platform, so that the second platform verifies the target user identity information, including:
第四发送模块,用于将加密后的目标用户身份信息发送至第二平台,以使第二平台根据公钥对加密后的目标用户身份信息解密并会对解密后得到的目标用户身份信息进行验证。The fourth sending module is used to send the encrypted target user identity information to the second platform, so that the second platform can decrypt the encrypted target user identity information according to the public key and perform decryption on the decrypted target user identity information. verify.
根据本公开的再一个方面,提供一种电子设备,包括:处理器;以及存储器,用于存储处理器的可执行指令;其中,处理器配置为经由执行可执行指令来执行上述的联盟通信方法。According to another aspect of the present disclosure, there is provided an electronic device, including: a processor; and a memory for storing executable instructions of the processor; wherein, the processor is configured to execute the above-mentioned alliance communication method by executing the executable instructions .
根据本公开的又一个方面,提供一种计算机可读存储介质,其上存储有计算机程序,计算机程序被处理器执行时实现上述的联盟通信方法。According to yet another aspect of the present disclosure, a computer-readable storage medium is provided, on which a computer program is stored, and when the computer program is executed by a processor, the above-mentioned alliance communication method is implemented.
本公开的实施例所提供的联盟通信方法,应用于联盟下的第一平台,通过获取用户的访问请求,然后根据访问请求中包含的用户身份信息以及访问平台标识生成用于访问第二平台的目标用户身份信息,然后将目标用户身份信息发送至第二平台,以使第二平台对目标用户身份信息进行验证,在验证通过的情况下,可以使用户根据目标用户身份信息对第二平台进行访问,由此,可以使得第一平台下的用户能够对第二平台进行访问,打通了不同联盟之间的通信渠道。使得不同联盟之间通信的技术变得进一步成熟。The consortium communication method provided by the embodiments of the present disclosure is applied to the first platform under the consortium, by obtaining the user's access request, and then generating the access request for accessing the second platform according to the user identity information and the access platform identifier contained in the access request. Target user identity information, and then send the target user identity information to the second platform, so that the second platform can verify the target user identity information. Access, thus, enables users under the first platform to access the second platform, and opens up communication channels between different alliances. The technology to enable communication between different alliances has further matured.
应当理解的是,以上的一般描述和后文的细节描述仅是示例性和解释性的,并不能限制本公开。It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the present disclosure.
附图说明Description of drawings
此处的附图被并入说明书中并构成本说明书的一部分,示出了符合本公开的实施例,并与说明书一起用于解释本公开的原理。显而易见地,下面描述中的附图仅仅是本公开的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the disclosure and together with the description serve to explain the principles of the disclosure. Apparently, the drawings in the following description are only some embodiments of the present disclosure, and those skilled in the art can obtain other drawings according to these drawings without creative efforts.
图1示出本公开实施例中一种联盟通信系统结构的示意图;FIG. 1 shows a schematic diagram of the structure of an alliance communication system in an embodiment of the present disclosure;
图2示出本公开实施例中一种联盟通信方法流程图;FIG. 2 shows a flow chart of an alliance communication method in an embodiment of the present disclosure;
图3示出本公开实施例中另一种联盟通信方法流程图;FIG. 3 shows a flow chart of another alliance communication method in an embodiment of the present disclosure;
图4示出本公开实施例中再一种联盟通信方法流程图;FIG. 4 shows a flow chart of yet another alliance communication method in an embodiment of the present disclosure;
图5示出本公开实施例中又一种联盟通信方法流程图;FIG. 5 shows a flowchart of another alliance communication method in an embodiment of the present disclosure;
图6示出本公开实施例中一种联盟通信装置示意图;和FIG. 6 shows a schematic diagram of an alliance communication device in an embodiment of the present disclosure; and
图7示出本公开实施例中一种电子设备的结构框图。Fig. 7 shows a structural block diagram of an electronic device in an embodiment of the present disclosure.
具体实施方式detailed description
现在将参考附图更全面地描述示例实施方式。然而,示例实施方式能够以多种形式实施,且不应被理解为限于在此阐述的范例;相反,提供这些实施方式使得本公开将更加全面和完整,并将示例实施方式的构思全面地传达给本领域的技术人员。所描述的特征、结构或特性可以以任何合适的方式结合在一个或更多实施方式中。Example embodiments will now be described more fully with reference to the accompanying drawings. Example embodiments may, however, be embodied in many forms and should not be construed as limited to the examples set forth herein; rather, these embodiments are provided so that this disclosure will be thorough and complete and will fully convey the concept of example embodiments to those skilled in the art. The described features, structures, or characteristics may be combined in any suitable manner in one or more embodiments.
此外,附图仅为本公开的示意性图解,并非一定是按比例绘制。图中相同的附图标记表示相同或类似的部分,因而将省略对它们的重复描述。附图中所示的一些方框图是功能实体,不一定必须与物理或逻辑上独立的实体相对应。可以采用软件形式来实现这些功能实体,或在一个或多个硬件模块或集成电路中实现这些功能实体,或在不同网络和/或处理器装置和/或微控制器装置中实现这些功能实体。Furthermore, the drawings are merely schematic illustrations of the present disclosure and are not necessarily drawn to scale. The same reference numerals in the drawings denote the same or similar parts, and thus repeated descriptions thereof will be omitted. Some of the block diagrams shown in the drawings are functional entities and do not necessarily correspond to physically or logically separate entities. These functional entities may be implemented in software, or in one or more hardware modules or integrated circuits, or in different network and/or processor means and/or microcontroller means.
应当理解,本公开的方法实施方式中记载的各个步骤可以按照不同的顺序执行,和/或并行执行。此外,方法实施方式可以包括附加的步骤和/或省略执行示出的步骤。本公开的范围在此方面不受限制。It should be understood that the various steps described in the method implementations of the present disclosure may be executed in different orders, and/or executed in parallel. Additionally, method embodiments may include additional steps and/or omit performing illustrated steps. The scope of the present disclosure is not limited in this regard.
需要注意,本公开中提及的“第一”、“第二”等概念仅用于对不同的装置、模块或单元进行区分,并非用于限定这些装置、模块或单元所执行的功能的顺序或者相互依存关系。It should be noted that concepts such as "first" and "second" mentioned in this disclosure are only used to distinguish different devices, modules or units, and are not used to limit the sequence of functions performed by these devices, modules or units or interdependence.
需要注意,本公开中提及的“一个”、“多个”的修饰是示意性而非限制性的,本领域技术人员应当理解,除非在上下文另有明确指出,否则应该理解为“一个或多个”。It should be noted that the modifications of "one" and "multiple" mentioned in the present disclosure are illustrative and not restrictive, and those skilled in the art should understand that unless the context clearly indicates otherwise, it should be understood as "one or more" multiple".
随着信息化社会的进一步深入,当前的业务量逐渐增多。为了对大量的业务进行处理,多平台协同服务应运而生。With the further deepening of the information society, the current business volume is gradually increasing. In order to process a large number of businesses, multi-platform collaborative services emerged as the times require.
为了实现多平台协同服务,现有技术提出了一种联合身份认证方案,联合身份认证方案是一种可选的多平台协同时身份认证方案,管理员在多个平台中手动配置身份提供商和可信身份提供商列表,身份提供商就用户身份生成安全断言,平台信任可信身份提供商列表中的身份提供商生成的安全断言,从而实现用户仅需使用一个账户就能登录联盟内的多个平台的效果。但该方案更适用于单联盟场景,在多联盟共存场景中存在身份配置复杂、单点故障风险高等缺点。In order to realize multi-platform collaborative services, the existing technology proposes a joint identity authentication scheme, which is an optional multi-platform collaborative identity authentication scheme, and administrators manually configure identity providers and identity providers in multiple platforms. The trusted identity provider list, the identity provider generates a security assertion on the user's identity, and the platform trusts the security assertion generated by the identity provider in the trusted identity provider list, so that the user only needs to use one account to log in to multiple accounts in the alliance. effect of the platform. However, this solution is more suitable for single-confederation scenarios. In multi-confederation coexistence scenarios, there are disadvantages such as complex identity configuration and high risk of single point of failure.
为了解决上述问题,本公开实施例提供了一种联盟通信方法、系统、装置、设备及存储介质。In order to solve the above problems, the embodiments of the present disclosure provide an alliance communication method, system, device, equipment and storage medium.
图1示出了本公开实施例中一种联盟通信系统结构图。Fig. 1 shows a structural diagram of an alliance communication system in an embodiment of the present disclosure.
如图1所示,联盟通信系统应用于联盟下的第一平台,联盟通信系统可以包括:As shown in Figure 1, the alliance communication system is applied to the first platform under the alliance, and the alliance communication system may include:
获取装置102、发送装置104以及多个联盟身份提供装置106,每个联盟身份提供装置106对应一个平台;The obtaining means 102, the sending means 104, and a plurality of federated
获取装置102,用于获取用户的访问请求,访问请求包括用户身份信息以及访问平台标识,根据访问平台标识确定访问平台标识对应的第二平台,第二平台包括当前联盟外,其他联盟下的平台,根据第二平台确定与第二平台对应的联盟身份提供装置,并将用户身份信息发送至联盟身份提供装置106;The obtaining means 102 is used to obtain the user's access request. The access request includes the user identity information and the access platform identification, and determines the second platform corresponding to the access platform identification according to the access platform identification. The second platform includes platforms under other alliances other than the current alliance. , determining the federated identity providing device corresponding to the second platform according to the second platform, and sending the user identity information to the federated
联盟身份提供装置106,用于根据第二平台以及用户身份信息生成用于访问第二平台的目标用户身份信息并将目标身份信息发送至发送装置104;Alliance
发送装置104,用于将目标用户身份信息发送至第二平台,以使第二平台对目标用户身份信息进行验证,在第二平台对目标用户身份信息验证通过的情况下,将验证通过消息发送至用户,以使用户基于目标用户身份信息对第二平台进行访问。The sending
需要说明的是,多个联盟身份提供装置106中,每个联盟身份提供装置106可以分别对应的一个平台。It should be noted that among the plurality of federated
需要说明的是,第二平台与第一平台可以为同一联盟下的平台,可以以为不同联盟下的平台。It should be noted that the second platform and the first platform may be platforms under the same alliance, or may be platforms under different alliances.
需要说明的是,第一平台、获取装置102、发送装置104以及多个联盟身份提供装置106均可以设置在在服务器或终端设备上。It should be noted that the first platform, the obtaining means 102, the sending means 104 and the plurality of alliance identity providing means 106 can all be set on a server or a terminal device.
终端设备可以是各种电子设备,包括但不限于智能手机、平板电脑、膝上型便携计算机、台式计算机、可穿戴设备、增强现实设备、虚拟现实设备等。Terminal devices may be various electronic devices, including but not limited to smart phones, tablet computers, laptop computers, desktop computers, wearable devices, augmented reality devices, virtual reality devices, and the like.
可选地,不同的终端设备中安装的应用程序的客户端是相同的,或基于不同操作系统的同一类型应用程序的客户端。基于终端平台的不同,该应用程序的客户端的具体形态也可以不同,比如,该应用程序客户端可以是手机客户端、PC客户端等。Optionally, clients of application programs installed in different terminal devices are the same, or clients of the same type of application programs based on different operating systems. Based on different terminal platforms, the specific form of the client of the application program may also be different, for example, the client of the application program may be a mobile phone client, a PC client, and the like.
服务器可以是提供各种服务的服务器,例如对用户利用终端设备所进行操作的装置提供支持的后台管理服务器。后台管理服务器可以对接收到的请求等数据进行分析等处理,并将处理结果反馈给终端设备。The server may be a server that provides various services, such as a background management server that provides support for devices operated by users using terminal equipment. The background management server can analyze and process the received data such as requests, and feed back the processing results to the terminal device.
可选地,服务器可以是独立的物理服务器,也可以是多个物理服务器构成的服务器集群或者分布式系统,还可以是提供云服务、云数据库、云计算、云函数、云存储、网络服务、云通信、中间件服务、域名服务、安全服务、CDN(Content Delivery Network,内容分发网络)、以及大数据和人工智能平台等基础云计算服务的云服务器。终端可以是智能手机、平板电脑、笔记本电脑、台式计算机、智能音箱、智能手表等,但并不局限于此。终端以及服务器可以通过有线或无线通信方式进行直接或间接地连接,本申请在此不做限制。Optionally, the server can be an independent physical server, or a server cluster or a distributed system composed of multiple physical servers, and can also provide cloud services, cloud databases, cloud computing, cloud functions, cloud storage, network services, Cloud servers for basic cloud computing services such as cloud communications, middleware services, domain name services, security services, CDN (Content Delivery Network, content distribution network), and big data and artificial intelligence platforms. The terminal may be a smart phone, a tablet computer, a laptop computer, a desktop computer, a smart speaker, a smart watch, etc., but is not limited thereto. The terminal and the server may be connected directly or indirectly through wired or wireless communication, which is not limited in this application.
可选地,上述的无线网络或有线网络使用标准通信技术和/或协议。网络通常为因特网、但也可以是任何网络,包括但不限于局域网(Local Area Network,LAN)、城域网(Metropolitan Area Network,MAN)、广域网(Wide Area Network,WAN)、移动、有线或者无线网络、专用网络或者虚拟专用网络的任何组合)。在一些实施例中,使用包括超文本标记语言(Hyper Text Mark-up Language,HTML)、可扩展标记语言(ExtensibleMarkupLanguage,XML)等的技术和/或格式来代表通过网络交换的数据。此外还可以使用诸如安全套接字层(Secure Socket Layer,SSL)、传输层安全(Transport Layer Security,TLS)、虚拟专用网络(Virtual Private Network,VPN)、网际协议安全(InternetProtocolSecurity,IPsec)等常规加密技术来加密所有或者一些链路。在另一些实施例中,还可以使用定制和/或专用数据通信技术取代或者补充上述数据通信技术。Optionally, the aforementioned wireless network or wired network uses standard communication technologies and/or protocols. The network is usually the Internet, but can be any network, including but not limited to Local Area Network (LAN), Metropolitan Area Network (MAN), Wide Area Network (WAN), mobile, wired or wireless network, private network, or any combination of virtual private networks). In some embodiments, data exchanged over a network is represented using technologies and/or formats including Hyper Text Mark-up Language (HTML), Extensible Markup Language (XML), and the like. In addition, conventional methods such as Secure Socket Layer (Secure Socket Layer, SSL), Transport Layer Security (Transport Layer Security, TLS), Virtual Private Network (Virtual Private Network, VPN), Internet Protocol Security (Internet Protocol Security, IPsec) can also be used. Encryption technology to encrypt all or some links. In some other embodiments, customized and/or dedicated data communication technologies may also be used to replace or supplement the above data communication technologies.
本公开实施例所提供的联盟通信系统中,通过获取装置,获取用户的访问请求,然后通过联盟身份提供装置根据访问请求中包含的用户身份信息以及访问平台标识生成用于访问第二平台的目标用户身份信息,然后又发送装置将目标用户身份信息发送至第二平台,以使第二平台对目标用户身份信息进行验证,在验证通过的情况下,可以使用户根据目标用户身份信息对第二平台进行访问,由此,可以使得第一平台下的用户能够对第二平台进行访问,打通了不同联盟之间的通信渠道。使得不同联盟之间通信的技术变得进一步成熟。In the alliance communication system provided by the embodiment of the present disclosure, the access request of the user is obtained through the acquisition device, and then the target for accessing the second platform is generated by the alliance identity providing device according to the user identity information and the access platform identifier contained in the access request. User identity information, and then the sending device sends the target user identity information to the second platform, so that the second platform can verify the target user identity information. Platform access, thereby enabling users under the first platform to access the second platform, opening up communication channels between different alliances. The technology to enable communication between different alliances has further matured.
基于相同的发明构思,本公开实施例中还提供了一种联盟通信方法。该方法应用于联盟下的第一平台。Based on the same inventive concept, an embodiment of the present disclosure also provides an alliance communication method. This method is applied to the first platform under the alliance.
图2示出了本公开实施例中一种联盟通信方法流程图。Fig. 2 shows a flow chart of an alliance communication method in an embodiment of the present disclosure.
如图2所示,该方法可以包括:As shown in Figure 2, the method may include:
S202,获取用户的访问请求,访问请求包括用户身份信息以及访问平台标识。S202. Obtain an access request of the user, where the access request includes user identity information and an access platform identifier.
需要说明的是,用户身份信息可以包括用户在第一平台角色信息、用户在第一平台属性信息以及用户在第一平台的标识。It should be noted that the user identity information may include the user's role information on the first platform, the user's attribute information on the first platform, and the user's identification on the first platform.
访问平台标识可以包括用户待访问的平台的名称、角色、地址以及参数,访问平台标识是可以将当前平台与其他平台进行区分的标识。The access platform identifier may include the name, role, address and parameters of the platform to be accessed by the user, and the access platform identifier is an identifier that can distinguish the current platform from other platforms.
可以理解的是,待访问的平台可以是其他联盟下的平台,在这种情况下,访问平台标识可以包括待访问平台对应的联盟的标识。It can be understood that the platform to be accessed may be a platform under another federation, and in this case, the identifier of the accessed platform may include an identifier of the federation corresponding to the platform to be accessed.
S204,根据访问平台标识确定访问平台标识对应的第二平台,第二平台包括当前联盟外,其他联盟下的平台。S204. Determine a second platform corresponding to the access platform identifier according to the access platform identifier, where the second platform includes platforms under other alliances other than the current alliance.
需要说明的是,第一平台中可以预先存储多个其他平台与其他平台之间标识的对应关系。It should be noted that the first platform may pre-store multiple correspondences between other platforms and identifiers between other platforms.
然后通过上述对应关系以及平台标识确定对应的平台。Then, the corresponding platform is determined through the above correspondence and the platform identifier.
S206,根据第二平台以及用户身份信息生成用于访问第二平台的目标用户身份信息。S206. Generate target user identity information for accessing the second platform according to the second platform and the user identity information.
需要说明的是,可以根据第二平台访问规则与用户身份信息生成目标用户身份信息。It should be noted that the target user identity information may be generated according to the second platform access rules and user identity information.
S208,将目标用户身份信息发送至第二平台,以使第二平台对目标用户身份信息进行验证。S208. Send the target user identity information to the second platform, so that the second platform verifies the target user identity information.
需要说明的是,第二平台对目标用户身份信息进行验证可以包括第二平台根据目标用户身份信息确定用户身份信息,然后根据预先存储的第一平台中的多个用户身份信息第上述的用户身份信息进行验证。It should be noted that the verification of the target user identity information by the second platform may include that the second platform determines the user identity information according to the target user identity information, and then ranks the above-mentioned user identity information according to the pre-stored multiple user identity information in the first platform. The information is verified.
S210,在第二平台对目标用户身份信息验证通过的情况下,将验证通过消息发送至用户,以使用户基于目标用户身份信息对第二平台进行访问。S210. When the second platform passes the verification of the target user's identity information, send a verification pass message to the user, so that the user accesses the second platform based on the target user's identity information.
需要说明的是,用户身份信息只能作为对第一平台进行访问的凭证,而,目标用户身份信息可以作为对第二平台进行访问的凭证。It should be noted that the user identity information can only be used as a credential for accessing the first platform, while the target user identity information can be used as a credential for accessing the second platform.
本公开的实施例所提供的联盟通信方法,应用于联盟下的第一平台,通过获取用户的访问请求,然后根据访问请求中包含的用户身份信息以及访问平台标识生成用于访问第二平台的目标用户身份信息,然后将目标用户身份信息发送至第二平台,以使第二平台对目标用户身份信息进行验证,在验证通过的情况下,可以使用户根据目标用户身份信息对第二平台进行访问,由此,可以使得第一平台下的用户能够对第二平台进行访问,打通了不同联盟之间的通信渠道。使得不同联盟之间通信的技术变得进一步成熟。The consortium communication method provided by the embodiments of the present disclosure is applied to the first platform under the consortium, by obtaining the user's access request, and then generating the access request for accessing the second platform according to the user identity information and the access platform identifier contained in the access request. Target user identity information, and then send the target user identity information to the second platform, so that the second platform can verify the target user identity information. Access, thus, enables users under the first platform to access the second platform, and opens up communication channels between different alliances. The technology to enable communication between different alliances has further matured.
基于相同的发明构思,本公开实施例提供了另一种联盟通信方法。Based on the same inventive concept, the embodiment of the present disclosure provides another alliance communication method.
图3示出了本公开实施例中另一种联盟通信方法流程图。Fig. 3 shows a flow chart of another alliance communication method in an embodiment of the present disclosure.
如图3所示,本公开实施例中的联盟通信方法与上述实施例中的联盟通信方法的区别在于,本公开实施例中的联盟通信方法在S206之前,还可以包括:As shown in FIG. 3 , the difference between the alliance communication method in the embodiment of the present disclosure and the alliance communication method in the above embodiments is that, before S206, the alliance communication method in the embodiment of the disclosure may further include:
S302,根据映射规则与智能合约生成身份转换规则,其中,映射规则与智能合约是由第一平台与第二平台协商构建的。S302. Generate an identity conversion rule according to the mapping rule and the smart contract, wherein the mapping rule and the smart contract are negotiated and constructed by the first platform and the second platform.
需要说明的是,第一平台与第二平台可以预先对智能合约进行协商,在对智能合约协商完毕后,分别将智能合约进行存储。It should be noted that the first platform and the second platform can negotiate the smart contract in advance, and store the smart contract respectively after the negotiation of the smart contract is completed.
映射规则可以包括不同平台之间的身份信息。Mapping rules can include identity information between different platforms.
需要说明的是,映射规则可以包括由用户配置的映射规则。It should be noted that the mapping rules may include mapping rules configured by users.
需要说明的是,智能合约包括:联盟平台身份元数据、联盟平台地址、联盟公钥以及联盟平台节点生成规则。It should be noted that the smart contract includes: alliance platform identity metadata, alliance platform address, alliance public key, and alliance platform node generation rules.
其中,联盟平台身份元数据可以包括多个联盟中,每个联盟对应的多个平台下的平台角色、平台属性以及平台标识数据。Wherein, the alliance platform identity metadata may include platform roles, platform attributes, and platform identification data of multiple platforms corresponding to each alliance among multiple alliances.
需要说明的是,同一平台中可以存储有多个身份转换规则,每个身份转换规则可以对应除当前平台外的任意一个平台。It should be noted that multiple identity conversion rules can be stored in the same platform, and each identity conversion rule can correspond to any platform except the current platform.
根据第二平台以及用户身份信息生成用于访问第二平台的目标用户身份信息,包括:Generate target user identity information for accessing the second platform according to the second platform and user identity information, including:
根据第二平台、用户身份信息以及身份转换规则生成用于访问第二平台的目标用户身份信息。Generate target user identity information for accessing the second platform according to the second platform, user identity information, and identity conversion rules.
需要说明的是,目标用户身份信息包括:It should be noted that the target user identity information includes:
用户在第二平台角色信息、用户在第二平台属性信息以及用户在第二平台的标识。The user's role information on the second platform, the user's attribute information on the second platform, and the user's identification on the second platform.
基于相同的发明构思,本公开实施例提供了再一种联盟通信方法。Based on the same inventive concept, the embodiment of the present disclosure provides another alliance communication method.
图4示出了本公开实施例中再一种联盟通信方法流程图。Fig. 4 shows a flowchart of another federated communication method in an embodiment of the present disclosure.
如图4所示,本公开实施例中的联盟通信方法与上述实施例中的联盟通信方法的区别在于,本公开实施例中的联盟通信方法在S208之前,还可以包括:As shown in FIG. 4 , the difference between the alliance communication method in the embodiment of the present disclosure and the alliance communication method in the foregoing embodiments is that, before S208, the alliance communication method in the embodiment of the disclosure may further include:
S402,将目标用户身份信息利用私钥进行加密,得到加密后的目标用户身份信息。S402. Encrypt the identity information of the target user with a private key to obtain encrypted identity information of the target user.
需要说明的是,联盟下的第一平台可以根据预先存储的私钥或时间戳对目标用户身份信息进行加密。It should be noted that the first platform under the alliance can encrypt the identity information of the target user according to the pre-stored private key or time stamp.
示例性的,可以将加密后的目标用户身份信息通过可信信道发送至第二平台。Exemplarily, the encrypted target user identity information may be sent to the second platform through a trusted channel.
示例性的,第二平台可以根据公钥对加密后的用户身份信息进行解密,得到用户身份信息,然后再对用户身份信息进行验证。Exemplarily, the second platform may decrypt the encrypted user identity information according to the public key to obtain the user identity information, and then verify the user identity information.
本公开实施例中,第一平台通过对用户身份信息进行加密,然后将加密后的用户身份信息发送至第二平台,由于是将用户的身份信息进行加密后再发送至第二平台,可以在用户身份信息传输的过程中,避免用户身份身份信息被窃取,提高了信息传输的安全性。In the embodiment of the present disclosure, the first platform encrypts the user identity information, and then sends the encrypted user identity information to the second platform. Since the user identity information is encrypted and then sent to the second platform, it can be In the process of user identity information transmission, the user identity information is prevented from being stolen, and the security of information transmission is improved.
作为一个具体示例,本公开中还可以分别在第一平台以及第二平台中设置联盟身份提供者。As a specific example, in this disclosure, federated identity providers can also be set on the first platform and the second platform respectively.
在设置联盟身份提供者的基础上,本公开实施例可以包括:On the basis of setting federated identity providers, embodiments of the present disclosure may include:
S502,第一平台接收到用户的访问请求,其中,访问请求包括平台标识。S502. The first platform receives an access request from a user, where the access request includes a platform identifier.
S504,第一平台根据平台标识确定用户访问的第二平台;S504. The first platform determines the second platform accessed by the user according to the platform identifier;
S506,第一平台将用户的访问请求发送至第二平台对应的第一联盟身份提供者。S506. The first platform sends the user's access request to the first federated identity provider corresponding to the second platform.
需要说明的是,第一平台中可以设置多个第一联盟身份提供者,每个第一联盟身份提供者对应一个平台。It should be noted that multiple first federated identity providers may be set on the first platform, and each first federated identity provider corresponds to a platform.
S508,第一联盟身份提供者在接收到用户的访问请求之后,根据用户的访问请求生成用于访问第二平台的身份信息。S508. After receiving the user's access request, the first federated identity provider generates identity information for accessing the second platform according to the user's access request.
S510,第一联盟身份提供者将生成的身份信息发送至第一平台;S510, the first alliance identity provider sends the generated identity information to the first platform;
S512,第一平台将生成的身份信息发送至第二平台。S512. The first platform sends the generated identity information to the second platform.
S514,第二平台将生成的身份信息发送至设置在第二平台上的第二联盟身份提供者;S514. The second platform sends the generated identity information to the second federated identity provider set on the second platform;
S516,第二联盟身份提供者在接收到身份信息后,对身份信息进行验证,得到验证结果。S516. After receiving the identity information, the second alliance identity provider verifies the identity information to obtain a verification result.
S518,第二联盟身份提供者将验证结果发送至第一平台。S518. The second federated identity provider sends the verification result to the first platform.
需要说明的是,在第一平台接收用户的访问请求之间,可以预先根据智能合约生成联盟身份提供者。It should be noted that before the first platform receives the user's access request, the alliance identity provider can be generated in advance according to the smart contract.
基于同一发明构思,本公开实施例中还提供了一种联盟通信装置,如下面的实施例。由于该装置实施例解决问题的原理与上述方法实施例相似,因此该装置实施例的实施可以参见上述方法实施例的实施,重复之处不再赘述。Based on the same inventive concept, embodiments of the present disclosure also provide an alliance communication device, such as the following embodiments. Since the problem-solving principle of this device embodiment is similar to that of the above-mentioned method embodiment, the implementation of this device embodiment can refer to the implementation of the above-mentioned method embodiment, and repeated descriptions will not be repeated.
图6示出本公开实施例中一种联盟身份提供装置示意图,如图6所示,该装置600包括:Fig. 6 shows a schematic diagram of an apparatus for providing a federated identity in an embodiment of the present disclosure. As shown in Fig. 6, the
获取模块602,用于获取用户的访问请求,访问请求包括用户身份信息以及访问平台标识;An
确定模块604,用于根据访问平台标识确定访问平台标识对应的第二平台,第二平台包括当前联盟外,其他联盟下的平台;A determining
第一生成模块606,用于根据第二平台以及用户身份信息生成用于访问第二平台的目标用户身份信息;The
第一发送模块608,用于将目标用户身份信息发送至第二平台,以使第二平台对目标用户身份信息进行验证;The
第二发送模块610,在第二平台对目标用户身份信息验证通过的情况下,用于将验证通过消息发送至用户,以使用户基于目标用户身份信息对第二平台进行访问。The
本公开的实施例所提供的联盟通信装置,应用于联盟下的第一平台,通过获取用户的访问请求,然后根据访问请求中包含的用户身份信息以及访问平台标识生成用于访问第二平台的目标用户身份信息,然后将目标用户身份信息发送至第二平台,以使第二平台对目标用户身份信息进行验证,在验证通过的情况下,可以使用户根据目标用户身份信息对第二平台进行访问,由此,可以使得第一平台下的用户能够对第二平台进行访问,打通了不同联盟之间的通信渠道。使得不同联盟之间通信的技术变得进一步成熟。The federated communication device provided by the embodiments of the present disclosure is applied to the first platform under the federation. By obtaining the user's access request, and then generating the access request to the second platform according to the user identity information and the access platform identifier included in the access request Target user identity information, and then send the target user identity information to the second platform, so that the second platform can verify the target user identity information. Access, thus, enables users under the first platform to access the second platform, and opens up communication channels between different alliances. The technology to enable communication between different alliances has further matured.
在本公开的一个实施例中,联盟通信装置还包括:In an embodiment of the present disclosure, the alliance communication device further includes:
第二生成模块612,在根据第二平台以及用户身份信息生成用于访问第二平台的目标用户身份信息之前,用于根据映射规则与智能合约生成身份转换规则,其中,映射规则与智能合约是由第一平台与第二平台协商构建的;The
第一生成模块606,包括:The
第一生成单元,用于根据第二平台、用户身份信息以及身份转换规则生成用于访问第二平台的目标用户身份信息。The first generating unit is configured to generate target user identity information for accessing the second platform according to the second platform, user identity information, and identity conversion rules.
在本公开的一个实施例中,智能合约包括:联盟平台身份元数据、联盟平台地址、联盟公钥以及联盟平台节点生成规则。In one embodiment of the present disclosure, the smart contract includes: alliance platform identity metadata, alliance platform address, alliance public key, and alliance platform node generation rules.
在本公开的一个实施例中,用户身份信息包括:In one embodiment of the present disclosure, user identity information includes:
用户在第一平台角色信息、用户在第一平台属性信息以及用户在第一平台的标识。The user's role information on the first platform, the user's attribute information on the first platform, and the user's identification on the first platform.
在本公开的一个实施例中,目标用户身份信息包括:In an embodiment of the present disclosure, the target user identity information includes:
用户在第二平台角色信息、用户在第二平台属性信息以及用户在第二平台的标识。The user's role information on the second platform, the user's attribute information on the second platform, and the user's identification on the second platform.
在本公开的一个实施例中,联盟通信装置还包括:In an embodiment of the present disclosure, the alliance communication device further includes:
加密模块614,用于在将目标用户身份信息发送至第二平台,以使第二平台对目标用户身份信息进行验证之前,用于将目标用户身份信息利用私钥进行加密,得到加密后的目标用户身份信息;The
第三发送模块616,用于将目标用户身份信息发送至第二平台,以使第二平台对目标用户身份信息进行验证,包括:The
第四发送模块618,用于将加密后的目标用户身份信息发送至第二平台,以使第二平台根据公钥对加密后的目标用户身份信息解密并会对解密后得到的目标用户身份信息进行验证。The
所属技术领域的技术人员能够理解,本公开的各个方面可以实现为系统、方法或程序产品。因此,本公开的各个方面可以具体实现为以下形式,即:完全的硬件实施方式、完全的软件实施方式(包括固件、微代码等),或硬件和软件方面结合的实施方式,这里可以统称为“电路”、“模块”或“系统”。Those skilled in the art can understand that various aspects of the present disclosure can be implemented as a system, method or program product. Therefore, various aspects of the present disclosure can be embodied in the following forms, namely: a complete hardware implementation, a complete software implementation (including firmware, microcode, etc.), or a combination of hardware and software, which can be collectively referred to herein as "circuit", "module" or "system".
下面参照图7来描述根据本公开的这种实施方式的电子设备700。图7显示的电子设备700仅仅是一个示例,不应对本公开实施例的功能和使用范围带来任何限制。An
如图7所示,电子设备700以通用计算设备的形式表现。电子设备700的组件可以包括但不限于:上述至少一个处理单元710、上述至少一个存储单元720、连接不同系统组件(包括存储单元720和处理单元710)的总线730。As shown in FIG. 7,
其中,存储单元存储有程序代码,程序代码可以被处理单元710执行,使得处理单元710执行本说明书上述“示例性方法”部分中描述的根据本公开各种示例性实施方式的步骤。例如,处理单元710可以执行上述方法实施例的如下步骤:Wherein, the storage unit stores program codes, and the program codes can be executed by the
获取用户的访问请求,访问请求包括用户身份信息以及访问平台标识;Obtain the user's access request, which includes user identity information and access platform identification;
根据访问平台标识确定访问平台标识对应的第二平台,第二平台包括当前联盟外,其他联盟下的平台;Determine the second platform corresponding to the access platform identifier according to the access platform identifier, where the second platform includes platforms under other alliances other than the current alliance;
根据第二平台以及用户身份信息生成用于访问第二平台的目标用户身份信息;generating target user identity information for accessing the second platform according to the second platform and the user identity information;
将目标用户身份信息发送至第二平台,以使第二平台对目标用户身份信息进行验证;Sending the target user identity information to the second platform, so that the second platform verifies the target user identity information;
在第二平台对目标用户身份信息验证通过的情况下,将验证通过消息发送至用户,以使用户基于目标用户身份信息对第二平台进行访问。When the second platform passes the verification of the target user's identity information, a verification pass message is sent to the user, so that the user can access the second platform based on the target user's identity information.
存储单元720可以包括易失性存储单元形式的可读介质,例如随机存取存储单元(RAM)7201和/或高速缓存存储单元7202,还可以进一步包括只读存储单元(ROM)7203。The
存储单元720还可以包括具有一组(至少一个)程序模块7205的程序/实用工具7204,这样的程序模块7205包括但不限于:操作系统、一个或者多个应用程序、其它程序模块以及程序数据,这些示例中的每一个或某种组合中可能包括网络环境的实现。The
总线730可以为表示几类总线结构中的一种或多种,包括存储单元总线或者存储单元控制器、外围总线、图形加速端口、处理单元或者使用多种总线结构中的任意总线结构的局域总线。
电子设备700也可以与一个或多个外部设备740(例如键盘、指向设备、蓝牙设备等)通信,还可与一个或者多个使得用户能与该电子设备700交互的设备通信,和/或与使得该电子设备700能与一个或多个其它计算设备进行通信的任何设备(例如路由器、调制解调器等等)通信。这种通信可以通过输入/输出(I/O)接口750进行。并且,电子设备700还可以通过网络适配器760与一个或者多个网络(例如局域网(LAN),广域网(WAN)和/或公共网络,例如因特网)通信。如图所示,网络适配器760通过总线730与电子设备700的其它模块通信。应当明白,尽管图中未示出,可以结合电子设备700使用其它硬件和/或软件模块,包括但不限于:微代码、设备驱动器、冗余处理单元、外部磁盘驱动阵列、RAID系统、磁带驱动器以及数据备份存储系统等。The
通过以上的实施方式的描述,本领域的技术人员易于理解,这里描述的示例实施方式可以通过软件实现,也可以通过软件结合必要的硬件的方式来实现。因此,根据本公开实施方式的技术方案可以以软件产品的形式体现出来,该软件产品可以存储在一个非易失性存储介质(可以是CD-ROM,U盘,移动硬盘等)中或网络上,包括若干指令以使得一台计算设备(可以是个人计算机、服务器、终端装置、或者网络设备等)执行根据本公开实施方式的方法。Through the description of the above implementations, those skilled in the art can easily understand that the example implementations described here can be implemented by software, or by combining software with necessary hardware. Therefore, the technical solutions according to the embodiments of the present disclosure can be embodied in the form of software products, and the software products can be stored in a non-volatile storage medium (which can be CD-ROM, U disk, mobile hard disk, etc.) or on the network , including several instructions to make a computing device (which may be a personal computer, a server, a terminal device, or a network device, etc.) execute the method according to the embodiments of the present disclosure.
在本公开的示例性实施例中,还提供了一种计算机可读存储介质,该计算机可读存储介质可以是可读信号介质或者可读存储介质。其上存储有能够实现本公开上述方法的程序产品。在一些可能的实施方式中,本公开的各个方面还可以实现为一种程序产品的形式,其包括程序代码,当程序产品在终端设备上运行时,程序代码用于使终端设备执行本说明书上述“示例性方法”部分中描述的根据本公开各种示例性实施方式的步骤。In an exemplary embodiment of the present disclosure, a computer-readable storage medium is also provided, and the computer-readable storage medium may be a readable signal medium or a readable storage medium. A program product capable of realizing the above-mentioned methods of the present disclosure is stored thereon. In some possible implementations, various aspects of the present disclosure can also be implemented in the form of a program product, which includes program code. When the program product runs on the terminal device, the program code is used to make the terminal device execute the above-mentioned Steps according to various exemplary embodiments of the present disclosure described in the "Exemplary Methods" section.
本公开中的计算机可读存储介质的更具体的例子可以包括但不限于:具有一个或多个导线的电连接、便携式计算机磁盘、硬盘、随机访问存储器(RAM)、只读存储器(ROM)、可擦式可编程只读存储器(EPROM或闪存)、光纤、便携式紧凑磁盘只读存储器(CD-ROM)、光存储器件、磁存储器件、或者上述的任意合适的组合。More specific examples of computer-readable storage media in this disclosure may include, but are not limited to: electrical connections with one or more wires, portable computer disks, hard disks, random access memory (RAM), read only memory (ROM), Erasable programmable read-only memory (EPROM or flash memory), optical fiber, portable compact disk read-only memory (CD-ROM), optical storage device, magnetic storage device, or any suitable combination of the above.
在本公开中,计算机可读存储介质可以包括在基带中或者作为载波一部分传播的数据信号,其中承载了可读程序代码。这种传播的数据信号可以采用多种形式,包括但不限于电磁信号、光信号或上述的任意合适的组合。可读信号介质还可以是可读存储介质以外的任何可读介质,该可读介质可以发送、传播或者传输用于由指令执行系统、装置或者器件使用或者与其结合使用的程序。In the present disclosure, a computer-readable storage medium may include a data signal carrying readable program code in baseband or as part of a carrier wave traveling as a data signal. Such propagated data signals may take many forms, including but not limited to electromagnetic signals, optical signals, or any suitable combination of the foregoing. A readable signal medium may also be any readable medium other than a readable storage medium that can transmit, propagate, or transport a program for use by or in conjunction with an instruction execution system, apparatus, or device.
可选地,计算机可读存储介质上包含的程序代码可以用任何适当的介质传输,包括但不限于无线、有线、光缆、RF等等,或者上述的任意合适的组合。Alternatively, program code contained on a computer-readable storage medium may be transmitted using any appropriate medium, including but not limited to wireless, cable, optical cable, RF, etc., or any suitable combination of the above.
在具体实施时,可以以一种或多种程序设计语言的任意组合来编写用于执行本公开操作的程序代码,程序设计语言包括面向对象的程序设计语言—诸如Java、C++等,还包括常规的过程式程序设计语言—诸如“C”语言或类似的程序设计语言。程序代码可以完全地在用户计算设备上执行、部分地在用户设备上执行、作为一个独立的软件包执行、部分在用户计算设备上部分在远程计算设备上执行、或者完全在远程计算设备或服务器上执行。在涉及远程计算设备的情形中,远程计算设备可以通过任意种类的网络,包括局域网(LAN)或广域网(WAN),连接到用户计算设备,或者,可以连接到外部计算设备(例如利用因特网服务提供商来通过因特网连接)。During specific implementation, the program code for performing the operations of the present disclosure can be written in any combination of one or more programming languages, and the programming language includes an object-oriented programming language—such as Java, C++, etc., and also includes conventional A procedural programming language—such as "C" or a similar programming language. The program code may execute entirely on the user's computing device, partly on the user's device, as a stand-alone software package, partly on the user's computing device and partly on a remote computing device, or entirely on the remote computing device or server to execute. In cases involving a remote computing device, the remote computing device may be connected to the user computing device through any kind of network, including a local area network (LAN) or a wide area network (WAN), or may be connected to an external computing device (e.g., using an Internet service provider). business to connect via the Internet).
应当注意,尽管在上文详细描述中提及了用于动作执行的设备的若干模块或者单元,但是这种划分并非强制性的。实际上,根据本公开的实施方式,上文描述的两个或更多模块或者单元的特征和功能可以在一个模块或者单元中具体化。反之,上文描述的一个模块或者单元的特征和功能可以进一步划分为由多个模块或者单元来具体化。It should be noted that although several modules or units of the device for action execution are mentioned in the above detailed description, this division is not mandatory. Actually, according to the embodiment of the present disclosure, the features and functions of two or more modules or units described above may be embodied in one module or unit. Conversely, the features and functions of one module or unit described above can be further divided to be embodied by a plurality of modules or units.
此外,尽管在附图中以特定顺序描述了本公开中方法的各个步骤,但是,这并非要求或者暗示必须按照该特定顺序来执行这些步骤,或是必须执行全部所示的步骤才能实现期望的结果。附加的或备选的,可以省略某些步骤,将多个步骤合并为一个步骤执行,以及/或者将一个步骤分解为多个步骤执行等。In addition, while the steps of the methods of the present disclosure are depicted in the drawings in a particular order, this does not require or imply that the steps must be performed in that particular order, or that all illustrated steps must be performed to achieve the desired result. Additionally or alternatively, certain steps may be omitted, multiple steps may be combined into one step for execution, and/or one step may be decomposed into multiple steps for execution, etc.
通过以上实施方式的描述,本领域的技术人员易于理解,这里描述的示例实施方式可以通过软件实现,也可以通过软件结合必要的硬件的方式来实现。因此,根据本公开实施方式的技术方案可以以软件产品的形式体现出来,该软件产品可以存储在一个非易失性存储介质(可以是CD-ROM,U盘,移动硬盘等)中或网络上,包括若干指令以使得一台计算设备(可以是个人计算机、服务器、移动终端、或者网络设备等)执行根据本公开实施方式的方法。Through the description of the above embodiments, those skilled in the art can easily understand that the example embodiments described here can be implemented by software, or by combining software with necessary hardware. Therefore, the technical solutions according to the embodiments of the present disclosure can be embodied in the form of software products, and the software products can be stored in a non-volatile storage medium (which can be CD-ROM, U disk, mobile hard disk, etc.) or on the network , including several instructions to make a computing device (which may be a personal computer, a server, a mobile terminal, or a network device, etc.) execute the method according to the embodiments of the present disclosure.
本领域技术人员在考虑说明书及实践这里公开的发明后,将容易想到本公开的其它实施方案。本公开旨在涵盖本公开的任何变型、用途或者适应性变化,这些变型、用途或者适应性变化遵循本公开的一般性原理并包括本公开未公开的本技术领域中的公知常识或惯用技术手段。说明书和实施例仅被视为示例性的,本公开的真正范围和精神由所附的权利要求指出。Other embodiments of the present disclosure will be readily apparent to those skilled in the art from consideration of the specification and practice of the invention disclosed herein. The present disclosure is intended to cover any modification, use or adaptation of the present disclosure. These modifications, uses or adaptations follow the general principles of the present disclosure and include common knowledge or conventional technical means in the technical field not disclosed in the present disclosure. . The specification and examples are to be considered exemplary only, with the true scope and spirit of the disclosure indicated by the appended claims.
Claims (10)
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211160397.1A CN115515135A (en) | 2022-09-22 | 2022-09-22 | Alliance communication method, system, device, equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211160397.1A CN115515135A (en) | 2022-09-22 | 2022-09-22 | Alliance communication method, system, device, equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115515135A true CN115515135A (en) | 2022-12-23 |
Family
ID=84505576
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211160397.1A Withdrawn CN115515135A (en) | 2022-09-22 | 2022-09-22 | Alliance communication method, system, device, equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115515135A (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2020034700A1 (en) * | 2018-08-15 | 2020-02-20 | 华为技术有限公司 | Method and device for accounting, authenticating and accessing cloud |
| US20200372600A1 (en) * | 2019-05-20 | 2020-11-26 | The Toronto-Dominion Bank | Integration of Workflow with Digital ID |
| CN112329058A (en) * | 2020-11-04 | 2021-02-05 | 齐鲁工业大学 | Access control method, device and medium for multi-organization user information |
| CN114499952A (en) * | 2021-12-23 | 2022-05-13 | 中电科大数据研究院有限公司 | Alliance chain consensus identity authentication method |
-
2022
- 2022-09-22 CN CN202211160397.1A patent/CN115515135A/en not_active Withdrawn
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2020034700A1 (en) * | 2018-08-15 | 2020-02-20 | 华为技术有限公司 | Method and device for accounting, authenticating and accessing cloud |
| US20200372600A1 (en) * | 2019-05-20 | 2020-11-26 | The Toronto-Dominion Bank | Integration of Workflow with Digital ID |
| CN112329058A (en) * | 2020-11-04 | 2021-02-05 | 齐鲁工业大学 | Access control method, device and medium for multi-organization user information |
| CN114499952A (en) * | 2021-12-23 | 2022-05-13 | 中电科大数据研究院有限公司 | Alliance chain consensus identity authentication method |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| WO2022206349A1 (en) | Information verification method, related apparatus, device, and storage medium | |
| US20210297410A1 (en) | Mec platform deployment method and apparatus | |
| CN112039826A (en) | Login method and device applied to applet terminal | |
| KR20230078706A (en) | Certificate-based security using post-quantum cryptography | |
| CN113179323B (en) | HTTPS request processing method, device and system for load balancing equipment | |
| CN111199037B (en) | Login method, system and device | |
| WO2022247910A1 (en) | Information verification method and apparatus | |
| CN115361143A (en) | Cross-domain data transmission method and device, electronic device, computer readable medium | |
| CN112560003A (en) | User authority management method and device | |
| CN114598549B (en) | Customer SSL certificate verification method and device | |
| CN113709111B (en) | Connection establishment method and device | |
| CN115567263A (en) | Data transmission management method, data processing method and device | |
| US20200119919A1 (en) | Electronic device authentication managing apparatus | |
| CN114840739B (en) | Information retrieval method, device, electronic equipment and storage medium | |
| CN117061221A (en) | Method and device for realizing cloud password service | |
| CN115515135A (en) | Alliance communication method, system, device, equipment and storage medium | |
| CN114785773A (en) | File transmission method and device for converting file data into messages | |
| CN114448629A (en) | Identity authentication method and device, storage medium and electronic equipment | |
| CN113626873B (en) | Authentication method, device, electronic equipment and computer readable medium | |
| CN113420331B (en) | Method and device for managing file downloading permission | |
| CN115348310B (en) | Reverse proxy method, device, system, electronic equipment and storage medium | |
| CN113992734B (en) | Session connection method, device and equipment | |
| CN111970281B (en) | Routing equipment remote control method and system based on verification server and electronic equipment | |
| US20230127607A1 (en) | Methods, devices, and computer program products for authenticating peripheral device | |
| CN113992734A (en) | Session connection method, device and equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WW01 | Invention patent application withdrawn after publication |
Application publication date: 20221223 |