Activity recognition method, apparatus, device, system, and storage medium

By using identification certificates issued by trusted terminals and activity information for interactive verification during telecommunications activities, the problems of low identity verification security and high operating costs in existing technologies are solved, enabling fast, efficient, and secure activity processing.

CN116781310BActive Publication Date: 2026-06-16CHINA MOBILE (SUZHOU) SOFTWARE TECH CO LTD +1

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Patents(China)
Current Assignee / Owner
CHINA MOBILE (SUZHOU) SOFTWARE TECH CO LTD
Filing Date
2022-10-31
Publication Date
2026-06-16

AI Technical Summary

Technical Problem

In existing technologies, methods that verify identity by checking the authorization letter of the event organizer and calling the service hotline of the telecommunications operator have problems of low security and high operating costs.

Method used

When an authorized service terminal handles an activity, the user terminal obtains the identification certificate issued by the trusted terminal and the activity information of the activity to be handled. The verification result is obtained through interactive verification to ensure the legitimacy of the user terminal and the service terminal.

Benefits of technology

It improves the effectiveness of identity verification, reduces the possibility of identity information leakage, and enables fast, efficient, and secure event processing.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN116781310B_ABST
    Figure CN116781310B_ABST
Patent Text Reader

Abstract

Embodiments of the present disclosure disclose an activity identification method, device, equipment, system and storage medium, wherein the method comprises: in the case that an operation terminal authorizes a service terminal to handle an activity, a user terminal acquires an identification certificate issued by a trusted terminal and activity information of an activity to be handled; based on the activity information of the activity to be handled and the identification certificate, the user terminal and the service terminal perform interactive verification to obtain a verification result; in the case that the verification result represents that the identities of the user terminal and the service terminal are legal, the handling of the activity to be handled is completed. The embodiments of the present disclosure can improve the security and efficiency of verification, etc.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This disclosure relates to, but is not limited to, the field of computer technology, and in particular to an activity identification method, apparatus, device, system, and storage medium. Background Technology

[0002] To avoid online fraud related to telecommunications activities, related technologies allow users to verify the identity of the event organizer by checking their authorization letter, employee ID, or other documents, or by calling the telecommunications operator's service hotline to confirm the authenticity of the event. However, authorization letters and employee IDs are easily forged, reducing the security of verification; calling the telecommunications operator's service hotline increases the operator's operating costs and reduces call connection rates. Summary of the Invention

[0003] In view of the above, embodiments of this disclosure provide at least one activity identification method, apparatus, device, system, and storage medium.

[0004] The technical solution of this disclosure embodiment is implemented as follows:

[0005] On one hand, this disclosure provides an activity identification method, including: when an operating terminal authorizes a service terminal to handle an activity, a user terminal obtains an identification certificate issued by a trusted terminal and activity information of the activity to be handled; based on the activity information of the activity to be handled and the identification certificate, the user terminal performs interactive verification with the service terminal to obtain a verification result; and when the verification result indicates that the user terminal and the service terminal are legitimate, the handling of the activity to be handled is completed.

[0006] On the other hand, this disclosure provides an activity identification method, including: when an operating terminal authorizes a service terminal to handle an activity, the service terminal receives activity information and identification certificate of the activity to be handled from a user terminal; based on the activity information of the activity to be handled and the identification certificate, it performs interactive verification with the user terminal to obtain a verification result; and if the verification result indicates that the identities of the user terminal and the service terminal are legitimate, it completes the handling of the activity to be handled.

[0007] In another aspect, embodiments of this disclosure provide an activity identification device, comprising: a first acquisition module, used to acquire, when an operating terminal authorizes a service terminal to handle an activity, an identification certificate issued by a trusted terminal and activity information of the activity to be handled; a first verification model, used to perform interactive verification with the service terminal based on the activity information of the activity to be handled and the identification certificate, and obtain a verification result; and a first processing module, used to complete the processing of the activity to be handled when the verification result indicates that the identities of the user terminal and the service terminal are legitimate.

[0008] In another aspect, embodiments of this disclosure provide an activity identification device, comprising: a receiving module, configured to receive activity information and an identification certificate of an activity to be processed from a user terminal when an operating terminal authorizes a service terminal to process an activity; a second verification module, configured to perform interactive verification with the user terminal based on the activity information of the activity to be processed and the identification certificate, and obtain a verification result; and a second processing module, configured to complete the processing of the activity to be processed when the verification result indicates that the identities of the user terminal and the service terminal are legitimate.

[0009] In another aspect, embodiments of this disclosure provide a computer device including a memory and a processor, the memory storing a computer program executable on the processor, the processor executing the program to implement some or all of the steps in the above-described method.

[0010] In another aspect, this disclosure provides an activity identification system, comprising: a trusted terminal for generating public parameters and an identification certificate; an operating terminal for authorizing a service terminal; a user terminal for, when the operating terminal authorizes the service terminal to handle an activity, obtaining an identification certificate issued by the trusted terminal and activity information of the activity to be handled; interactively verifying with the service terminal based on the activity information of the activity to be handled and the identification certificate to obtain a verification result; and completing the handling of the activity to be handled if the verification result indicates that the identities of the user terminal and the service terminal are legitimate; and the service terminal for, when the operating terminal authorizes the service terminal to handle an activity, receiving activity information and an identification certificate of the activity to be handled sent by the user terminal; interactively verifying with the user terminal based on the activity information of the activity to be handled and the identification certificate to obtain a verification result; and completing the handling of the activity to be handled if the verification result indicates that the identities of the user terminal and the service terminal are legitimate.

[0011] In another aspect, embodiments of this disclosure provide a computer-readable storage medium having a computer program stored thereon, which, when executed by a processor, implements some or all of the steps in the above-described method.

[0012] In another aspect, embodiments of this disclosure provide a computer program including computer-readable code, which, when executed in a computer device, causes a processor in the computer device to perform some or all of the steps in the above-described method.

[0013] In another aspect, embodiments of this disclosure provide a computer program product, the computer program product including a non-transitory computer-readable storage medium storing a computer program, wherein when the computer program is read and executed by a computer, it implements some or all of the steps in the above method.

[0014] In this embodiment, after the operating terminal successfully authorizes the service terminal, the user terminal can obtain the activity information of the pending activity and the identification certificate issued by the trusted terminal. This improves the validity of the identification certificate. Then, the user terminal can interact with the service terminal to verify the identity based on a verification request message carrying the activity information and identification certificate, obtaining a verification result that can characterize the legitimacy of both the user terminal and the service terminal. Thus, by verifying with the authorized service terminal through a verification request message containing activity information and identification certificate, the effectiveness of verification is improved, and the possibility of identity information leakage is reduced. Finally, if the verification result indicates successful verification, the user terminal and the service terminal complete the pending activity. This facilitates the rapid, efficient, and secure realization of two-way identity verification between users and employees, as well as the identification of pending activities.

[0015] It should be understood that the above general description and the following detailed description are merely exemplary and explanatory, and are not intended to limit the technical solutions of this disclosure. Attached Figure Description

[0016] The accompanying drawings, which are incorporated in and form part of this specification, illustrate embodiments consistent with this disclosure and, together with the specification, serve to illustrate the technical solutions of this disclosure.

[0017] Figure 1 A schematic diagram illustrating the implementation flow of the first activity identification method provided in this embodiment of the disclosure;

[0018] Figure 2 A schematic diagram illustrating the implementation flow of the second activity identification method provided in this embodiment of the disclosure;

[0019] Figure 3 A schematic diagram illustrating the implementation flow of the third activity identification method provided in this embodiment of the disclosure;

[0020] Figure 4 A schematic diagram illustrating the implementation flow of the fourth activity identification method provided in this embodiment of the disclosure;

[0021] Figure 5 A schematic diagram illustrating the implementation flow of the fifth activity identification method provided in this embodiment of the disclosure;

[0022] Figure 6 This is a schematic diagram of the composition structure of the first activity recognition device provided in the embodiments of this disclosure;

[0023] Figure 7 This is a schematic diagram of the composition structure of the second type of activity recognition device provided in the embodiments of this disclosure;

[0024] Figure 8This is a schematic diagram of the hardware entity of a computer device provided in an embodiment of this disclosure. Detailed Implementation

[0025] To make the objectives, technical solutions, and advantages of this disclosure clearer, the technical solutions of this disclosure are further described in detail below with reference to the accompanying drawings and embodiments. The described embodiments should not be regarded as limitations on this disclosure. All other embodiments obtained by those skilled in the art without creative effort are within the scope of protection of this disclosure.

[0026] In the following description, references to "some embodiments" describe a subset of all possible embodiments; however, it is understood that "some embodiments" may be the same subset or different subsets of all possible embodiments and may be combined with each other without conflict. The terms "first / second / third" are used merely to distinguish similar objects and do not represent a specific ordering of objects. It is understood that "first / second / third" may be interchanged in a specific order or sequence where permitted, so that the embodiments of this disclosure described herein can be implemented in orders other than those illustrated or described herein.

[0027] Unless otherwise defined, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this disclosure pertains. The terminology used herein is for descriptive purposes only and is not intended to limit the scope of this disclosure.

[0028] This disclosure provides an activity identification method, which can be executed by a processor of a computer device. The computer device can refer to a user terminal, a trusted terminal, a service terminal, or an operational terminal, etc. The computer device may include a server, laptop computer, tablet computer, desktop computer, smart TV, set-top box, mobile device (e.g., mobile phone, portable video player, personal digital assistant, dedicated messaging device, portable gaming device), or other device with network connectivity. In some embodiments, the activity identification method of this disclosure can be applied to telecommunications marketing activities. For example: first, the user obtains an identification certificate from the trusted terminal through the user terminal; then, the telecommunications operator's employee authorizes the operational terminal through the service terminal; next, the user terminal corresponding to the user verifies the service terminal corresponding to the employee, obtaining a verification result; finally, if the verification result indicates successful verification, the user and employee conduct telecommunications marketing activities such as recharging mobile phone credit.

[0029] Figure 1 This is a schematic diagram illustrating the implementation flow of an activity recognition method provided in an embodiment of this disclosure. This method can be executed by the processor of a user terminal, such as... Figure 1 As shown, the method includes the following steps S101 to S103:

[0030] In step S101, when the user terminal is authorized by the operating terminal to handle the activity, the user terminal obtains the identification certificate issued by the trusted terminal and the activity information of the activity to be handled.

[0031] Here, when the activity is a telecommunications marketing campaign, the operating terminal can refer to the operating platform corresponding to the telecommunications operator. The operating terminal can authorize the service terminal corresponding to the employee, enabling the service terminal to have the authority and ability to handle and verify the corresponding activity. For example, the operating terminal can obtain information such as employee identification and activity identification, and use a preset verification method to verify the authenticity of the information. If the employee identification and activity identification are found to be genuine, the authorization is successful, and the service terminal is allowed to handle the activity. If the employee identification and activity identification are found to be fake, the authorization fails, and the service terminal is not allowed to handle the activity.

[0032] A trusted terminal can refer to a terminal issued by a certified and qualified third-party security organization, such as a Certificate Authority (CA). An identification certificate is an authentication of a user's public key issued by a trusted terminal. An identification certificate may include information such as the electronic certification authority's information, the public key user's information, the public key itself, the authority's signature, and the validity period. The format and verification method of the identification certificate can follow international standards such as X.509. If a user wants their own certificate, they can first send an application request to the trusted terminal. After the trusted terminal identifies the applicant (i.e., the user), it assigns the user a public key. The trusted terminal then links this public key with the user's identity information and signs the linked information to obtain the identification certificate. Finally, the trusted terminal can send the identification certificate to the user. If a user terminal wants to verify the authenticity of another identification certificate, it can use the public key in the identification certificate to verify the signature on the identification certificate and obtain the verification result. If the verification result indicates that the verification is successful, such as outputting TRUE, the user terminal determines that the current identification certificate is valid. If the verification result indicates that the verification is unsuccessful, such as outputting FLASE, the user terminal determines that the current identification certificate is invalid.

[0033] "Pending activities" can refer to services that users need to complete, such as phone bill top-ups, package selection, and broadband subscriptions. The activity information for pending activities refers to information used by user terminals and service terminals for user and employee authentication and activity verification. Activity information can include at least one or more of the following: activity identifier, activity name, activity effective time, activity expiration time, activity strategy, activity scope, and the identity identifiers of users and employees requiring activity completion, as well as timestamps during the verification process. Timestamps represent the time of information interaction between user terminals and service terminals. If the timestamp indicates that the identification information received by the user terminal or service terminal exceeds a preset time threshold, verification between the user terminal and service terminal can be stopped; if the timestamp indicates that the identification information received by the user terminal or service terminal does not exceed the preset time threshold, interactive verification can proceed.

[0034] Step S101 includes: during the process of authorizing the operation terminal to handle the activity from the service terminal, the employee pre-sets the activity information through the service terminal and sends the activity information to the user terminal; the trusted terminal pre-sets the identification certificate and sends the identification certificate to the user terminal so that the user terminal can obtain the identification certificate and the activity information.

[0035] Step S102: Based on the activity information of the activity to be processed and the identification certificate, perform interactive verification with the service terminal to obtain the verification result.

[0036] Here, the verification result can represent the legitimacy of the user terminal and the service terminal's respective identities. The verification result is at least the result obtained through interactive verification based on the activity information of the activity to be processed. That is, the user terminal can verify both the activity to be processed and the identity of the employee to which the service terminal belongs. During the implementation of step S102, it may include: the user terminal receiving a signature method sent by the trusted terminal, the user terminal using the signature method to sign the identification information and identification certificate, obtaining the signed verification request information, and sending the signed verification request information to the service terminal; the service terminal receiving a verification method sent by the trusted terminal, the service terminal using the verification method to verify the received signed verification request information, and obtaining a verification result; wherein, there is a corresponding relationship between the signature method and the verification method sent by the trusted terminal.

[0037] The implementation of step S102 may further include: sending a verification request message to the service terminal; and receiving a verification response message carrying a verification result from the service terminal. Here, the verification request message may at least carry activity information and an identification certificate for the activity to be processed, and is used for information transmission between the user terminal and the service terminal. For example, the activity information and identification certificate may be signed using a preset signature method to obtain a verification request message, which is then sent to the service terminal. The verification response message may carry a verification result and is used for information transmission between the user terminal and the service terminal. In some embodiments, the implementation may further include: signing the activity information and identification certificate using different signature methods to obtain a first verification request message and a second verification request message; first sending the first verification request message to the service terminal for verification to obtain a first response message; and, upon receiving the first response message, parsing it, and determining that the response result indicates successful first verification, sending the second verification request message to the service terminal to continue verification.

[0038] Verification results can include "TRUE" and "FLASE," such as indicating that the user terminal's identity is legitimate (TRUE) or illegitimate (FLASE). The verification result can be generated by the user terminal using a verification method, or by the service terminal using a verification method. The user terminal can receive verification results sent by the service terminal.

[0039] Step S103: If the verification result indicates that the user terminal and the service terminal are legitimate, the pending activity is processed.

[0040] Here, if the verification result is true, it indicates that the user terminal and the service terminal are legitimate; if the verification result is false, it indicates that the user terminal and the service terminal are illegitimate. When both the user terminal and the service terminal are legitimate, the user terminal can initiate a processing request for the pending activity to the service terminal. The service terminal receives the processing request, parses it, and obtains the user's demand information, such as the selected package type. Based on the user's demand information, the service terminal can adjust the activity attributes of the activity currently being processed. The activity attributes characterize the attributes of the service operation when the user executes the activity. For example, if the activity is a network traffic package selection and the service to which the activity belongs is a traffic monitoring service, then the activity attribute can be the amount of data transmitted by the user terminal. The service terminal can adjust the amount of data allowed for data transmission by the user terminal.

[0041] In this embodiment, after the operating terminal successfully authorizes the service terminal, the user terminal can obtain the activity information of the pending activity and the identification certificate issued by the trusted terminal. This improves the validity of the identification certificate. Then, the user terminal can interact with the service terminal to verify the identity based on a verification request message carrying the activity information and identification certificate, obtaining a verification result that can characterize the legitimacy of both the user terminal and the service terminal. Thus, by verifying with the authorized service terminal through a verification request message containing activity information and identification certificate, the effectiveness of verification is improved, and the possibility of identity information leakage is reduced. Finally, if the verification result indicates successful verification, the user terminal and the service terminal complete the pending activity. This facilitates the rapid, efficient, and secure realization of two-way identity verification between users and employees, as well as the identification of pending activities.

[0042] In some embodiments, before implementing step S101, the method may further include the following steps S111 to S113:

[0043] Step S111: Obtain the preset public parameters and the first signature method from the trusted terminal.

[0044] Here, public parameters can refer to parameters that can be shared by trusted terminals, user terminals, service terminals, and operational terminals. Trusted terminals can pre-generate public parameters and a first signature method, and then send these to the corresponding trusted terminals, user terminals, service terminals, and operational terminals, respectively. The first signature method can refer to algorithms used to sign activity information and / or identification certificates, such as asymmetric (Rabin) signatures, Digital Signature Standard (DSS) signatures, and block cipher (RSA) signatures. Public parameters may include: a large prime number p, and the discrete logarithm problem in the integer group Z modulo p. p * The following are difficult to handle: a large prime number q, and q|(p-1); a safety parameter t, etc., where q>2 t For most applications, setting t=160 will provide sufficient security. Trusted terminals can also pre-select a secure hash function, and all information is hashed before signing, such as the standard hash function algorithm (SM3). The user terminal's first signature method can be represented as Sig... TA .

[0045] Step S112: Randomly generate a first private key, and generate a first public key based on the first private key and the public parameters.

[0046] Here, the first private key and the first public key can refer to the key pair used by the user terminal to obtain the identification certificate from the trusted terminal. The user terminal can randomly select the first private key x. A ,x A ∈ R [0, q-1], and calculate the corresponding first public key y. A ,in

[0047] Step S113: Send the first public key to the trusted terminal.

[0048] Here, the user terminal can send the first public key to the trusted terminal according to a preset communication protocol.

[0049] In some embodiments, step S101 may include step S114:

[0050] Step S114: Obtain the identification certificate issued by the trusted terminal in response to the first public key.

[0051] Here, the identification certificate is generated by the trusted terminal based on the first verification information, the first public key, and the user terminal's identity identifier. The first verification information is obtained by the trusted terminal signing the first public key and the user terminal's identity identifier using a first signature method. During interaction with the user terminal, the trusted terminal can establish the current user terminal's identity and issue a user terminal identity identifier. The user terminal's identity identifier is used to represent the user terminal's identity, such as the identification string ID(A), etc. For example: the trusted terminal identifies (ID(A), (y... A Sign the document to obtain the first verification information s. A , where s A =Sig TA (ID(A),y A The first verification information, the first public key, and the user terminal's identity identifier are combined to obtain the identification certificate C(A), where C(A) = (ID(A), y A ,s A ).

[0052] In this embodiment of the disclosure, the user terminal determines a first public key and sends the first public key to a trusted terminal, so that the trusted terminal can accurately and securely generate an identification certificate.

[0053] In some embodiments, step S103 may include the following steps S1031 to S1035:

[0054] Step S1031: If the verification result indicates that the user terminal and the service terminal are legitimate, obtain the third timestamp determined based on the current time, the identity identifier of the user terminal, and the identity identifier of the operation terminal.

[0055] Here, the timestamp can be used for time limit verification. For example, when a user terminal receives a response message carrying a timestamp from a service terminal, if it determines that the timestamp falls within a preset time limit, it can continue verification with the service terminal; if it determines that the timestamp does not fall within the preset time limit, it stops verification with the service terminal. The user terminal can read the current time, determine the time difference between the current time and the preset time, and use this time difference as the third timestamp. Simultaneously, the user terminal can obtain its own identity identifier and the operator's identity identifier from trusted terminals; this is not a limitation.

[0056] Step S1032: Sign the identity identifier of the user terminal and the identity identifier of the operating terminal to obtain third verification information.

[0057] Here, during the authorization interaction between the operating terminal and the service terminal, the operating terminal can establish the identity of the service terminal and issue an identification string as the identity identifier of the operating terminal. The identity identifier of the operating terminal can be jointly determined by the identity identifier of the service terminal and the activity identifier of the activity to be processed. The identity identifier of the operating terminal can be represented as ID(B), and the identity identifier of the service terminal can be an employee's employee number or other identifier. Step S1042 includes: the user terminal combines the identity identifier of the user terminal and the identity identifier of the operating terminal to obtain the combined identifier (ID(A)||ID(B)); and signs the combined identifier using the first signature method to obtain the third verification information Sig. A .

[0058] Step S1033: Send the third verification information and the third timestamp to the service terminal.

[0059] Here, the user terminal can also send the third authentication information Sig A The third timestamp and the combined identifier (ID(A)||ID(B)) are sent to the service terminal so that the user terminal and the service terminal can perform secondary verification before the activity is processed.

[0060] Step S1034: Receive the third verification result sent by the service terminal in response to the third verification information and the third timestamp.

[0061] Here, the service terminal can obtain a preset verification method from the trusted terminal, use the preset verification method to verify the third verification information and the third timestamp, obtain the third verification result, and send the third verification result to the user terminal. The service terminal can also use the preset verification method to verify the third verification information Sig... A The third verification result is obtained by verifying the third timestamp and the combined identifier (ID(A)||ID(B)). The third verification result represents the result of verifying the legitimacy of the service terminal's identity again, and can include verification success or verification failure.

[0062] Step S1035: If the third verification result indicates that the service terminal's identity is legitimate, the pending activity is completed.

[0063] For example, the third verification result indicates that the service terminal's identity is legitimate, and the user terminal can conduct activities such as recharging phone bills with the service terminal.

[0064] In this embodiment, the user terminal performs secondary verification with the service terminal using third verification information and third timestamps, thereby improving the security of activity processing.

[0065] This disclosure provides an activity identification method, wherein the verification result includes a first verification result and a second verification result. This method can be executed by a processor of a user terminal, such as... Figure 2 As shown, the method includes the following steps S201 to S204:

[0066] Step S201 corresponds to the aforementioned step S101, and can be implemented with reference to the specific implementation of the aforementioned step S101; Step S204 corresponds to the aforementioned step S103, and can be implemented with reference to the specific implementation of the aforementioned step S103.

[0067] Step S202: Based on the activity information, perform the first verification with the service terminal to obtain the first verification result.

[0068] Here, the user terminal can first use the activity information to perform an initial verification or interaction with the service terminal to obtain a first verification result. The first verification result includes the verification result of the legitimacy of the service terminal's identity. For example, the user terminal uses a first signature method to sign the activity information, obtains the signed information, and sends the signed information to the service terminal; the service terminal uses a preset verification method to verify the signed information, obtains a first verification result, and sends the first verification result to the user terminal.

[0069] Step S203: If the first verification result indicates that the service terminal's identity is legitimate, a second verification is performed on the service terminal based on the identification certificate to obtain the second verification result.

[0070] Here, the second verification result includes the verification result of the user terminal's identity legitimacy, such as the second verification result indicating whether the user terminal's identity is legitimate or illegitimate. Step S203 includes: signing the identification certificate using the first signature method to obtain the signed identification certificate, and sending the signed identification certificate to the service terminal; the service terminal verifying the signed identification certificate using a preset verification method to obtain the first verification result, and sending the first verification result to the user terminal.

[0071] In this embodiment of the disclosure, the user terminal verifies the service terminal multiple times using activity information and identification certificates, which can improve the security and accuracy of the verification.

[0072] In some embodiments, step S202 may include the following steps: S2021 and S2023:

[0073] Step S2021: Obtain first signature information including at least a preset first public parameter and a first timestamp, and send the first signature information to the service terminal.

[0074] Here, the first signature information can refer to the information exchanged during the initial verification process between the user terminal and the service terminal. The first signature information may include at least a first timestamp and first public parameters. The first timestamp characterizes the time attribute of the user terminal sending the first signature information to the service terminal, and the first public parameters may include a preset key pair, a random string, etc. The user terminal can also obtain a first verification method from a trusted terminal, which can be represented as Ver. B wait.

[0075] In some embodiments, the user terminal may use a preset hash algorithm to hash the first signature information to obtain the hashed information, and then use a preset communication protocol to send the hashed information to the service terminal.

[0076] Step S2022: Receive the second verification information generated by the service terminal in response to the first signature information.

[0077] Here, the second verification information may include at least a preset second public parameter, a second timestamp, and an activity identifier for the pending activity. The second public parameter may include a key pair and a random number preset by the service terminal. The service terminal can obtain the second timestamp and sign the first signature information using a preset verification method to obtain the signed information; it can then combine the second public parameter, the signed information, the second timestamp, and the activity identifier for the pending activity to obtain the second verification information, and send the second verification information to the user terminal.

[0078] Step S2023: Verify the second verification information to obtain the first verification result.

[0079] Here, the user terminal can first determine whether the second timestamp falls within a preset duration threshold. If it is determined that the second timestamp falls within the preset duration threshold, the first verification method Ver is used. B The second verification information is verified to obtain the first verification result, which includes whether the service terminal is legitimate or illegitimate.

[0080] In this embodiment of the disclosure, the user terminal performs the first verification with the service terminal accurately and securely through the first signature information and the first verification method.

[0081] In some embodiments, step S203 may include the following steps: S2031 and S2032:

[0082] Step S2031: If the first verification result indicates that the identity of the service terminal is legitimate, obtain the second signature information, which includes at least a preset third public parameter and the identification certificate, and send the second signature information to the service terminal.

[0083] Here, the second signature information may include at least a third public parameter and an identification certificate. The third public parameter may include signature parameters generated based on the first and second public parameters. The user terminal can combine the third public parameter and the identification certificate to obtain the final information, and determine the combined information as the second signature information.

[0084] In some embodiments, the user terminal may use a preset hash algorithm to hash the second signature information to obtain the hashed information, and then use a preset communication protocol to send the hashed information to the service terminal.

[0085] Step S2032: Receive the second verification result generated by the service terminal in response to the second signature information.

[0086] Here, the service terminal can use a preset verification method to verify the second signature information and obtain a second verification result. The second verification result may include whether the user terminal is legitimate or illegitimate.

[0087] In this embodiment of the disclosure, the user terminal uses the second signature information to accurately and securely perform a second verification with the service terminal.

[0088] In some embodiments, step S2021 may include the following steps: S211 and S213:

[0089] Step S211: Obtain the first timestamp determined based on the current time.

[0090] Here, the user terminal can read the current time, determine the duration difference between the current time and the preset time, and determine this duration difference as the first timestamp t. A .

[0091] Step S212: Randomly generate a second private key and a random string, and generate a second public key based on the second private key and preset public parameters.

[0092] Here, the user terminal can randomly select the second private key k from [1, q-1] and determine the second public key γ corresponding to the second private key, where γ = g k modp; The user terminal randomly generates a random string R. A .

[0093] Step S213: The first public parameter, the second private key, the first timestamp, and the random string are determined as the first signature information.

[0094] Here, the user terminal can use a random string R A and first timestamp t A By combining the information, we obtain the combined information (R). A ||t A ), combining the second public key γ and the information (R) A ||t A This is identified as the first signature information.

[0095] In this embodiment of the disclosure, the user terminal determines the first signature information by using the second private key, the first timestamp, and the random string, which helps to accurately and securely perform the first interaction verification using the first signature information.

[0096] In some embodiments, step S2031 may include the following steps: S221 and S222:

[0097] Step S221: If the first verification result indicates that the identity of the service terminal is legitimate, determine the signature parameters based on the second private key, the first private key, a preset random number, and preset public parameters.

[0098] Here, the user terminal determines whether the second signature falls within a preset time threshold. If it does, a preset verification method is used to verify it, and a verification result is obtained. If it does not fall within the threshold, the verification process stops. The verification result can include valid or invalid, and the verification method can be represented as Ver. B (R A ||t A ||ID(B)||y Com ) = true, where y is the public key determined by the serving terminal. com The server terminal can randomly generate a private key x.com Then generate private key x com The corresponding public key y com If the user terminal determines that the verification is valid, then the signature parameter β is determined, where β = k + x A rmodp.

[0099] Step S222: The third public parameter, the identification certificate, and the signature parameter are determined as the second signature information.

[0100] Here, the user terminal can identify the certificate C(A) and the signature parameter β as the second signature information.

[0101] In this embodiment of the disclosure, the user terminal determines the identification certificate and signature parameters as the second signature information, which helps to accurately and securely perform a second verification using the second signature information.

[0102] This disclosure provides an activity identification method, which can be executed by the processor of a service terminal, such as... Figure 3 As shown, the method includes the following steps S301 to S303:

[0103] In step S301, when the operating terminal authorizes the service terminal to handle the activity, the service terminal receives the activity information and identification certificate of the activity to be handled sent by the user terminal.

[0104] Here, if the operating terminal authorizes the service terminal to handle the activity, it means that the operating terminal has successfully authorized the service terminal, and the service terminal can verify with the user terminal through the activity information and identification certificate of the activity to be handled; if the operating terminal does not authorize the service terminal to handle the activity, it means that the operating terminal has failed to authorize the service terminal, and the service terminal will not verify with the user terminal.

[0105] Step S302: Based on the activity information of the activity to be processed and the identification certificate, perform interactive verification with the user terminal to obtain the verification result.

[0106] Here, the verification result can represent the legitimacy of the user terminal and the service terminal's respective identities. The verification result is at least the result obtained through interactive verification based on the activity information of the activity to be processed. That is, the user terminal can verify both the activity to be processed and the identity of the employee to which the service terminal belongs. The service terminal can use a preset verification method to verify the activity information and identification certificate to obtain the verification result.

[0107] Step S303: If the verification result indicates that the user terminal and the service terminal are legitimate, the pending activity is processed.

[0108] Here, if the verification result is true, it indicates that the user terminal and service terminal are legitimate; if the verification result is false, it indicates that the user terminal and service terminal are illegitimate. When the user terminal and service terminal successfully verify each other, the user terminal can initiate a processing request for the pending activity to the service terminal. The service terminal receives the processing request, parses it, and obtains the user's demand information, such as the selected package type. Based on the user's demand information, the service terminal can adjust the activity attributes of the activity currently being processed. The activity attributes characterize the attributes of the service operation when the user executes the activity. For example, if the activity is a network traffic package selection and the service to which the activity belongs is a traffic monitoring service, then the activity attribute can be the amount of data transmitted by the user terminal. The service terminal can adjust the amount of data allowed for data transmission by the user terminal.

[0109] In this embodiment of the disclosure, when the service terminal authorizes and handles activities with the operating terminal, it interacts and verifies with the user terminal through activity information and identification certificate, which helps to improve the security and accuracy of verification.

[0110] In some embodiments, the following steps S311 and S313 may be included before implementing step S301:

[0111] Step S311: Obtain third signature information from the operating terminal.

[0112] Here, the third signature information may include at least a preset fourth public parameter, the identity identifier of the operating terminal, and a timestamp. The fourth public parameter may include a preset key pair and key information of the operating terminal. The timestamp can be used for expiration verification; for example, the operating terminal can preset an expiration deadline. B Among them, deadline B =min(deadline) B1 deadline B2 (deadline) B1 It can indicate the validity period of an employee's working hours, or deadline. B2 It can indicate the validity period of the activity to be processed, etc. The identity of the operating terminal can be determined by the identity of the service terminal and the activity identifier of the activity to be processed. For example, the operating terminal can establish the identity of the service terminal and issue an identification string ID(B) as the identity of the operating terminal. The operating terminal can randomly select a number as the private key b. B ,b B ∈ R Z q \{0}, and based on the private key b B Generate the corresponding public key K B ,in The operating terminal can generate key information σ based on its identity identifier and timestamp. B , where σ B =(x Com +b B ·H(K B ||ID(B)||deadline B ))modq. The operating terminal can convert (σ) B ,K B ),y Com ID(B), deadline B The information was identified as third-party signature information.

[0113] Step S312: Based on the third signature information, perform interactive verification with the operating terminal to obtain the fourth verification result.

[0114] Here, the service terminal can use a preset verification method to verify the third signature information and obtain the fourth verification result. For example, the service terminal can verify... Whether it is valid, etc.

[0115] Step S313: If the fourth verification result indicates that the service terminal's identity is legitimate, determine that the operating terminal authorizes the service terminal to handle the activity.

[0116] Here, if the above verification equation is true, it can be determined that the fourth verification result indicates that the service terminal's identity is legitimate and it can conduct activities with the user terminal; if the above verification equation is false, it can be determined that the fourth verification result indicates that the service terminal's identity is illegitimate and it cannot conduct activities with the user terminal.

[0117] In this embodiment of the disclosure, the service terminal can accurately and timely authorize the operation terminal by using at least a preset fourth disclosure parameter, the identity identifier of the operation terminal, and a timestamp third signature information.

[0118] In some embodiments, step S302 may include the following steps: S3021 and S3025:

[0119] Step S3021: Obtain the preset second public parameters, second signature method, and second verification method from the operating terminal.

[0120] Here, the second public parameter may include a key pair and a random number preset by the service terminal. The service terminal can obtain the second public parameter and the second signature method Sig from the operating terminal or a trusted terminal. B Second verification method Ver TA wait.

[0121] Step S3022: Sign the second public parameter and the activity information using the second signature method to obtain the second verification information.

[0122] Here, the operating terminal can predetermine the private key x. Com and public key y Com and the private key x Com and public key y Com Send to the service terminal. The service terminal can obtain the timestamp sent by the user terminal. If it determines that the timestamp belongs to a preset duration threshold, the service terminal will send the data within [1,2]. t Select a random number r from the [database name]. The server terminal can then display the current system time t. B Identity identifier ID (B), public key y Com The link was sent from the Shadow Tiger terminal (R) A ||t A Following ) is the string (R) A ||t A ||ID(B)||y Com ); where y Com It can be used to identify the identifier of the operating terminal; the service terminal uses a string (R) A ||t A ||ID(B)||y Com Perform proxy signing and generate proxy signature information s B , where s B =Sig B (R A ||t A ||ID(B)||y Com The service terminal can display the current system time t. B Public key K B Public key y Com Identity ID (B), Validity Deadline B Proxy signatures B The random number r is determined as the second verification information.

[0123] Step S3023: Send the second verification information to the user terminal.

[0124] Here, the service terminal can use a preset hash method to hash the second verification information to obtain the hashed information, and then send the hashed information to the user terminal via a communication protocol.

[0125] Step S3024: Receive the second signature information sent by the user terminal in response to the second verification information.

[0126] Here, the second signature information may include the identification certificate C(A) and the signature parameter β.

[0127] Step S3025: Verify the second signature information using the second verification method to obtain the verification result.

[0128] Here, the service terminal can first verify γ = g β y A -r If the condition mod p is true, then proceed with the second verification method. Obtain the first verification result; if it is not true, do not perform verification, etc.

[0129] In this embodiment of the disclosure, the service terminal verifies with the user terminal through a second signature method and a second verification method, which helps to improve the security and accuracy of the verification.

[0130] This disclosure provides an activity identification method, which can be executed by the processor of a service terminal, such as... Figure 4 As shown, the method includes the following steps S401 to S403:

[0131] Step S401 corresponds to the aforementioned step S301, and can be implemented with reference to the specific implementation of the aforementioned step S301; Step S403 corresponds to the aforementioned step S303, and can be implemented with reference to the specific implementation of the aforementioned step S303.

[0132] Step S402: If the timestamp meets the preset time limit, the user terminal is interactively verified based on the activity information of the activity to be processed and the identification certificate to obtain the verification result.

[0133] Here, the service terminal can first determine whether the current timestamp is within the preset duration threshold range. If it is, the verification will continue; if it is not, the verification will stop.

[0134] In this embodiment of the disclosure, the service terminal can improve the security and accuracy of verification by determining the validity of the timestamp.

[0135] The following describes the application of the activity identification provided in this disclosure in a real-world scenario, using the security issues existing in current telecom operator marketing and promotional activities as an example. In this disclosure, a two-way identity identification algorithm based on a zero-knowledge (Schnorr) identity recognition protocol and a digital signature algorithm is used to solve the problem of mutual identity recognition between operator staff and mobile communication users. The activity identification method in this disclosure can include trusted terminal selection, certificate issuance, activity formulation, operator employee authorization, activity implementation and authentication, activity processing, and two-way identity recognition between operator staff and mobile communication users. During the activity identification process, after thorough consideration and demonstration, and combined with the actual application environment, based on the discrete logarithm difficulty problem and related algorithms, a two-way identity recognition protocol is designed by organically combining the Schnorr identity recognition protocol and the proxy signature algorithm. The algorithm's security mainly relies on the security of the Schnorr identity recognition protocol and the proxy digital signature, effectively improving security.

[0136] This disclosure provides an activity identification method, such as... Figure 5 As shown, the method may include the following steps S501 to S513:

[0137] Step S501: Determine a trusted terminal.

[0138] Here, the user terminal can obtain evaluation information from multiple third-party centers. This evaluation information can refer to information used to characterize the security level of each third-party center, such as a security index. Based on the evaluation information from each third-party center, the user terminal can determine the security level of each third-party center and identify the third-party center with the highest security level as a trusted terminal.

[0139] Step S502: The trusted terminal issues an identification certificate to the user terminal.

[0140] Here, the user terminal can generate information such as the first private key and the first public key, and send the first private key and the first public key to the trusted terminal, so that the trusted terminal can generate an identification certificate and thus obtain the identification certificate issued by the trusted terminal.

[0141] Step S503: The operating terminal confirms the activity to be processed.

[0142] Here, the operation terminal can plan and formulate plans for pending activities according to actual operational needs, and implement them. Pending activities can include at least the following information: activity identifier, activity name, activity effective time, activity expiration time, activity strategy, and activity implementation scope.

[0143] Step S504: The operating terminal authorizes the service terminal.

[0144] Here, the operation terminal can assign permissions to the service terminal based on information such as employee ID and activity ID, so that relevant employees have the authority and ability to handle and verify the corresponding pending activities.

[0145] Step S505: The service terminal publishes the activities to be processed.

[0146] Here, once the pending activity has been developed and authorized, the service terminal can publish the pending activity to the user terminal.

[0147] Step S506: Determine whether the user terminal performs authentication.

[0148] Here, the user terminal can choose whether to authenticate itself according to its own needs. If the service terminal determines that the user terminal chooses to be authenticated, it will proceed to step S507 to complete the authentication with the user terminal. If the service terminal determines that the user terminal chooses not to be authenticated, it will proceed to step S511 to skip the authentication process.

[0149] Step S507: The user terminal and the service terminal perform verification.

[0150] Here, the user terminal can verify with the service terminal based on the activity information and identification certificate to obtain the first verification result.

[0151] Step S508: Determine whether the first verification result has been successfully verified.

[0152] Here, the first verification result includes verification success and verification failure.

[0153] Step S509: Determine whether the user terminal has subscribed to the activity.

[0154] Here, the service terminal can re-determine whether the user terminal needs to process the activity. If it is determined that the user terminal needs to process the activity, the process proceeds to step S510 to complete the subsequent activity processing steps. If it is determined that the user terminal does not need to process the activity, the activity identification step ends.

[0155] Step S510: The user terminal and the service terminal perform verification.

[0156] Here, the user terminal can re-verify with the service terminal based on third verification information and third timestamps to obtain a third verification result. In some embodiments, the user terminal can parse the point verification information to obtain information such as an activity identifier. The user terminal can then query the activity description information based on the activity identifier. The user can further compare the activity description information in their terminal with the information described at the activity processing site; if they are inconsistent, the processing can be terminated. All marketing activities launched by operators are necessarily configured in the operator's system. If the user terminal cannot query the activity description information based on the activity identifier, it can also be determined that the activity to be processed is fraudulent.

[0157] Step S511: Determine whether the user terminal has subscribed to the activity.

[0158] Here, the service terminal can re-determine whether the user terminal needs to process the activity. If it is determined that the user terminal needs to process the activity, the process proceeds to step S513 to complete the subsequent activity processing steps; if it is determined that the user terminal does not need to process the activity, the activity identification step ends.

[0159] Step S512: Determine whether the third verification result has been successfully verified.

[0160] Here, the third verification result includes verification success and verification failure. If the service terminal determines that the verification is successful, it will proceed to step S513 to complete the subsequent activity processing steps; if the service terminal determines that the verification fails, it will end the activity identification step.

[0161] Step S513: The user terminal completes the processing of the pending activity.

[0162] Here, the user terminal can initiate a processing request for an activity to be processed to the service terminal; the service terminal receives the processing request, parses it, and obtains the user's demand information, such as the selected package type; the service terminal can adjust the activity attributes corresponding to the user based on the user's demand information. For example, if the activity is a network traffic package selection, and the service to which the activity belongs is data transmission volume detection, then the activity attribute can be the data volume when the user terminal transmits data, and the service terminal can adjust the data volume allowed when the user terminal transmits data.

[0163] In this embodiment, a two-way identity verification algorithm is used to enable mobile communication users to easily and effectively identify the authenticity of operator marketing activities and promotional personnel, effectively preventing cases such as online phone bill fraud. Promotional personnel and mobile communication users can securely, effectively, accurately, and easily identify each other through a three-step interaction. The first aspect of security is resistance to replay attacks. A replay attack refers to an adversary intercepting and altering the messages exchanged between the two parties before retransmitting them. To prevent replay attacks, a timestamp is added to the identification protocol in this embodiment; both parties will only continue authentication after verifying the time is valid. The second aspect of security is resistance to response attacks, where a communication message in the ongoing protocol is sent back to the source of the message. This protocol terminates upon receiving an invalid message. During the implementation of this embodiment, if an invalid message is received, the mutual authentication fails. The third aspect of security is resistance to alternation attacks; this embodiment can run multiple protocols and selectively combine some data for transmission. The difference between this attack and a response attack lies in their format: a response attack simply returns the message to the message source in the current or other runs; while an alternation attack uses the cryptographic function of one party to the protocol to perform the cryptographic operations required for a certain protocol run, and then uses the resulting message as a protocol message in another protocol run, thereby attacking that protocol run. Because the verification in this embodiment can incorporate a hash function, it breaks the homomorphism of the function itself, and each message carries a timestamp or expiration date. Therefore, even with multiple sets of communication messages, it is difficult to construct a new set of legitimate messages.

[0164] In this embodiment, the bidirectional identity verification algorithm designed based on the Schnorr identity verification protocol and digital signature algorithm has the following advantages: Sales personnel and mobile communication users can securely, effectively, accurately, and simply identify each other through only three interaction steps; the relevant protocol ensures that sales personnel and mobile communication users cannot impersonate each other using interactive information, and mobile communication users only reveal their identity and provide further identity verification after confirming the sales personnel's legitimacy; after identity verification, the information sent by the mobile communication user during the identity verification process cannot be used as valid evidence of the user's participation in this interaction, thus maximizing the protection of mobile communication user privacy; combining employee identity and marketing activity verification, and merging identity verification and processing in the workflow, can maximize the security and effectiveness of the verification and processing process; when an impersonator is identified, their identity information and location information will be collected to provide corresponding evidence to the public security authorities, upload the impersonator's identification number, establish an identity database, and achieve network-wide sharing, etc. Simultaneously, it helps to achieve more efficient and accurate mutual identity verification between telecommunications operation sales personnel and mobile communication users.

[0165] Based on the foregoing embodiments, this disclosure provides an activity identification device, which includes various units and modules included in each unit. It can be implemented by a processor in a computer device; of course, it can also be implemented by specific logic circuits. In the implementation process, the processor can be a central processing unit (CPU), a microprocessor unit (MPU), a digital signal processor (DSP), or a field programmable gate array (FPGA), etc.

[0166] Figure 6 This is a schematic diagram of the composition structure of an activity recognition device provided in an embodiment of the present disclosure, as shown below. Figure 6 As shown, the activity identification device 600 includes: a first acquisition module 610, a first verification module 620, and a first processing module 630, wherein:

[0167] The first acquisition module 610 is used to obtain, when the user terminal is authorized by the operating terminal to handle the activity, the identification certificate issued by the trusted terminal and the activity information of the activity to be handled; the first verification module 620 is used to perform interactive verification with the service terminal based on the activity information of the activity to be handled and the identification certificate, and obtain the verification result; the first processing module 630 is used to complete the processing of the activity to be handled when the verification result indicates that the user terminal and the service terminal are legitimate.

[0168] In some embodiments, the apparatus further includes: a second acquisition module, configured to acquire preset public parameters and a first signature method from the trusted terminal; a generation module, configured to randomly generate a first private key and generate a first public key based on the first private key and the public parameters; a sending module, configured to send the first public key to the trusted terminal; the first acquisition module is further configured to: acquire the identification certificate issued by the trusted terminal in response to the first public key; wherein the identification certificate is generated by the trusted terminal based on first verification information, the first public key and the identity identifier of the user terminal, and the first verification information is obtained by the trusted terminal signing the first public key and the identity identifier of the user terminal using the first signature method.

[0169] In some embodiments, the verification result includes a first verification result and a second verification result; the first verification module is further configured to: perform a first verification with the service terminal based on the activity information to obtain the first verification result; the first verification result includes a verification result of the legality of the service terminal's identity; if the first verification result indicates that the service terminal's identity is legal, perform a second verification with the service terminal based on the identification certificate to obtain the second verification result; the second verification result includes a verification result of the legality of the user terminal's identity.

[0170] In some embodiments, the first verification module is further configured to: obtain first signature information including at least a preset first public parameter and a first timestamp, and send the first signature information to the service terminal; receive second verification information generated by the service terminal in response to the first signature information; wherein the second verification information includes at least a preset second public parameter, a second timestamp and an activity identifier of the activity to be processed; verify the second verification information to obtain the first verification result.

[0171] In some embodiments, the first verification module is further configured to: when the first verification result indicates that the identity of the service terminal is legitimate, obtain second signature information including at least a preset third public parameter and the identification certificate, and send the second signature information to the service terminal; and receive the second verification result generated by the service terminal in response to the second signature information.

[0172] In some embodiments, the first verification module is further configured to: obtain the first timestamp determined based on the current time; randomly generate a second private key and a random string, and generate a second public key based on the second private key and preset public parameters; and determine the first public parameters, the second private key, the first timestamp, and the random string as the first signature information.

[0173] In some embodiments, the first verification module is further configured to: determine signature parameters based on the second private key, the first private key, a preset random number, and preset public parameters when the first verification result indicates that the identity of the service terminal is legitimate; and determine the third public parameter, the identification certificate, and the signature parameters as the second signature information.

[0174] In some embodiments, the first processing module is further configured to: if the verification result indicates that the identities of the user terminal and the service terminal are legitimate, obtain a third timestamp determined based on the current time, the identity identifier of the user terminal, and the identity identifier of the operation terminal; sign the identity identifier of the user terminal and the identity identifier of the operation terminal to obtain third verification information; wherein the identity identifier of the operation terminal is determined by the identity identifier of the service terminal and the activity identifier of the activity to be processed; send the third verification information and the third timestamp to the service terminal; receive the third verification result sent by the service terminal in response to the third verification information and the third timestamp; and complete the processing of the activity to be processed if the third verification result indicates that the identity of the service terminal is legitimate.

[0175] Figure 7 This is a schematic diagram of the composition structure of an activity recognition device provided in an embodiment of the present disclosure, as shown below. Figure 7 As shown, the activity identification device 700 includes: a receiving module 710, a second verification module 720, and a second processing module 730, wherein:

[0176] The receiving module 710 is used to receive activity information and identification certificate of the pending activity sent by the user terminal when the service terminal is authorized by the operating terminal to handle the activity; the second verification module 720 is used to perform interactive verification with the user terminal based on the activity information of the pending activity and the identification certificate to obtain a verification result; the second processing module 730 is used to complete the processing of the pending activity if the verification result indicates that the user terminal and the service terminal are legitimate.

[0177] In some embodiments, the second verification module is further configured to: when the timestamp meets a preset time limit, perform interactive verification with the user terminal based on the activity information of the activity to be processed and the identification certificate, and obtain a verification result.

[0178] In some embodiments, the apparatus further includes: a second acquisition module, configured to acquire third signature information from the operating terminal; wherein the third signature information includes at least a preset fourth public parameter, the identity identifier of the operating terminal, and a timestamp, the timestamp being used for time limit verification; the identity identifier of the operating terminal is determined by the identity identifier of the service terminal and the activity identifier of the activity to be processed; a third verification module, configured to perform interactive verification with the operating terminal based on the third signature information to obtain a fourth verification result; and a determination module, configured to determine that the operating terminal authorizes the service terminal to process the activity if the fourth verification result indicates that the identity of the service terminal is legitimate.

[0179] In some embodiments, the second verification module is further configured to: obtain a preset second public parameter, a second signature method, and a second verification method from the operating terminal; sign the second public parameter and the activity information using the second signature method to obtain second verification information; send the second verification information to the user terminal; receive second signature information sent by the user terminal in response to the second verification information; and verify the second signature information using the second verification method to obtain the verification result.

[0180] The descriptions of the apparatus embodiments above are similar to those of the method embodiments above, and have similar beneficial effects. In some embodiments, the functions or modules included in the apparatus provided in this disclosure can be used to perform the methods described in the method embodiments above. For technical details not disclosed in the apparatus embodiments of this disclosure, please refer to the descriptions of the method embodiments of this disclosure for understanding.

[0181] It should be noted that, in the embodiments of this disclosure, if the above-described activity identification method is implemented as a software functional module and sold or used as an independent product, it can also be stored in a computer-readable storage medium. Based on this understanding, the technical solution of the embodiments of this disclosure, or the part that contributes to related technologies, can be embodied in the form of a software product. This software product is stored in a storage medium and includes several instructions to cause a computer device (which may be a personal computer, server, or network device, etc.) to execute all or part of the methods described in the various embodiments of this disclosure. The aforementioned storage medium includes various media capable of storing program code, such as USB flash drives, portable hard drives, read-only memory (ROM), magnetic disks, or optical disks. Thus, the embodiments of this disclosure are not limited to any specific hardware, software, or firmware, or any combination of hardware, software, and firmware.

[0182] This disclosure provides a computer device including a memory and a processor. The memory stores a computer program that can run on the processor. When the processor executes the program, it implements some or all of the steps in the above-described method.

[0183] This disclosure provides an activity identification system, comprising: a trusted terminal for generating public parameters and an identification certificate; an operating terminal for authorizing a service terminal; and a user terminal, configured to, when authorized by the operating terminal to handle an activity, obtain an identification certificate issued by the trusted terminal and activity information of the activity to be handled; perform interactive verification with the service terminal based on the activity information of the activity to be handled and the identification certificate to obtain a verification result; and complete the handling of the activity to be handled if the verification result indicates that the identities of the user terminal and the service terminal are legitimate; and a service terminal, configured to, when authorized by the operating terminal to handle an activity, receive activity information and an identification certificate of the activity to be handled sent by the user terminal; perform interactive verification with the user terminal based on the activity information of the activity to be handled and the identification certificate to obtain a verification result; and complete the handling of the activity to be handled if the verification result indicates that the identities of the user terminal and the service terminal are legitimate.

[0184] This disclosure provides a computer-readable storage medium storing a computer program thereon, which, when executed by a processor, implements some or all of the steps in the above-described method. The computer-readable storage medium may be transient or non-transient.

[0185] This disclosure provides a computer program including computer-readable code, wherein when the computer-readable code is executed in a computer device, a processor in the computer device performs some or all of the steps in the above-described method.

[0186] This disclosure provides a computer program product, which includes a non-transitory computer-readable storage medium storing a computer program. When the computer program is read and executed by a computer, it implements some or all of the steps in the above-described method. This computer program product can be implemented specifically through hardware, software, or a combination thereof. In some embodiments, the computer program product is specifically embodied as a computer storage medium; in other embodiments, the computer program product is specifically embodied as a software product, such as a software development kit (SDK), etc.

[0187] It should be noted that the descriptions of the various embodiments above tend to emphasize the differences between them, while their similarities or commonalities can be referenced interchangeably. The descriptions of the above embodiments of the device, storage medium, computer program, and computer program product are similar to the descriptions of the above method embodiments and have similar beneficial effects. For technical details not disclosed in the embodiments of the device, storage medium, computer program, and computer program product of this disclosure, please refer to the descriptions of the method embodiments of this disclosure for understanding.

[0188] It should be noted that, Figure 8 This is a schematic diagram of a hardware entity of a computer device in an embodiment of this disclosure, such as... Figure 8 As shown, the hardware entity of the computer device 800 includes: a processor 801, a communication interface 802, and a memory 803, wherein:

[0189] Processor 801 typically controls the overall operation of computer device 800.

[0190] The communication interface 802 enables computer devices to communicate with other terminals or servers over a network.

[0191] The memory 803 is configured to store instructions and applications executable by the processor 801, and can also cache data to be processed or already processed (e.g., image data, audio data, voice communication data, and video communication data) in the processor 801 and various modules in the computer device 800. It can be implemented using flash memory or random access memory (RAM). Data transfer between the processor 801, the communication interface 802, and the memory 803 can be performed via bus 804.

[0192] It should be understood that the phrase "an embodiment" or "one embodiment" throughout the specification means that a specific feature, structure, or characteristic related to the embodiment is included in at least one embodiment of this disclosure. Therefore, "in one embodiment" or "one embodiment" appearing throughout the specification does not necessarily refer to the same embodiment. Furthermore, these specific features, structures, or characteristics can be combined in any suitable manner in one or more embodiments. It should be understood that in the various embodiments of this disclosure, the sequence numbers of the above steps / processes do not imply a sequential order of execution; the execution order of each step / process should be determined by its function and internal logic, and should not constitute any limitation on the implementation process of the embodiments of this disclosure. The sequence numbers of the above embodiments of this disclosure are merely descriptive and do not represent the superiority or inferiority of the embodiments.

[0193] It should be noted that, in this document, the terms "comprising," "including," or any other variations thereof are intended to cover non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements includes not only those elements but also other elements not expressly listed, or elements inherent to such a process, method, article, or apparatus. Unless otherwise specified, an element defined by the phrase "comprising one..." does not exclude the presence of other identical elements in the process, method, article, or apparatus that includes that element.

[0194] In the several embodiments provided in this disclosure, it should be understood that the disclosed devices and methods can be implemented in other ways. The device embodiments described above are merely illustrative. For example, the division of units is only a logical functional division, and in actual implementation, there may be other division methods, such as: multiple units or components may be combined, or integrated into another system, or some features may be ignored or not executed. In addition, the coupling, direct coupling, or communication connection between the various components shown or discussed may be through some interfaces, and the indirect coupling or communication connection between devices or units may be electrical, mechanical, or other forms.

[0195] The units described above as separate components may or may not be physically separate. The components shown as units may or may not be physical units. They may be located in one place or distributed across multiple network units. Some or all of the units may be selected to achieve the purpose of this embodiment according to actual needs.

[0196] In addition, each functional unit in the various embodiments of this disclosure can be integrated into one processing unit, or each unit can be a separate unit, or two or more units can be integrated into one unit; the integrated unit can be implemented in hardware or in the form of hardware plus software functional units.

[0197] Those skilled in the art will understand that all or part of the steps of the above method embodiments can be implemented by hardware related to program instructions. The aforementioned program can be stored in a computer-readable storage medium. When the program is executed, it performs the steps of the above method embodiments. The aforementioned storage medium includes various media that can store program code, such as mobile storage devices, read-only memory (ROM), magnetic disks, or optical disks.

[0198] Alternatively, if the integrated units described above are implemented as software functional modules and sold or used as independent products, they can also be stored in a computer-readable storage medium. Based on this understanding, the technical solution of this disclosure, or the part that contributes to related technologies, can be embodied in the form of a software product. This computer software product is stored in a storage medium and includes several instructions to cause a computer device (which may be a personal computer, server, or network device, etc.) to execute all or part of the methods described in the various embodiments of this disclosure. The aforementioned storage medium includes various media capable of storing program code, such as mobile storage devices, ROM, magnetic disks, or optical disks.

[0199] The methods disclosed in the several method embodiments provided in this disclosure can be arbitrarily combined without conflict to obtain new method embodiments.

[0200] If the embodiments of this disclosure involve personal information, the products using these embodiments have clearly informed the users of the personal information processing rules and obtained their voluntary consent before processing the personal information. If the embodiments of this disclosure involve sensitive personal information, the products using these embodiments have obtained the individual's separate consent before processing the sensitive personal information, and the requirement of "express consent" is also met.

[0201] The above description is merely an embodiment of this disclosure, but the scope of protection of this disclosure is not limited thereto. Any changes or substitutions that can be easily conceived by those skilled in the art within the scope of the technology disclosed in this disclosure should be included within the scope of protection of this disclosure.

Claims

1. An activity recognition method, characterized in that, Applied to a user terminal, the method includes: When an activity is handled by an authorized service terminal, obtain the identification certificate issued by the trusted terminal and the activity information of the activity to be handled. Based on the activity information of the pending activity and the identification certificate, the service terminal is interactively verified to obtain the verification result; If the verification result indicates that the user terminal and the service terminal are legitimate, obtain the third timestamp determined based on the current time, the identity identifier of the user terminal, and the identity identifier of the operation terminal; The identity identifier of the user terminal and the identity identifier of the operation terminal are signed to obtain third verification information; wherein, the identity identifier of the operation terminal is determined by the identity identifier of the service terminal and the activity identifier of the activity to be processed; The third verification information and the third timestamp are sent to the service terminal; Receive the third verification result sent by the service terminal in response to the third verification information and the third timestamp; If the third verification result confirms that the service terminal's identity is legitimate, the pending activity is completed.

2. The method according to claim 1, characterized in that, The verification result includes a first verification result and a second verification result; the verification result obtained by interacting with the service terminal based on the activity information of the activity to be processed and the identification certificate includes: Based on the activity information, a first verification is performed with the service terminal to obtain the first verification result; the first verification result includes the verification result of the legality of the service terminal's identity. If the first verification result indicates that the service terminal's identity is legitimate, a second verification is performed on the service terminal based on the identification certificate to obtain the second verification result; the second verification result includes the verification result of the legitimacy of the user terminal's identity.

3. The method according to claim 2, characterized in that, The first verification based on the activity information and the service terminal to obtain the first verification result includes: Obtain first signature information including at least a preset first public parameter and a first timestamp, and send the first signature information to the service terminal; The service terminal receives second verification information generated in response to the first signature information; wherein the second verification information includes at least a preset second public parameter, a second timestamp, and an activity identifier of the activity to be processed; The second verification information is verified to obtain the first verification result.

4. The method according to claim 2, characterized in that, When the first verification result indicates that the service terminal's identity is legitimate, a second verification is performed based on the identification certificate to obtain the second verification result, including: If the first verification result indicates that the service terminal is legitimate, obtain at least a second signature information including a preset third public parameter and the identification certificate, and send the second signature information to the service terminal; The service terminal receives the second verification result generated in response to the second signature information.

5. An activity recognition method, characterized in that, Applied to a service terminal, the method includes: When an operation terminal authorizes a service terminal to handle an activity, it receives activity information and identification certificate for the activity to be handled from the user terminal. Based on the activity information of the pending activity and the identification certificate, the user terminal is interactively verified to obtain the verification result; If the verification result indicates that the identities of the user terminal and the service terminal are legitimate, in response to receiving third verification information and a third timestamp sent by the user terminal, a third verification result is determined based on the third verification information and the third timestamp, and the third verification result is sent to the user terminal; wherein, if the verification result indicates that the identities of the user terminal and the service terminal are legitimate, the user terminal is configured to: obtain the third timestamp determined based on the current time, the identity identifier of the user terminal, and the identity identifier of the operation terminal; sign the identity identifier of the user terminal and the identity identifier of the operation terminal to obtain the third verification information, wherein the identity identifier of the operation terminal is determined by the identity identifier of the service terminal and the activity identifier of the activity to be processed; and send the third verification information and the third timestamp to the service terminal; If the third verification result confirms that the service terminal's identity is legitimate, the pending activity is completed.

6. The method according to claim 5, characterized in that, The method further includes: The third signature information is obtained from the operating terminal; wherein the third signature information includes at least a preset fourth public parameter, the identity identifier of the operating terminal, and a timestamp, the timestamp being used for time limit verification; the identity identifier of the operating terminal is determined by the identity identifier of the service terminal and the activity identifier of the activity to be processed; Based on the third signature information, an interactive verification is performed with the operating terminal to obtain a fourth verification result; If the fourth verification result confirms that the service terminal's identity is legitimate, it is determined that the operating terminal authorizes the service terminal to handle the activity.

7. The method according to claim 5 or 6, characterized in that, The process of interactively verifying the activity information of the pending activity and the identification certificate with the user terminal to obtain a verification result includes: Obtain preset second public parameters, second signature method, and second verification method from the operating terminal; The second signature method is used to sign the second public parameter and the activity information to obtain the second verification information; The second verification information is sent to the user terminal; Receive the second signature information sent by the user terminal in response to the second verification information; The second signature information is verified using the second verification method to obtain the verification result.

8. An activity recognition device, characterized in that, The device, applied to a user terminal, includes: The first acquisition module is used to acquire the identification certificate issued by the trusted terminal and the activity information of the activity to be carried out when the operation terminal is authorized to handle the activity at the service terminal. The first verification model is used to perform interactive verification with the service terminal based on the activity information of the activity to be processed and the identification certificate, and obtain the verification result. The first processing module is configured to, when the verification result indicates that the identities of the user terminal and the service terminal are legitimate, obtain a third timestamp determined based on the current time, the identity identifier of the user terminal, and the identity identifier of the operation terminal; sign the identity identifier of the user terminal and the identity identifier of the operation terminal to obtain third verification information; wherein, the identity identifier of the operation terminal is determined by the identity identifier of the service terminal and the activity identifier of the activity to be processed; send the third verification information and the third timestamp to the service terminal; receive the third verification result sent by the service terminal in response to the third verification information and the third timestamp; and, when the third verification result indicates that the identity of the service terminal is legitimate, complete the processing of the activity to be processed.

9. An activity recognition device, characterized in that, The device is applied to a service terminal and includes: The receiving module is used to receive activity information and identification certificate of the activity to be processed from the user terminal when the activity is processed by the authorized service terminal of the operating terminal; The second verification module is used to perform interactive verification with the user terminal based on the activity information of the activity to be processed and the identification certificate, and obtain the verification result. The second processing module is configured to, in response to receiving third verification information and a third timestamp sent by the user terminal, determine a third verification result based on the third verification information and the third timestamp, and send the third verification result to the user terminal, provided that the verification result indicates that the user terminal and the service terminal are legitimate; wherein, in the case where the verification result indicates that the user terminal and the service terminal are legitimate, the user terminal is configured to: obtain the third timestamp determined based on the current time, the identity identifier of the user terminal, and the identity identifier of the operation terminal; sign the identity identifier of the user terminal and the identity identifier of the operation terminal to obtain the third verification information, wherein the identity identifier of the operation terminal is determined by the identity identifier of the service terminal and the activity identifier of the activity to be processed; send the third verification information and the third timestamp to the service terminal; and, in the case where the third verification result indicates that the identity of the service terminal is legitimate, complete the processing of the activity to be processed.

10. A computer device comprising a memory and a processor, the memory storing a computer program executable on the processor, characterized in that, When the processor executes the program, it implements the steps of the method according to any one of claims 1 to 4, or when the processor executes the program, it implements the steps of the method according to any one of claims 5 to 7.

11. An activity recognition system, characterized in that, include: Trusted terminal, used to generate public parameters and identify certificates; An operating terminal is used to authorize service terminals; The user terminal is used to obtain the identification certificate issued by the trusted terminal and the activity information of the activity to be processed when the operation terminal authorizes the service terminal to process the activity. Based on the activity information of the pending activity and the identification certificate, the service terminal is interactively verified to obtain the verification result; If the verification result indicates that the user terminal and the service terminal are legitimate, obtain the third timestamp determined based on the current time, the identity identifier of the user terminal, and the identity identifier of the operation terminal; The identity identifier of the user terminal and the identity identifier of the operating terminal are signed to obtain third verification information; wherein, the identity identifier of the operating terminal is determined by the identity identifier of the service terminal and the activity identifier of the activity to be processed; the third verification information and the third timestamp are sent to the service terminal; the third verification result sent by the service terminal in response to the third verification information and the third timestamp is received; if the third verification result indicates that the service terminal's identity is legitimate, the processing of the activity to be processed is completed; The service terminal is configured to, when authorized by the operating terminal to handle an activity, receive activity information and identification certificate of the pending activity from the user terminal; perform interactive verification with the user terminal based on the activity information and identification certificate to obtain a verification result; if the verification result indicates that the identities of the user terminal and the service terminal are legitimate, respond to receiving third verification information and a third timestamp from the user terminal, determine a third verification result based on the third verification information and the third timestamp, and send the third verification result to the user terminal; if the third verification result indicates that the identity of the service terminal is legitimate, complete the handling of the pending activity.

12. A computer-readable storage medium having a computer program stored thereon, characterized in that, When the computer program is executed by a processor, it implements the steps of the method according to any one of claims 1 to 4, or when the computer program is executed by a processor, it implements the steps of the method according to any one of claims 5 to 7.