User identity authentication method and system for discovery service

Abstract

The invention relates to a user identity authentication method and system for discovery service. A plurality of user identity authentication servers form a DHT network, and the identification of each server is obtained through a public key for calculating the owner of the server and the Hash value of a random number provided by the public key; each user identity authentication server performs authentication on the identity of a user on the basis of PKI, if the identity authentication passes, a bill packaged in the SAML format is generated, then the bill is divided into a plurality of small data fragments, and the small data fragments are stored; a DS server receives an inquiry quest of the user, the storage positions of the corresponding data fragments are worked out, an original bill is restored, then authentication on the identity of the user is performed according to the restored bill, and after the identity authentication passes, the server address of enterprise information relevant to the RFID identification of an inquired article is fed back. Due to the adoption of the user identity authentication method and system for discovery service, the user can have access to a DS many times in a period of time when authentication on the identity of the user is only performed one time, the procedures for the user to have access to the DS can be simplified, and the resource consumption of the user can be reduced.

Description

technical field [0001] The invention belongs to the field of information technology, and in particular relates to a user identity verification method and system for discovery services. Background technique [0002] In recent years, RFID (Radio-Frequency Identification) has been widely used in the identification of items in manufacturing, logistics, retail and other industries. Discovery Service (Discovery Service, DS), as a key support service for tracking and tracing items in the supply chain, is designed to provide users with information servers (Information Service, IS) mapping service between addresses. The mapping information between the items stored in the DS and the relevant IS server addresses can reflect commercially sensitive information such as the circulation mode of the items and the trade relationship between enterprises. Therefore, DS must first verify the user's identity, and then decide whether to allow the user's access according to its access control pol...

AI Technical Summary

Problems solved by technology

However, DS needs to verify the user's identity based on PKI every time before allowing the user to access, which not only increases the complexity of the user's access to DS, but also consumes a lot of user resources (CPU, bandwidth, etc.)

Therefore, the PKI-based user authentication scheme cannot well meet the actual use needs of users.

To sum up, the two mainstream schemes currently used in DS to authenticate users cannot meet the actual application requirements well.

Images