B: and processing the spliced target identifier analysis request message of the recursion analysis node 110 based on a summary algorithm, and determining a summary result message of the recursion analysis node 110.

Here, the spliced target identifier resolution request message of the recursion resolution node 110 is processed according to the summarization algorithm, and a summary result message of the recursion resolution node 110 is determined.

C: and signing the corresponding abstract result message based on the private key of the recursion analysis node 110, and determining a target identification analysis request message carrying signature information corresponding to the recursion analysis node 110.

Here, the digest result message of the recursion resolution node 110 is signed according to the private key of the recursion resolution node 110, so as to determine the target identifier resolution request message carrying the signature information corresponding to the recursion resolution node 110.

Wherein, the abstracting algorithm is used for the spliced target identification analysis request message to obtain an abstracted result message

Then using private key [ ]PK) For summary result message->

Signing to obtain target identification analysis request message carrying signature information>

. Here, other nodes solve the corresponding target identifier carrying signature informationThe processing procedure of the analysis request message is identical to the processing procedure of the recursion resolution node 110, and this part will not be described in detail.

In one possible implementation manner, the verification module 150 is configured to, for any one of the nodes, verify the target identifier resolution request message carrying signature information of the node based on public identifier information among the identifier information of the node, and if the verification is passed, make the node resolve an identifier field managed by its own node in the target identifier resolution request, and determine an identifier resolution result, where the verification module 150 is specifically configured to:

(1): and detecting whether signature verification of the public identity information on the target identity analysis request message carrying signature information is effective or not.

The verification module 150 detects whether signature verification of the target identifier resolution request message carrying signature information by using the public identity information of the node is valid.

(2): if the signature verification is effective, verifying the identity authentication credential in the spliced target identifier analysis request message based on a public key provided by a key generation center; if the verification is passed, the identity information of the node is valid, so that the node analyzes the identity field managed by the node in the target identity analysis request, and an identity analysis result is determined.

If the signature verification is valid, verifying the identity authentication credential in the spliced target identity analysis request message according to the public key provided by the key generation center, and if the signature verification is passed, considering the identity information of the node to be valid, so that the node analyzes the identity field managed by the node in the target identity analysis request, and determining the identity analysis result.

Wherein, after receiving the target identifier resolution request message carrying the signature information, the verification module 150 verifies the integrity of the target identifier resolution request message carrying the signature information first, and uses the unique identity code id of the node to resolve the target identifier carrying the signature informationParsing request messages

And (5) performing verification. If the target identification resolution request message carrying the signature information is valid, the public key pair provided by the key generation center is further used for +. >

Is->

Performing verification and determining->

Is effective in the following.

In one possible implementation, the verification module 150 is further configured to:

determining limited identity information based on the identity information; detecting whether the corresponding identity authentication credentials are overdue based on identity validity periods among the limited identity information; if yes, a request for regenerating the identity authentication credentials is sent to the node.

Here, the identity information is determinedID) Determining limited identity informationpid) And detecting whether the corresponding identity authentication credential is overdue according to the identity validity period in the limited identity information, and if so, sending a request for regenerating the identity authentication credential corresponding to the node.

Further, referring to fig. 2, fig. 2 is a second schematic structural diagram of an industrial internetidentification analysis system 100 according to an embodiment of the present application. As shown in fig. 2, the industrial internetidentification resolution system 100 further includes an identification resolutionaccess authentication module 160, where the identification resolutionaccess authentication module 160 is communicatively connected to a plurality of the nodes.

Specifically, the identifier resolutionaccess authentication module 160 is configured to determine, after the recursive resolution node 110, the enterprise node 120, the secondary node 130, and the national top node 140 send a request for applying for an identity authentication credential, an identity authentication credential corresponding to each node based on the key generation center and identity information provided by each node; wherein the identity information comprises public identity information and limited identity information.

Here, the id resolutionaccess authentication module 160 determines the id authentication credentials corresponding to each node according to the id information provided by the key generation center and each node after receiving the request for applying the id authentication credentials sent by the recursive resolution node 110, the enterprise node 120, the secondary node 130, and the national top node 140.

In one possible implementation manner, the identity resolutionaccess authentication module 160 is specifically configured to, when determining, based on the key generation center and the identity information provided by each of the nodes, an identity authentication credential corresponding to each of the nodes, where the identity resolutionaccess authentication module 160 is configured to:

i: and the key generation center issues corresponding private keys to the nodes corresponding to the public identity information.

Here, the key generation center issues a corresponding private key to each node to which the public identity information corresponds.

Wherein the private keys corresponding to different public identity information are different.

II: each private key signs the corresponding identity information, and the identity authentication credentials corresponding to each node are determined.

Here, each private key signs the corresponding identity information, and determines the identity certification credential corresponding to each node.

In the scheme, the certificate-free signature method based on the identification password can reduce the resource occupation and construction cost brought by digital certificate management, break through the original resource limitation and design bottleneck, and better ensure the safety of an industrial Internet identification analysis system.

In particular embodiments, the identity resolutionaccess authentication module 160 uses an identity password to provide identity information from an access nodeThe private key is issued to the access node. The key generating center (private key generator, PKG) corresponds to the public identity informationid) Generating private key of corresponding nodePK) To ensure identification information in an issuing keyIDThe PKG uses its own private key to identify node identity informationIDSigning to generate identity authentication credentialsAT. Wherein,,PKGthe keys issued to each node are

. Wherein the method comprises the steps ofCKRepresentation ofPKGA full key issued for each node.PKRepresenting the private key used by the node to actually sign.ATAnd the identity certificate obtained after the PKG signs the node identity information is represented.

In one possible implementation manner, the identifier resolutionaccess authentication module 160 obtains the identity information provided by each node through the following steps:

and the nodes of each level respectively transmit corresponding identity information to the upper level nodes, and finally the national top level node 140 collects and submits the identity information of each level of nodes to the identity analysis node access authentication module.

Here, each level of nodes respectively transmit corresponding identity information to the upper level node, and finally, the country top level node 140 submits the identity information of each level of nodes to the identity analysis node access authentication module in a summarized manner.

The industrial Internet identification analysis system comprises a plurality of nodes and a verification module, wherein the nodes comprise recursion analysis nodes, enterprise nodes, secondary nodes and national top nodes; the recursion analysis node is in communication connection with the enterprise node, the secondary node and the national top node, the verification module is in communication connection with a plurality of nodes, the enterprise node is in communication connection with the secondary node, and the secondary node is in communication connection with the national top node; the recursion analysis node is used for sending a bidirectional identity authentication request to the enterprise node, the secondary node and the national top node when providing analysis service for the target identification analysis request message after receiving the target identification analysis request message sent by the user terminal; any node is used for splicing the target identification analysis request message with the identification information corresponding to the node and the corresponding identification certification certificate after receiving the bidirectional identification certification request, and determining the target identification analysis request message carrying the signature information corresponding to the node; the verification module is used for verifying the target identification analysis request message carrying the signature information of the node based on public identity information in the identity information of any node, if the verification is passed, the node analyzes the identification field managed by the node in the target identification analysis request, and an identification analysis result is determined. By using public identity information to replace public key certificates, certificate-free signature can be realized, corresponding management cost is reduced, and the safety of an industrial Internet identity analysis system is improved.

Referring to fig. 3, fig. 3 is a flowchart of an industrial internet identifier parsing method according to an embodiment of the present application. As shown in fig. 3, the industrial internet identification analysis method includes:

s301: after receiving a target identification analysis request message sent by a user terminal, the recursion analysis node sends a bidirectional identity authentication request to enterprise nodes, secondary nodes and national top nodes when providing analysis service for the target identification analysis request message.

In the step, after receiving a target identification analysis request message sent by a user terminal, a recursion analysis node sends a bidirectional identity authentication request to an enterprise node, a secondary node and a national top node when providing analysis service for the target identification analysis request message.

S302: after receiving the bidirectional identity authentication request, the recursion analysis node, the enterprise node, the secondary node and the national top node splice the target identification analysis request message with the identity information corresponding to each node and the corresponding identity authentication credentials, and determine the target identification analysis request message carrying signature information corresponding to each node.

In the step, after receiving a bidirectional identity authentication request, a recursion analysis node, an enterprise node, a secondary node and a national top node splice the target identification analysis request message with the identity information corresponding to each node and the corresponding identity authentication credentials to determine the target identification analysis request message carrying signature information corresponding to each node.

S303: and verifying the target identification analysis request message carrying the signature information of the node based on the public identity information in the identity information of the node aiming at any node, and if the verification is passed, analyzing the identification field managed by the node of the target identification analysis request, and determining an identification analysis result.

In the step, for any node, a verification module verifies the target identification analysis request message carrying signature information of the node according to public identity information in the identity information of the node, if the verification is passed, the node analyzes an identification field managed by the node in the target identification analysis request, and an identification analysis result is determined.

The identification analysis result can be an internet domain name analysis result, and can be used for inquiring a server address for storing product information through the product identification or directly inquiring the product information and related services.

In one possible implementation manner, the industrial internet identification resolution method further comprises:

after the recursion analysis node, the enterprise node, the secondary node and the national top node send a request for applying for identity authentication credentials, determining the identity authentication credentials corresponding to the nodes based on the key generation center and the identity identification information provided by the nodes; wherein the identity information comprises public identity information and limited identity information.

In one possible implementation manner, the determining, based on the key generating center and the identity information provided by each node, the identity authentication credential corresponding to each node includes:

In one possible implementation manner, after receiving the bidirectional identity authentication request, the any one of the nodes is configured to splice the target identifier resolution request message with the identity information corresponding to the node and the corresponding identity authentication credential, and determine a target identifier resolution request message corresponding to the node and carrying signature information, where the method includes:

In one possible implementation manner, the verifying the target identifier analysis request message carrying signature information of the node based on public identifier information in the identifier information of the node, if the verification is passed, so that the node analyzes an identifier field managed by its own node in the target identifier analysis request, and determines an identifier analysis result, including:

determining limited identity information based on the identity information;

In one possible implementation manner, the module obtains the identification information provided by each node by the following steps:

The embodiment of the application provides an industrial Internet identification analysis method, which comprises the following steps: after receiving a target identification analysis request message sent by a user side, a recursion analysis node sends a bidirectional identity authentication request to an enterprise node, a secondary node and a national top node when providing analysis service for the target identification analysis request message; after receiving a bidirectional identity authentication request, the recursion analysis node, the enterprise node, the secondary node and the national top node splice the target identification analysis request message with the identity information corresponding to each node and the corresponding identity authentication credentials to determine the target identification analysis request message carrying signature information corresponding to each node; and verifying the target identification analysis request message carrying the signature information of the node based on the public identity information in the identity information of the node aiming at any node, and if the verification is passed, analyzing the identification field managed by the node of the target identification analysis request, and determining an identification analysis result. By using public identity information to replace public key certificates, certificate-free signature can be realized, corresponding management cost is reduced, and the safety of an industrial Internet identity analysis system is improved.

Referring to fig. 4, fig. 4 is a schematic structural diagram of an electronic device according to an embodiment of the present application. As shown in fig. 4, theelectronic device 400 includes aprocessor 410, amemory 420, and abus 430.

Thememory 420 stores machine-readable instructions executable by theprocessor 410, when theelectronic device 400 is running, theprocessor 410 communicates with thememory 420 through thebus 430, and when the machine-readable instructions are executed by theprocessor 410, the steps of the industrial internet identification resolution method in the method embodiment shown in fig. 3 can be executed, and the specific implementation is referred to the method embodiment and will not be described herein.

The embodiment of the present application further provides a computer readable storage medium, where a computer program is stored on the computer readable storage medium, and when the computer program is executed by a processor, the steps of the industrial internet identification analysis method in the method embodiment shown in fig. 3 may be executed, and a specific implementation manner may refer to the method embodiment and will not be described herein.

It will be clear to those skilled in the art that, for convenience and brevity of description, specific working procedures of the above-described systems, apparatuses and units may refer to corresponding procedures in the foregoing method embodiments, and are not repeated herein.

In the several embodiments provided in this application, it should be understood that the disclosed systems, devices, and methods may be implemented in other manners. The above-described apparatus embodiments are merely illustrative, for example, the division of the units is merely a logical function division, and there may be other manners of division in actual implementation, and for example, multiple units or components may be combined or integrated into another system, or some features may be omitted, or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be through some communication interface, device or unit indirect coupling or communication connection, which may be in electrical, mechanical or other form.

The units described as separate units may or may not be physically separate, and units shown as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.

In addition, each functional unit in each embodiment of the present application may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit.

The functions, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a non-volatile computer readable storage medium executable by a processor. Based on such understanding, the technical solution of the present application may be embodied essentially or in a part contributing to the prior art or in a part of the technical solution, in the form of a software product stored in a storage medium, including several instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to perform all or part of the steps of the methods described in the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a random access Memory (Random Access Memory, RAM), a magnetic disk, or an optical disk, or other various media capable of storing program codes.

Finally, it should be noted that: the foregoing examples are merely specific embodiments of the present application, and are not intended to limit the scope of the present application, but the present application is not limited thereto, and those skilled in the art will appreciate that while the foregoing examples are described in detail, the present application is not limited thereto. Any person skilled in the art may modify or easily conceive of the technical solution described in the foregoing embodiments, or make equivalent substitutions for some of the technical features within the technical scope of the disclosure of the present application; such modifications, changes or substitutions do not depart from the spirit and scope of the technical solutions of the embodiments of the present application, and are intended to be included in the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.

Claims

1. The industrial Internet identification analysis system is characterized by comprising a plurality of nodes and a verification module, wherein the nodes comprise recursion analysis nodes, enterprise nodes, secondary nodes and national top-level nodes; the recursion analysis node is in communication connection with the enterprise node, the secondary node and the national top node, the verification module is in communication connection with a plurality of nodes, the enterprise node is in communication connection with the secondary node, and the secondary node is in communication connection with the national top node; wherein,,

2. The industrial internet identification resolution system of claim 1, further comprising an identification resolution access authentication module, the identification resolution access authentication module in communication with a plurality of the nodes; wherein,,

3. The industrial internet identification resolution system according to claim 2, wherein the identification resolution access authentication module is specifically configured to:

4. The industrial internet identification resolution system according to claim 1, wherein, for the recursive resolution node, the any one of the nodes is configured to, after receiving a bidirectional identity authentication request, splice a target identification resolution request message with identity information corresponding to the node and corresponding identity authentication credentials, and determine a target identification resolution request message corresponding to the node and carrying signature information, where the target identification resolution request message includes:

5. The industrial internet identifier analysis system according to claim 1, wherein the verification module is configured to, when the verification module is configured to verify, for any one of the nodes, the target identifier analysis request message carrying signature information of the node based on public identity information among the identity information of the node, and if the verification is passed, so that the node analyzes an identifier field managed by its own node in the target identifier analysis request, and determine an identifier analysis result, the verification module is specifically configured to:

6. The industrial internet identification resolution system of claim 5, wherein the verification module is further configured to:

determining limited identity information based on the identity information;

7. The industrial internet identification resolution system according to claim 2, wherein the identification resolution access authentication module obtains the identification information provided by each node by:

8. An industrial internet identification analysis method, which is characterized in that the industrial internet identification analysis method is applied to the industrial internet identification analysis system of any one of claims 1 to 7, and the industrial internet identification analysis method comprises the following steps:

9. An electronic device, comprising: a processor, a memory and a bus, the memory storing machine-readable instructions executable by the processor, the processor and the memory in communication via the bus when the electronic device is running, the machine-readable instructions when executed by the processor performing the steps of the industrial internet identification resolution method of claim 8.

10. A computer readable storage medium, characterized in that the computer readable storage medium has stored thereon a computer program which, when executed by a processor, performs the steps of the industrial internet identification resolution method according to claim 8.