[go: up one dir, main page]

CN117440374A - Communication method, device, system and computer readable storage medium - Google Patents

Communication method, device, system and computer readable storage medium Download PDF

Info

Publication number
CN117440374A
CN117440374A CN202210826035.5A CN202210826035A CN117440374A CN 117440374 A CN117440374 A CN 117440374A CN 202210826035 A CN202210826035 A CN 202210826035A CN 117440374 A CN117440374 A CN 117440374A
Authority
CN
China
Prior art keywords
information
blockchain
token
management platform
public key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210826035.5A
Other languages
Chinese (zh)
Inventor
张政
梁伟
刘小欧
李静雯
毕奇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Telecom Corp Ltd
Original Assignee
China Telecom Corp Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Telecom Corp Ltd filed Critical China Telecom Corp Ltd
Priority to CN202210826035.5A priority Critical patent/CN117440374A/en
Publication of CN117440374A publication Critical patent/CN117440374A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/041Key generation or derivation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/69Identity-dependent
    • H04W12/72Subscriber identity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W76/00Connection management
    • H04W76/10Connection setup
    • H04W76/14Direct-mode setup

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The disclosure provides a communication method, a device, a system and a computer readable storage medium, and relates to the technical field of communication, wherein the method comprises the following steps: transmitting verification information carrying the mobile phone number to a service management platform of the near-field network service, so that the service management platform verifies the mobile phone number and transmits an access code under the condition that verification is successful; receiving an access code; invoking the blockchain wallet to cause the blockchain wallet to generate a public key and a private key, and signing first information with the private key to obtain a first signature, the first information including at least one of an access code and a public key; and sending second information comprising the access code, the public key and the first signature to the service management platform, so that the service management platform generates a token and records the corresponding relation among a plurality of pieces of information under the condition that the first signature is successfully checked by the public key, wherein the plurality of pieces of information comprise a mobile phone number, the public key and the token.

Description

Communication method, device, system and computer readable storage medium
Technical Field
The present disclosure relates to the field of communications technologies, and in particular, to a communication method, apparatus, system, and computer readable storage medium.
Background
With the popularization of various intelligent terminals, frequency resources become more and more intense, and the development of mobile communication services is restricted to a certain extent. In order to meet the demands of mobile communication service development, it is required to improve spectrum utilization.
Near field network (Prose) technology proposed by the third generation partnership project (3 GPP) is a new technology that allows direct device-to-device (D2D) communication between Long Term Evolution (LTE) terminals without infrastructure by sharing near field network resources. The near field network technology can effectively improve the spectrum utilization rate.
Disclosure of Invention
The inventors noted that the near field network technology in the related art is not widely used at present. The inventor finds out after analysis that the near field network is an untrusted and weakly trusted environment, so that safe and efficient network resource sharing cannot be realized.
In order to solve the above-described problems, the embodiments of the present disclosure propose the following solutions.
According to an aspect of the embodiments of the present disclosure, there is provided a communication method including: transmitting verification information carrying a mobile phone number to a service management platform of a near field network service, so that the service management platform verifies the mobile phone number and transmits an access code under the condition that verification is successful; receiving the access code; invoking a blockchain wallet to cause the blockchain wallet to generate a public key and a private key and to sign first information with the private key to obtain a first signature, the first information including at least one of the access code and the public key; and sending second information comprising the access code, the public key and the first signature to the service management platform, so that the service management platform generates a token and records a corresponding relation among a plurality of pieces of information under the condition that the first signature is successfully checked by the public key, wherein the plurality of pieces of information comprise the mobile phone number, the public key and the token.
In some embodiments, the method further comprises: receiving the token encrypted by the public key sent by the service management platform; invoking the blockchain wallet to cause the blockchain wallet to decrypt the token with the private key to obtain the token and encrypt the token with the private key; storing the token sent by the blockchain wallet encrypted with the private key.
In some embodiments, the method further comprises: invoking the blockchain hard wallet to enable the blockchain hard wallet to sign ticket information of the near domain network service by using the private key to obtain a second signature; and sending third information to a gateway, wherein the third information comprises the ticket information, the second signature and the token encrypted by using the private key, so that the gateway performs signature verification on the second signature by using the public key, and sends the ticket information to the service management platform for settlement under the condition that the signature verification is successful.
In some embodiments, the second information further includes an address of the blockchain hard wallet on a blockchain.
In some embodiments, the first information includes the access code, the public key, and an address of the blockchain wallet on a blockchain.
In some embodiments, the plurality of pieces of information and the third information further comprise an address of the blockchain hard wallet on a blockchain; the method further comprises the steps of: the gateway sends the token encrypted by the private key and the address to the service management platform, so that the service management platform determines the public key based on the address and the corresponding relation, decrypts the token encrypted by the private key by using the public key, and verifies the decrypted token; the gateway receives the public key sent by the service management platform under the condition that the token is successfully verified.
In some embodiments, the method further comprises: the blockchain wallet is invoked to cause the blockchain wallet to encrypt the ticket information with the private key prior to sending the ticket information to the gateway.
In some embodiments, the blockchain hard wallet includes a blockchain user identity module (BSIM) card.
In some embodiments, the blockchain hard wallet is invoked via a Software Development Kit (SDK).
In some embodiments, the blockchain hard wallet is connected by bluetooth.
According to another aspect of the disclosed embodiments, there is provided a communication apparatus including: the first sending module is configured to send verification information carrying a mobile phone number to a business management platform of a near-field network service, so that the business management platform verifies the mobile phone number and sends an access code under the condition that verification is successful; a receiving module configured to receive the access code; a calling module configured to call a blockchain wallet to cause the blockchain wallet to generate a public key and a private key and to sign first information with the private key to obtain a first signature, the first information including at least one of the access code and the public key; and the second sending module is configured to send second information comprising the access code, the public key and the first signature to the service management platform, so that the service management platform generates a token and records the corresponding relation among a plurality of pieces of information, wherein the plurality of pieces of information comprise the mobile phone number, the public key and the token under the condition that the first signature is successfully checked by using the public key.
According to still another aspect of the embodiments of the present disclosure, there is provided a communication apparatus including: a memory; and a processor coupled to the memory, the processor configured to perform the method of any of the embodiments described above based on instructions stored in the memory.
According to still another aspect of the embodiments of the present disclosure, there is provided a communication system including: the communication device of any one of the above embodiments; the blockchain wallet configured to generate the public key and the private key in response to a first invocation request of the communication device; signing the first information by using the private key to obtain the first signature; transmitting the first signature to the communication device; the service management platform is configured to receive verification information carrying a mobile phone number, verify the mobile phone number and send an access code under the condition that verification is successful; and receiving the second information, and generating a token and recording the corresponding relation among a plurality of items of information under the condition that the first signature is successfully checked by using the public key.
In some embodiments, the service management platform is further configured to send the token encrypted with the public key to the communication device; the blockchain wallet is further configured to decrypt the token with the private key to obtain the token in response to a second invocation request of the communication device; encrypting the token with the private key; send the token encrypted with the private key to the communication device; the communication device is further configured to store the token encrypted with the private key sent by the blockchain hard wallet.
In some embodiments, the communication system further comprises a gateway; the blockchain hard wallet is further configured to sign the ticket information with the private key to obtain a second signature in response to a third invocation request of the communication device; transmitting the second signature to the communication device; the communication device is further configured to send third information to a gateway, the third information including the ticket information, the second signature and the token encrypted with the private key, so that the gateway signs the second signature with the public key and sends the ticket information to the service management platform for settlement if the sign is successful; the gateway is configured to receive the third information, check the second signature by using the public key, and send the ticket information to the service management platform if the check is successful; the service management platform is further configured to receive the ticket information and settle accounts.
In some embodiments, the plurality of pieces of information and the third information further comprise an address of the blockchain hard wallet on a blockchain; the gateway is further configured to send the token and the address encrypted with the private key to the service management platform; receiving the public key sent by the service management platform under the condition that the token is successfully verified; the service management platform is further configured to receive the token and the address encrypted by the private key; and determining the public key based on the address and the corresponding relation, decrypting the token encrypted by the private key by using the public key, and verifying the decrypted token.
In some embodiments, the communication device is further configured to call a request to the blockchain hard Bao Faqi fourth before sending the ticket information to the gateway; the blockchain hard wallet is further configured to encrypt the ticket information with the private key in response to a fourth invocation request of the communication device.
In some embodiments, the blockchain hard wallet includes a BSIM card.
According to a further aspect of the disclosed embodiments, a computer readable storage medium is provided, comprising computer program instructions, wherein the computer program instructions, when executed by a processor, implement the method according to any of the embodiments described above.
According to a further aspect of the disclosed embodiments, a computer program product is provided, comprising a computer program, wherein the computer program, when executed by a processor, implements the method according to any of the above embodiments.
In the embodiment of the disclosure, firstly, verification information carrying a mobile phone number is sent to a service management platform, so that the service management platform verifies the mobile phone number. Therefore, the node can be ensured to be successfully verified by the mobile phone number, the trust degree of the node is improved, and the actions of damaging the health of the near-field network system such as Trojan attack, hacking attack, relay disuse and the like are also prevented, so that the robustness of the near-field network system is improved, and the safe near-field network resource sharing is realized.
Secondly, the public key and the private key are generated by calling the blockchain hard wallet, on one hand, because the generation of the private key is carried out in the blockchain hard wallet, the private key cannot be manually interfered, and is difficult to crack, so that the data security of the private key is guaranteed. On the other hand, the signature, encryption and other operations can be performed based on the public key and the private key. Both of these aspects are advantageous for achieving safer near field network resource sharing.
Again, the blockchain wallet is invoked to sign the first information with a private key to obtain a first signature, such that the business management platform verifies the first signature with a public key. On the one hand, the block chain hard wallet is used for signing, so that the data security of the private key can be guaranteed. On the other hand, the sender of the second information can be determined through the signature, and the second information can be prevented from being tampered, so that the reliability of the identity authentication process is ensured. Both of these aspects are advantageous for achieving safer near field network resource sharing.
And finally, the service management platform generates a token and records the corresponding relation among a plurality of items of information. In this way, the subsequent node can interact with the service management platform based on the token, and the service management platform can verify the node based on the corresponding relation between the token and the plurality of items of information. Therefore, the interaction process of the follow-up service management platform and the near-field network service node is simpler and more convenient, and safer and more efficient near-field network resource sharing is facilitated.
In summary, the embodiments of the present disclosure help to achieve safe and efficient near-field network resource sharing. The method can be applied to the scenes that the return on investment of operators such as large-scale activities (such as concert) is low and frequency multiplexing is required to be realized, and is beneficial to improving the network service experience of the activity meeting place. Further, the method is favorable for driving and establishing a large-scale, low-cost and extensible near-field network infrastructure, and better serves the scenes of 5G Internet of things, industrial Internet, mobile Internet and the like.
The technical scheme of the present disclosure is described in further detail below through the accompanying drawings and examples.
Drawings
In order to more clearly illustrate the embodiments of the present disclosure or the technical solutions in the prior art, the drawings that are required in the embodiments or the description of the prior art will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present disclosure, and other drawings may be obtained according to these drawings without inventive effort to a person of ordinary skill in the art.
Fig. 1 is an architecture diagram of a near field network system according to some embodiments of the present disclosure.
Fig. 2 is a flow diagram of a communication method according to some embodiments of the present disclosure.
Fig. 3 is a flow chart of a communication method according to further embodiments of the present disclosure.
Fig. 4 is a flow diagram of a communication method according to further embodiments of the present disclosure.
Fig. 5 is a schematic diagram of the structure of a BSIM card in accordance with some embodiments of the present disclosure.
Fig. 6 is a schematic structural diagram of a communication device according to some embodiments of the present disclosure.
Fig. 7 is a schematic structural view of a communication device according to other embodiments of the present disclosure.
Fig. 8 is a schematic diagram of a communication system according to some embodiments of the present disclosure.
Detailed Description
The following description of the technical solutions in the embodiments of the present disclosure will be made clearly and completely with reference to the accompanying drawings in the embodiments of the present disclosure, and it is apparent that the described embodiments are only some embodiments of the present disclosure, not all embodiments. All other embodiments, which can be made by one of ordinary skill in the art based on the embodiments in this disclosure without inventive faculty, are intended to fall within the scope of this disclosure.
The relative arrangement of the components and steps, numerical expressions and numerical values set forth in these embodiments do not limit the scope of the present disclosure unless it is specifically stated otherwise.
Meanwhile, it should be understood that the sizes of the respective parts shown in the drawings are not drawn in actual scale for convenience of description.
Techniques, methods, and apparatus known to one of ordinary skill in the relevant art may not be discussed in detail, but should be considered part of the specification where appropriate.
In all examples shown and discussed herein, any specific values should be construed as merely illustrative, and not a limitation. Thus, other examples of the exemplary embodiments may have different values.
It should be noted that: like reference numerals and letters denote like items in the following figures, and thus once an item is defined in one figure, no further discussion thereof is necessary in subsequent figures.
The near field network of the present disclosure is briefly described below.
Fig. 1 is an architecture diagram of a near field network system according to some embodiments of the present disclosure.
As shown in fig. 1, the near-field network system includes a service management platform 101, a gateway 102, and a plurality of near-field network nodes, for example, near-field network node 103, near-field network node 104, near-field network node 105, and near-field network node 106 shown in fig. 1.
Here, the near-field network node may be a near-field network service node or a near-field network consumer node.
A near-field network service node refers to a node that provides near-field network services, i.e., a node that shares mobile network resources (e.g., 5G network resources) for other nodes. For example, the near-field network nodes 103, 104 may be near-field network service nodes.
The near-field network consumption node refers to a node receiving near-field network services, that is, a node receiving mobile network resources shared by the near-field network service nodes. For example, the near-field network nodes 105, 106 may be near-field network consumer nodes.
In some embodiments of the present disclosure, if a node is to become a near-field network service node, an application needs to be first provided to a service management platform, and the node may become the near-field network service node after passing identity authentication. In some embodiments, the node also needs to mortgage a portion of the credits to the traffic management platform to become a near field network service node.
It will be appreciated that if the identity authentication is not passed, it will not become a near domain network service node. Therefore, safer near-field network resource sharing is facilitated, the trust degree of the user to the near-field network service node is improved, the user is promoted to join the near-field network to share the network resource, and finally the spectrum utilization rate can be improved.
Embodiments of the present disclosure combine a near field network with a blockchain. In some embodiments, the traffic management platform, gateway, and near domain network service node may also be blockchain nodes.
The identity authentication process is described below.
Fig. 2 is a flow diagram of a communication method according to some embodiments of the present disclosure.
In some embodiments, the communication method shown in fig. 2 may be performed by an Application (APP) in a node (e.g., a mobile terminal).
In step 202, authentication information carrying a mobile phone number is sent to a service management platform of a near field network service, so that the service management platform authenticates the mobile phone number, and sends an access code (accesscode) if the authentication is successful.
For example, the service management platform can be used for directly verifying the mobile phone number, or the service management platform and other platforms cooperate to complete the verification of the mobile phone number.
For example, the authentication information may be sent to the service management platform by calling a Software Development Kit (SDK) responsible for native login.
For example, a successful verification indicates that the phone number is a truly existing phone number rather than a null number. For another example, a successful verification indicates that the handset number is not only a truly existing handset number, but also a handset number of a Subscriber Identity Module (SIM) card in the node.
In step 204, an access code is received.
At step 206, the blockchain wallet is invoked such that the blockchain wallet generates a public key and a private key and signs first information with the private key to obtain a first signature, the first information including at least one of an access code and a public key.
For example, the first information may include only the access code, only the public key, and both the access code and the public key. In the case where the first information includes an access code and a public key, the first information may be spliced from the access code and the public key.
For example, a 64 byte seed may be generated from a hardware random number based on the BIP 32/44 protocol, and the seed may be used to derive a private key from the SHA512 algorithm.
It should be understood that both the public key and the private key are unique. The public key is disclosed in the near-field network, and other nodes, gateways or service management platforms can verify the subsequently received information by using the public key in the subsequent interaction process. The private key is not public and the node may encrypt or sign the transmitted information using the private key. For example, the signature or encryption may be based on an algorithm of ECC-secp256k1, ECDSA-secp256k1, AES, HMAC-SHA512, or the like.
In step 208, second information including the access code, the public key and the first signature is sent to the service management platform, so that the service management platform generates a token and records a corresponding relation among a plurality of pieces of information including a mobile phone number, the public key and the token when the first signature is checked successfully by using the public key.
For example, the second information may be sent to the service management platform via a 5G network.
For example, in the case that the first information includes an access code and a public key, the service management platform decrypts the first signature by using the public key, determines whether the decrypted first signature is consistent with digests of the access code and the public key, and if so, considers that signature verification is successful.
In the above embodiment, first, authentication information carrying a mobile phone number is sent to the service management platform, so that the service management platform authenticates the mobile phone number. Therefore, the node can be ensured to be successfully verified by the mobile phone number, the trust degree of the node is improved, and the actions of damaging the health of the near-field network system such as Trojan attack, hacking attack, relay disuse and the like are also prevented, so that the robustness of the near-field network system is improved, and the safe near-field network resource sharing is realized.
Secondly, the public key and the private key are generated by calling the blockchain hard wallet, on one hand, because the generation of the private key is carried out in the blockchain hard wallet, the private key cannot be manually interfered, and is difficult to crack, so that the data security of the private key is guaranteed. On the other hand, the signature, encryption and other operations can be performed based on the public key and the private key. Both of these aspects are advantageous for achieving safer near field network resource sharing.
Again, the blockchain wallet is invoked to sign the first information with a private key to obtain a first signature, such that the business management platform verifies the first signature with a public key. On the one hand, the block chain hard wallet is used for signing, so that the data security of the private key can be guaranteed. On the other hand, the sender of the second information can be determined through the signature, and the second information can be prevented from being tampered, so that the reliability of the identity authentication process is ensured. Both of these aspects are advantageous for achieving safer near field network resource sharing.
And finally, the service management platform generates a token and records the corresponding relation among a plurality of items of information. In this way, the subsequent node can interact with the service management platform based on the token, and the service management platform can verify the node based on the corresponding relation between the token and the plurality of items of information. Therefore, the interaction process of the follow-up service management platform and the near-field network service node is simpler and more convenient, and safer and more efficient near-field network resource sharing is facilitated.
In summary, the above embodiments help to realize safe and efficient near-field network resource sharing. The method can be applied to the scenes that the return on investment of operators such as large-scale activities (such as concert) is low and frequency multiplexing is required to be realized, and is beneficial to improving the network service experience of the activity meeting place. Further, the method is favorable for driving and establishing a large-scale, low-cost and extensible near-field network infrastructure, and better serves the scenes of 5G Internet of things, industrial Internet, mobile Internet and the like.
It should be understood that in the related art, the protection schemes of the private key are mainly two, one is realized based on offline hardware, and the method is very inconvenient to use and has poor user experience; the other mode is self-protection by the terminal, and the mode is easy to be invaded by Trojan, so that the safety is low. In the method, the private key is protected through the block chain hard wallet, convenience and safety are considered, and the method is beneficial to realizing safer and more efficient near-field network resource sharing.
In some embodiments, invoking the blockchain wallet requires passing a specific interface, which is open to the blockchain wallet, so that whether the private key is generated or used for signing, encrypting or decrypting, the blockchain wallet needs to be invoked to be executed through the specific interface, which is not subject to human interference, and is beneficial to ensuring data security.
In some embodiments, in addition to the near-field network serving node needing to pass the identity authentication process shown in fig. 2, other nodes, such as near-field network consuming nodes, also need to pass the identity authentication.
In the above embodiment, the authentication of the near-domain network service node can be ensured, so that the trust degree of the near-domain network service node is improved. And the near-field network consumption nodes can be ensured to pass the authentication, so that the trust degree between the near-field network nodes is improved. Therefore, safer near-field network resource sharing can be realized, and the enthusiasm of users to participate in near-field network resource taking is improved.
Fig. 3 is a flow chart of a communication method according to further embodiments of the present disclosure.
In step 302, a token encrypted with a public key sent by a service management platform is received. Therefore, the node can know that the self identity authentication is successful, and can be applied to become a near domain network service node later.
At step 304, the blockchain wallet is invoked such that the blockchain wallet decrypts the token with the private key to obtain the token and encrypts the token with the private key.
At step 306, the blockchain wallet transmitted token encrypted with the private key is stored.
In the above embodiment, firstly, the blockchain hard wallet is called to decrypt and encrypt, which is favorable for guaranteeing the data security of the private key, thereby realizing safer near-field network resource sharing.
And secondly, by storing the token encrypted by the private key, the subsequent node can interact with the service management platform by using the token encrypted by the private key, and the interaction mode is simple and convenient on the premise of ensuring the safety, thereby being beneficial to realizing safer and more efficient near-field network resource sharing.
The following describes an interaction procedure between the near-field network service node and the service management platform by taking a settlement procedure as an example.
Fig. 4 is a flow diagram of a communication method according to further embodiments of the present disclosure.
At step 402, the blockchain wallet is invoked such that the blockchain wallet signs ticket information of a private key near domain network service to obtain a second signature.
For example, if the near domain network node 103 in fig. 1 provides near domain network services for the near domain network node 105 and the near domain network node 106, and the near domain network node 103 consumes 100M traffic, the near domain network node 105 and the near domain network node 106 consume 60M traffic altogether.
Accordingly, the (APP in) near field network node 103 may generate ticket information in the format of json data. The ticket information is, for example, message= { "total": "100MB", "prev": "gateway 102", "next": "near-domain network node 105, near-domain network node 106", "address": "0x5B38Da6a701c568545dCfcB03FcB87512345" }.
For example, the second signature may include a digest of the ticket information and an encryption result of the digest.
In step 404, third information is sent to the gateway, the third information including ticket information, a second signature, and a token encrypted with a private key, such that the gateway signs the second signature with the public key and sends the ticket information to the service management platform for settlement if the sign is successful.
For example, the gateway may obtain a public key from the service management platform, and for example, the gateway may store a public key broadcast by the near-domain network service node in the near-domain network. How the gateway obtains the public key from the service management platform will be further described in connection with some embodiments.
In the above embodiment, first, the blockchain hard wallet dialog list information is invoked to sign, and the gateway performs signature verification. On the one hand, the gateway can confirm that the ticket information is sent by the near domain network service node, and on the other hand, the gateway can also confirm the content of the ticket information. Therefore, the behavior of damaging settlement safety such as Trojan attack, hacking attack, relay disuse and the like can be prevented, the robustness of the near-field network system is improved, and safer near-field network resource sharing is realized.
And secondly, under the condition that the gateway signature verification is successful, the service management platform performs settlement. Therefore, an effective excitation mechanism can be provided, so that a user is driven to become a near-field network service node, and the frequency utilization rate is improved.
Finally, because the gateway bears the verification work, compared with the mode of verifying the session ticket information by the service management platform, the gateway can lighten the load of the service management platform and is beneficial to realizing efficient near-field network resource sharing.
How the gateway obtains the public key from the service management platform is described below.
In some embodiments, the plurality of pieces of information and the third information further comprise addresses of blockchain hard wallets on the blockchain. In this case, the gateway sends the token encrypted with the private key and the address of the blockchain wallet on the blockchain to the service management platform, so that the service management platform determines the public key based on the address and the corresponding relation, decrypts the token encrypted with the private key with the public key, and verifies the decrypted token. Finally, the gateway receives the public key sent by the service management platform under the condition that the token is successfully verified.
In the above embodiment, the service management platform determines the public key based on the address of the blockchain wallet on the blockchain sent by the gateway, so as to decrypt the token encrypted by the private key by using the public key. After decryption, the service management platform may verify the decrypted token. The public key is sent to the gateway if the token is successfully authenticated. Therefore, before the public key is sent, the service management platform verifies based on the address and the token encrypted by the private key, and can realize safer near-domain network resource sharing.
It should be appreciated that in the above embodiments, the service management platform needs to first obtain the address of the blockchain hard wallet on the blockchain, and how the service management platform addresses the blockchain hard wallet on the blockchain will be described with reference to some embodiments.
In some embodiments, the business management platform may calculate the address of the blockchain hard wallet on the blockchain based on the public key.
In other embodiments, the second information further includes an address of the blockchain hard wallet on the blockchain.
For example, in invoking the blockchain wallet to cause the blockchain wallet to generate a public key and a private key, the blockchain wallet may also be caused to generate addresses of the blockchain wallet on the blockchain. Thus, the second information received by the service management platform may also include the address of the blockchain hard wallet on the blockchain.
In the above embodiment, compared with the case that the address is calculated by the service management platform, the method is beneficial to reducing the load of the service management platform and realizing more efficient near-field network resource sharing.
In some embodiments, the first information includes an access code, a public key, and an address of a blockchain hard wallet on a blockchain.
For example, after invoking the blockchain wallet to generate a public key, a private key, and an address of the blockchain wallet on the blockchain, the public key, the private key, and the address of the blockchain wallet on the blockchain may be signed to obtain the first signature.
In some embodiments, the blockchain wallet is invoked prior to sending the ticket information to the gateway, such that the blockchain wallet encrypts the ticket information with the private key.
In the embodiment, the encryption of the ticket information is beneficial to guaranteeing the security of the ticket information, so that the data privacy of the user is protected from being violated, and the enthusiasm of the user for providing near-field network services is improved.
In some embodiments, the blockchain hard wallet includes a Blockchain Subscriber Identity Module (BSIM) card.
The structure of the BSIM card is described below in connection with some embodiments.
Fig. 5 is a schematic diagram of the structure of a BSIM card in accordance with some embodiments of the present disclosure.
As shown in fig. 5, the BSIM card 500 is mainly composed of a conventional SIM card module 501, a bluetooth module 502, a Micro Control Unit (MCU) chip module 503, and a security module (SE) chip module 504.
The conventional SIM card 501 has basic functions such as call, mobile internet surfing, and short message.
Bluetooth module 502 adopts the Bluetooth 4.0 technology and is responsible for realizing the Bluetooth connection between the terminal and BSIM card 500, so that APP on the terminal can conveniently call BSIM card 500 through SDK.
The MCU chip 503 module is responsible for communication with the APP, bluetooth module 502 and SE chip module 504 on the terminal, so as to schedule. The MCU chip module 503 is powered by the interface of a conventional SIM card 501.
The SE chip module 504 is responsible for blockchain related algorithm operations and has Bluetooth functionality consistent with a financial security level.
The BSIM card 500 also has a storage space greater than 1M, and supports a COS operating system, enabling the functions of blockchain seed generation, public-private key derivation, encryption, digital signature, and recovery of blockchain wallets.
The operation of the BSIM card is described next in connection with some embodiments.
In some embodiments, the terminal may power the BSIM card through the card slot, and the terminal may search for and connect to the BSIM card through bluetooth.
In some embodiments, the blockchain hard wallet may be invoked via a software development kit SDK. The SDK is, for example, JAVA SDK, and can be provided by a blockchain hard wallet, and the blockchain hard wallet can be called by the SDK to realize functions of seed generation, public and private key derivation, digital signature, signature verification and the like.
In the embodiment, the block chain hard wallet can be simply and conveniently called through the SDK, so that more efficient near-field network resource sharing is facilitated.
In some embodiments, the blockchain hard wallet is connected through bluetooth. Therefore, the block chain hard wallet can be simply and conveniently called, and efficient near-field network resource sharing is achieved.
In some embodiments, authentication may need to be re-performed in the event that the user changes BSIM cards or reloads APPs, etc.
In this specification, each embodiment is described in a progressive manner, and each embodiment is mainly described in a different manner from other embodiments, so that the same or similar parts between the embodiments are mutually referred to. For the device embodiments, since they basically correspond to the method embodiments, the description is relatively simple, and the relevant points are referred to in the description of the method embodiments.
Fig. 6 is a schematic structural diagram of a communication device according to some embodiments of the present disclosure.
As shown in fig. 6, the communication apparatus 600 includes a first transmitting module 601, a receiving module 602, a calling module 603, and a second transmitting module 604.
The first transmitting module 601 is configured to transmit authentication information carrying a mobile phone number to a service management platform of the near-field network service, so that the service management platform authenticates the mobile phone number and transmits an access code if authentication is successful.
The receiving module 602 is configured to receive an access code.
The invoking module 603 is configured to invoke the blockchain wallet to cause the blockchain wallet to generate a public key and a private key and sign first information with the private key to obtain a first signature, the first information including at least one of an access code and a public key.
The second sending module 604 is configured to send second information including the access code, the public key and the first signature to the service management platform, so that the service management platform generates a token if the first signature is successfully checked by using the public key, and records a correspondence between a plurality of pieces of information, including a mobile phone number, the public key and the token.
Other features and advantages of the communication device 600 according to the embodiment of the present invention may refer to the embodiments of the communication method and their advantages described above, and will not be described here again.
Fig. 7 is a schematic structural view of a communication device according to other embodiments of the present disclosure.
As shown in fig. 7, a communication device 700 includes a memory 701 and a processor 702 coupled to the memory 701, the processor 702 being configured to perform the method of any of the foregoing embodiments based on instructions stored in the memory 701.
The memory 701 may include, for example, system memory, fixed nonvolatile storage media, and the like. The system memory may store, for example, an operating system, application programs, boot Loader (Boot Loader), and other programs.
The communication device 700 may also include an input-output interface 703, a network interface 704, a storage interface 705, and the like. These interfaces 703, 704, 705 and between the memory 701 and the processor 702 may be connected by a bus 706, for example. The input/output interface 703 provides a connection interface for input/output devices such as a display, mouse, keyboard, touch screen, etc. The network interface 704 provides a connection interface for various networking devices. The storage interface 705 provides a connection interface for external storage devices such as SD cards, U discs, and the like.
Fig. 8 is a schematic diagram of a communication system according to some embodiments of the present disclosure.
As shown in fig. 8, the communication system 800 includes a communication device 801, a blockchain hard wallet 802, and a traffic management platform 803.
The communication device 801 is a communication device according to any one of the embodiments described above, such as the communication device 600 or the communication device 700.
The blockchain wallet 802 is configured to generate a public key and a private key in response to a first invocation request of the communication device 801; signing the first information by using the private key to obtain a first signature; the first signature is sent to the communication device 801.
The service management platform 803 is configured to receive authentication information carrying a mobile phone number, authenticate the mobile phone number, and send an access code if authentication is successful; and receiving the second information, and generating a token and recording the correspondence between the plurality of pieces of information when the first signature is successfully checked by using the public key.
Other features and advantages of the communication system 800 according to the embodiment of the present invention may refer to the various embodiments of the communication method and their advantages described above, and will not be described in detail herein.
In some embodiments, the service management platform 803 is further configured to send a token encrypted with the public key to the communication device 801. The blockchain wallet 802 is further configured to decrypt the token with the private key to obtain the token in response to a second invocation request of the communication device 801; encrypting the token with the private key; the token will be encrypted with the private key to the communication device 801. The communication device 801 is also configured to store tokens encrypted with a private key sent by the blockchain wallet 802.
In some embodiments, the communication system further comprises gateway 804. The blockchain wallet 802 is further configured to sign the ticket information with the private key to obtain a second signature in response to a third invocation request of the communication device 801; the second signature is sent to the communication device 801. The communication device 801 is further configured to send third information to the gateway 804, the third information including ticket information, a second signature, and a token encrypted with a private key, such that the gateway 804 signs the second signature with the public key and sends the ticket information to the service management platform 803 for settlement if the sign is successful. Gateway 804 is configured to receive the third information, sign the second signature with the public key, and send ticket information to service management platform 803 if the sign is successful. The service management platform 803 is also configured to receive ticket information and settle accounts.
In some embodiments, the plurality of pieces of information and the third information further include addresses of the blockchain hard wallets 802 on the blockchain. Gateway 804 is further configured to send the token and address encrypted with the private key to traffic management platform 803; the receiving service management platform 803 receives the public key sent if the token authentication was successful. The service management platform 803 is further configured to receive a private key encrypted token and address; and determining a public key based on the address and the corresponding relation, decrypting the token encrypted by the private key by using the public key, and verifying the decrypted token.
In some embodiments, the communication device 801 is further configured to initiate a fourth invocation request to the blockchain hard wallet 802 prior to sending ticket information to the gateway 804. The blockchain wallet 802 is further configured to encrypt ticket information with a private key in response to a fourth invocation request of the communications device 801.
In some embodiments, the blockchain hard wallet 802 includes a blockchain user identity module BSIM card.
The disclosed embodiments also provide a computer readable storage medium comprising computer program instructions which, when executed by a processor, implement the method of any of the above embodiments.
The disclosed embodiments also provide a computer program product comprising a computer program, wherein the computer program, when executed by a processor, implements the method of any of the above.
Thus, various embodiments of the present disclosure have been described in detail. In order to avoid obscuring the concepts of the present disclosure, some details known in the art are not described. How to implement the solutions disclosed herein will be fully apparent to those skilled in the art from the above description.
It will be appreciated by those skilled in the art that embodiments of the present disclosure may be provided as a method, system, or computer program product. Accordingly, the present disclosure may take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment combining software and hardware aspects. Furthermore, the present disclosure may take the form of a computer program product embodied on one or more computer-usable non-transitory storage media (including, but not limited to, disk storage, CD-ROM, optical storage, etc.) having computer-usable program code embodied therein.
The present disclosure is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the disclosure. It will be understood that functions specified in one or more of the flowcharts and/or one or more of the blocks in the block diagrams may be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
Although some specific embodiments of the present disclosure have been described in detail by way of example, it should be understood by those skilled in the art that the above examples are for illustration only and are not intended to limit the scope of the present disclosure. It will be understood by those skilled in the art that the foregoing embodiments may be modified and equivalents substituted for elements thereof without departing from the scope and spirit of the disclosure. The scope of the present disclosure is defined by the appended claims.

Claims (20)

1. A method of communication, comprising:
transmitting verification information carrying a mobile phone number to a service management platform of a near field network service, so that the service management platform verifies the mobile phone number and transmits an access code under the condition that verification is successful;
Receiving the access code;
invoking a blockchain wallet to cause the blockchain wallet to generate a public key and a private key and to sign first information with the private key to obtain a first signature, the first information including at least one of the access code and the public key;
and sending second information comprising the access code, the public key and the first signature to the service management platform, so that the service management platform generates a token and records a corresponding relation among a plurality of pieces of information under the condition that the first signature is successfully checked by the public key, wherein the plurality of pieces of information comprise the mobile phone number, the public key and the token.
2. The method of claim 1, further comprising:
receiving the token encrypted by the public key sent by the service management platform;
invoking the blockchain wallet to cause the blockchain wallet to decrypt the token with the private key to obtain the token and encrypt the token with the private key;
storing the token sent by the blockchain wallet encrypted with the private key.
3. The communication method according to claim 2, further comprising:
Invoking the blockchain hard wallet to enable the blockchain hard wallet to sign ticket information of the near domain network service by using the private key to obtain a second signature;
and sending third information to a gateway, wherein the third information comprises the ticket information, the second signature and the token encrypted by using the private key, so that the gateway performs signature verification on the second signature by using the public key, and sends the ticket information to the service management platform for settlement under the condition that the signature verification is successful.
4. The method of claim 1, wherein,
the second information also includes an address of the blockchain hard wallet on a blockchain.
5. The method of claim 1, wherein,
the first information includes the access code, the public key, and an address of the blockchain wallet on a blockchain.
6. The method of claim 3, wherein the plurality of pieces of information and the third information further comprise addresses of the blockchain hard wallets on blockchains;
the method further comprises the steps of:
the gateway sends the token encrypted by the private key and the address to the service management platform, so that the service management platform determines the public key based on the address and the corresponding relation, decrypts the token encrypted by the private key by using the public key, and verifies the decrypted token;
The gateway receives the public key sent by the service management platform under the condition that the token is successfully verified.
7. A method according to claim 3, further comprising:
the blockchain wallet is invoked to cause the blockchain wallet to encrypt the ticket information with the private key prior to sending the ticket information to the gateway.
8. The method of claim 1, wherein,
the blockchain hard wallet includes a blockchain user identity module BSIM card.
9. The method of claim 1, wherein,
the blockchain hard wallet is invoked via a software development kit SDK.
10. The method of claim 1, wherein,
and the block chain hard wallet is connected through Bluetooth.
11. A communication apparatus, comprising:
the first sending module is configured to send verification information carrying a mobile phone number to a business management platform of a near-field network service, so that the business management platform verifies the mobile phone number and sends an access code under the condition that verification is successful;
a receiving module configured to receive the access code;
a calling module configured to call a blockchain wallet to cause the blockchain wallet to generate a public key and a private key and to sign first information with the private key to obtain a first signature, the first information including at least one of the access code and the public key;
And the second sending module is configured to send second information comprising the access code, the public key and the first signature to the service management platform, so that the service management platform generates a token and records the corresponding relation among a plurality of pieces of information, wherein the plurality of pieces of information comprise the mobile phone number, the public key and the token under the condition that the first signature is successfully checked by using the public key.
12. A communication apparatus, comprising:
a memory; and
a processor coupled to the memory and configured to perform the method of any of claims 1-5 and 7-10 based on instructions stored in the memory.
13. A communication system, comprising:
a communications device as claimed in claim 11 or claim 12;
the blockchain wallet configured to generate the public key and the private key in response to a first invocation request of the communication device; signing the first information by using the private key to obtain the first signature; transmitting the first signature to the communication device;
the service management platform is configured to receive verification information carrying a mobile phone number, verify the mobile phone number and send an access code under the condition that verification is successful; and receiving the second information, and generating a token and recording the corresponding relation among a plurality of items of information under the condition that the first signature is successfully checked by using the public key.
14. The communication system of claim 13, wherein,
the service management platform is further configured to send the token encrypted with the public key to the communication device;
the blockchain wallet is further configured to decrypt the token with the private key to obtain the token in response to a second invocation request of the communication device; encrypting the token with the private key; send the token encrypted with the private key to the communication device;
the communication device is further configured to store the token encrypted with the private key sent by the blockchain hard wallet.
15. The communication system of claim 14, wherein the communication system further comprises a gateway;
the blockchain hard wallet is further configured to sign the ticket information with the private key to obtain a second signature in response to a third invocation request of the communication device; transmitting the second signature to the communication device;
the communication device is further configured to send third information to a gateway, the third information including the ticket information, the second signature and the token encrypted with the private key, so that the gateway signs the second signature with the public key and sends the ticket information to the service management platform for settlement if the sign is successful;
The gateway is configured to receive the third information, check the second signature by using the public key, and send the ticket information to the service management platform if the check is successful;
the service management platform is further configured to receive the ticket information and settle accounts.
16. The communication system of claim 15, wherein,
the plurality of pieces of information and the third information further include an address of the blockchain hard wallet on a blockchain;
the gateway is further configured to send the token and the address encrypted with the private key to the service management platform; receiving the public key sent by the service management platform under the condition that the token is successfully verified;
the service management platform is further configured to receive the token and the address encrypted by the private key; and determining the public key based on the address and the corresponding relation, decrypting the token encrypted by the private key by using the public key, and verifying the decrypted token.
17. The communication system of claim 15, wherein,
the communication device is further configured to call a fourth request to the blockchain hard Bao Faqi prior to sending the ticket information to the gateway;
The blockchain hard wallet is further configured to encrypt the ticket information with the private key in response to a fourth invocation request of the communication device.
18. The communication system of claim 13, wherein,
the blockchain hard wallet includes a blockchain user identity module BSIM card.
19. A computer readable storage medium comprising computer program instructions, wherein the computer program instructions, when executed by a processor, implement the method of any of claims 1-10.
20. A computer program product comprising a computer program, wherein the computer program, when executed by a processor, implements the method of any of claims 1-10.
CN202210826035.5A 2022-07-14 2022-07-14 Communication method, device, system and computer readable storage medium Pending CN117440374A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210826035.5A CN117440374A (en) 2022-07-14 2022-07-14 Communication method, device, system and computer readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210826035.5A CN117440374A (en) 2022-07-14 2022-07-14 Communication method, device, system and computer readable storage medium

Publications (1)

Publication Number Publication Date
CN117440374A true CN117440374A (en) 2024-01-23

Family

ID=89546743

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210826035.5A Pending CN117440374A (en) 2022-07-14 2022-07-14 Communication method, device, system and computer readable storage medium

Country Status (1)

Country Link
CN (1) CN117440374A (en)

Similar Documents

Publication Publication Date Title
US10601801B2 (en) Identity authentication method and apparatus
WO2022206349A1 (en) Information verification method, related apparatus, device, and storage medium
WO2019079356A1 (en) Authentication token with client key
EP2767029B1 (en) Secure communication
CN103415008A (en) Encryption communication method and encryption communication system
CN102571340A (en) Certificate authentication device as well as access method and certificate update method thereof
CN102056077B (en) Method and device for applying smart card by key
CN103780620A (en) Network security method and network security system
CN111131416A (en) Business service providing method and device, storage medium and electronic device
CN108270568A (en) A kind of mobile digital certificate device and its update method
US20230336998A1 (en) Safe mode configuration method, device and system, and computer-readable storage medium
CN117081736A (en) Key distribution method, key distribution device, communication method, and communication device
CN114531225A (en) End-to-end communication encryption method, device, storage medium and terminal equipment
CN110690969A (en) Method and system for completing bidirectional SSL/TLS authentication in cooperation of multiple parties
CN103873245B (en) Dummy machine system data ciphering method and equipment
CN113992427A (en) Data encryption sending method and device based on adjacent nodes
CN102202291B (en) Card-free terminal, service access method and system thereof, terminal with card and bootstrapping server function (BSF)
CN103392323B (en) A kind of method and apparatus of IPSEC negotiation
CN113676468B (en) Three-party enhanced authentication system design method based on message verification technology
CN114090996B (en) Mutual trust authentication method and device for multiparty system
CN115987634A (en) Acquisition of plaintext data, key acquisition method, device, electronic equipment, and medium
CN113727059B (en) Network access authentication method, device and equipment for multimedia conference terminal and storage medium
CN116599719A (en) User login authentication method, device, equipment and storage medium
CN117440374A (en) Communication method, device, system and computer readable storage medium
CN115001705A (en) Network protocol security improving method based on encryption equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination