A trusted communication identity resolution method and apparatus

By obtaining the calling terminal's identity token and parsing configuration information in a trusted communication system, the problem of low development efficiency caused by client hard coding is solved, enabling rapid adaptation to different types of identity certificates, reducing operation and maintenance costs, and promoting the large-scale application and cross-scenario expansion of trusted communication technology.

CN122179148APending Publication Date: 2026-06-09WEIWEI SHANGHAI NETWORK TECH CO LTD +1

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
WEIWEI SHANGHAI NETWORK TECH CO LTD
Filing Date
2026-02-06
Publication Date
2026-06-09

AI Technical Summary

Technical Problem

In existing trusted communication systems, the use of hard-coding on the client side leads to low development efficiency, makes it difficult to adapt to the business iteration needs of the explosive growth in the number of digital certificates, increases the development cycle and operation and maintenance costs, and restricts the large-scale application and cross-scenario expansion of trusted communication technology.

Method used

By obtaining the calling terminal's identity token from the called terminal, sending an identity credential request message to the ticket query server, receiving and parsing the calling terminal's identity certificate based on the parsing configuration information, and obtaining the calling terminal's identity information, no modification to the client code is required; only the parsing configuration information needs to be configured to adapt to different types of identity certificates.

Benefits of technology

It enables rapid response to the iterative needs of trusted communication services, shortens the development cycle for service adaptation, reduces operation and maintenance costs, and promotes the large-scale application and cross-scenario expansion of trusted communication technology.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN122179148A_ABST
    Figure CN122179148A_ABST
Patent Text Reader

Abstract

This application relates to a trusted communication identity resolution method and apparatus. The method includes: obtaining an identity token provided by a calling terminal when initiating a communication request; sending an identity credential request message to a ticket query server, the identity credential request message including the identity token; receiving the calling terminal identity certificate and resolution configuration information returned by the ticket query server in response to the identity credential request message, the resolution configuration information matching the calling terminal identity certificate; and resolving the calling terminal identity certificate based on the resolution configuration information to obtain the calling terminal identity information. It is evident that this application requires no modification to the client; adaptation can be achieved simply by configuring corresponding resolution configuration information for each different type of calling terminal identity certificate. This mechanism can quickly respond to the iterative needs of trusted communication services, shorten the development cycle for service adaptation, reduce the cost and difficulty of trusted communication system operation and maintenance, and promote the large-scale application and cross-scenario expansion of trusted communication technology.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This application relates to the field of trusted communication, and in particular to a trusted communication identity resolution method and apparatus. Background Technology

[0002] Trusted communication technology, as a core technology for ensuring the authenticity of communication identities and data security, is essentially based on cryptographic engineering principles. Through the collaborative verification of digital certificates and identity tokens, it achieves trusted authentication of the calling terminal's identity throughout the entire call process. In practical applications, the called terminal needs to accurately obtain and visually display the true identity information of the calling terminal. This requirement not only aims to improve the user's caller ID experience but, more importantly, prevents security risks such as fake calls and fraudulent calls.

[0003] Existing trusted communication systems employ a core architecture of "server-side one-to-one binding and issuance + client-side hard-coded parsing." Specifically, the server needs to issue a unique digital certificate for each user. The client uses hard-coded implementation of the digital certificate parsing logic. For each type of issued digital certificate, developers need to pre-write fixed logic for field extraction, format conversion, and data verification in the client code.

[0004] However, with the rapid expansion of trusted communication services, the number of digital certificates has exploded, making the existing mechanism unable to keep up with the needs of business iterations. Developers need to modify the client's parsing logic at the code level, conduct full testing, and redeploy. This mechanism not only significantly extends the development cycle but also significantly increases the cost and difficulty of operation and maintenance, and more seriously restricts the large-scale application and cross-scenario expansion of trusted communication technology.

[0005] Additionally, it should be noted that the following national research and development projects support this invention: [Project Number] 2023YFB3105801 [Project Title] Research on Key Technologies for Real-Time Trusted Identity Architecture and Fast Identity Token Transfer [Project] Research and Application Demonstration of Real-Time Trusted Identity Technology Based on my country's Standard Cryptographic Algorithms [Special Topic] Cyberspace Security Governance [Project Lead Institution] University of Chinese Academy of Sciences [Project Undertaking Institution] University of Chinese Academy of Sciences [Project Leader] Wang Pingjian Summary of the Invention This application provides a trusted communication identity resolution method and apparatus, aiming to solve the technical problem of low development efficiency caused by the hard-coding method used by the client.

[0006] In a first aspect, embodiments of this application provide a trusted communication identity resolution method, the method being applied to a called terminal, the method comprising: Obtain the identity token provided by the calling terminal when initiating the communication request; Extract the authorization credentials from the identity token; Send an identity credential request message to the ticket inquiry server, wherein the identity credential request message includes the authorization credential; The system receives the calling terminal identity certificate and parsing configuration information returned by the ticket query server in response to the identity credential request message, wherein the parsing configuration information is matched with the calling terminal identity certificate. The calling terminal identity certificate is parsed based on the parsed configuration information to obtain the calling terminal identity information.

[0007] Optionally, the parsing configuration information includes n key-value pairs, where the key in each key-value pair is used to uniquely identify the field of the calling terminal identity certificate, and the value in each key-value pair is used to indicate the parsing rules of the identifier field corresponding to the key in the key-value pair, where n is an integer greater than or equal to 1.

[0008] Optionally, the value in each of the n key-value pairs is the identity information mapping field corresponding to the key in the key-value pair.

[0009] Optionally, the value in each of the n key-value pairs is the generation rule for the identity information mapping field of the identifier field corresponding to the key in the key-value pair.

[0010] Optionally, the n key-value pairs include m extended field key-value pairs, and the parsing configuration information further includes: m extended field description key-value pairs, the fields of the calling terminal identity certificate include custom fields, the keys in the m extended field key-value pairs correspond one-to-one with and are identical to the keys in the m extended field description key-value pairs, the value in each extended field description key-value pair is used to uniquely identify the custom field of the calling terminal identity certificate, and the value in the extended field key-value pair is used to indicate the parsing rule that the key in the extended field key-value pair corresponds to the identifier of the custom field, where m is an integer greater than or equal to 1, and m is less than or equal to n.

[0011] Secondly, embodiments of this application provide a trusted communication identity resolution method, which is applied to a ticket query server, and the method includes: Receive an identity credential request message sent by the called terminal, wherein the identity credential request message includes the authorization credentials of the calling terminal; The calling terminal identity certificate and parsing configuration information are obtained based on the authorization credentials, and the parsing configuration information is matched with the calling terminal identity certificate. The calling terminal's identity certificate and the parsing configuration information are returned to the called terminal, so that the called terminal can parse the calling terminal's identity certificate based on the parsing configuration information to obtain the calling terminal's identity information.

[0012] Optionally, the parsing configuration information includes n key-value pairs, where the key in each key-value pair is used to uniquely identify the field of the calling terminal identity certificate, and the value in each key-value pair is used to indicate the parsing rules of the identifier field corresponding to the key in the key-value pair, where n is an integer greater than or equal to 1.

[0013] Optionally, the value in each of the n key-value pairs is the identity information mapping field corresponding to the key in the key-value pair.

[0014] Thirdly, embodiments of this application also provide a trusted communication identity resolution apparatus, which includes a unit for performing the above-described method.

[0015] Fourthly, embodiments of this application also provide a computer device, which includes a memory and a processor, wherein the memory stores a computer program, and the processor executes the computer program to implement the above-described method.

[0016] Fifthly, embodiments of this application also provide a computer-readable storage medium storing a computer program that, when executed by a processor, can implement the above-described method.

[0017] This application provides a trusted communication identity resolution method and apparatus. The method is applied to a called terminal and includes: obtaining an identity token provided by the calling terminal when initiating a communication request; sending an identity credential request message to a ticket query server, the identity credential request message including the identity token; receiving the calling terminal's identity certificate and resolution configuration information returned by the ticket query server in response to the identity credential request message, the resolution configuration information matching the calling terminal's identity certificate; and resolving the calling terminal's identity certificate based on the resolution configuration information to obtain the calling terminal's identity information. Therefore, the technical solution of this application obtains the identity token provided by the calling terminal when initiating a communication request. Next, an identity credential request message is sent to a ticket query server. The identity credential request message includes the identity token. Furthermore, the calling terminal's identity certificate and resolution configuration information returned by the ticket query server in response to the identity credential request message are received. The resolution configuration information matches the calling terminal's identity certificate. Finally, the calling terminal's identity certificate is resolved based on the resolution configuration information to obtain the calling terminal's identity information. Therefore, the technical solution of this application requires no modification to the client; adaptation can be achieved simply by configuring the corresponding parsing information for each different type of calling terminal identity certificate. This mechanism can quickly respond to the iterative needs of trusted communication services, significantly shorten the development cycle for service adaptation, effectively reduce the cost and difficulty of operating and maintaining trusted communication systems, and thus promote the large-scale application and cross-scenario expansion of trusted communication technology. Attached Figure Description

[0018] The accompanying drawings, which are incorporated in and form part of this specification, illustrate embodiments consistent with this application and, together with the description, serve to explain the principles of this application.

[0019] To more clearly illustrate the technical solutions in the embodiments of this application or the prior art, the drawings used in the description of the embodiments or the prior art will be briefly introduced below. Obviously, for those skilled in the art, other drawings can be obtained based on these drawings without creative effort.

[0020] One or more embodiments are illustrated by way of example with reference numerals in the accompanying drawings. These illustrations do not constitute a limitation on the embodiments. Elements with the same reference numerals in the drawings are denoted as similar elements. Unless otherwise stated, the figures in the drawings are not to be limited by scale.

[0021] Figure 1 This is one of the flowcharts illustrating a trusted communication identity resolution method provided in an embodiment of this application; Figure 2a A flowchart illustrating a trusted communication identity display process provided in this application embodiment; Figure 2b This is one of the schematic diagrams of a trusted communication identity resolution field mapping provided in the embodiments of this application; Figure 2c This is the second schematic diagram of a trusted communication identity resolution field mapping provided in the embodiments of this application; Figure 3 A second flowchart illustrating a trusted communication identity resolution method provided in this application embodiment; Figure 4 One of the schematic block diagrams of a trusted communication identity resolution device provided in the embodiments of this application; Figure 5 A second schematic block diagram of a trusted communication identity resolution device provided in this application embodiment; Figure 6 A computer device provided in an embodiment of this application. Detailed Implementation

[0022] To make the objectives, technical solutions, and advantages of the embodiments of this application clearer, the technical solutions of the embodiments of this application will be clearly and completely described below with reference to the accompanying drawings. Obviously, the described embodiments are only some embodiments of this application, not all embodiments. Based on the embodiments of this application, all other embodiments obtained by those skilled in the art without creative effort are within the scope of protection of this application.

[0023] The following disclosure provides numerous different embodiments or examples for implementing various structures of this application. To simplify the disclosure, specific examples of components and arrangements are described below. These are merely examples and are not intended to limit the scope of this application. Furthermore, reference numerals and / or letters may be repeated in different examples. Such repetition is for simplification and clarity and does not in itself indicate a relationship between the various embodiments and / or arrangements discussed.

[0024] It should be understood that, when used in this specification and the appended claims, the terms "comprising" and "including" indicate the presence of the described features, integrals, steps, operations, elements and / or components, but do not exclude the presence or addition of one or more other features, integrals, steps, operations, elements, components and / or collections thereof.

[0025] It should also be understood that the terminology used in this specification is for the purpose of describing particular embodiments only and is not intended to limit the scope of the application. As used in this specification and the appended claims, the singular forms “a,” “an,” and “the” are intended to include the plural forms unless the context clearly indicates otherwise.

[0026] It should also be further understood that the term “and / or” as used in this application specification and the appended claims means any combination of one or more of the associated listed items and all possible combinations, and includes such combinations.

[0027] As used in this specification and the appended claims, the term "if" may be interpreted, depending on the context, as "when," "once," "in response to determination," or "in response to detection." Similarly, the phrase "if determined" or "if [described condition or event] is detected" may be interpreted, depending on the context, as "once determined," "in response to determination," "once [described condition or event] is detected," or "in response to detection of [described condition or event]."

[0028] To address the low development efficiency caused by the hard-coding method used on the client side in existing technologies, this application provides a trusted communication identity resolution device that can quickly respond to the iterative needs of trusted communication services and significantly shorten the development cycle for service adaptation.

[0029] Figure 1 This is one of the flowcharts illustrating a trusted communication identity resolution method provided in an embodiment of this application. In one embodiment, the method is applied to a called terminal, and the method includes: S101-S105.

[0030] S101. Obtain the identity token provided by the calling terminal when initiating the communication request.

[0031] Please see Figure 2a , Figure 2a This application provides a flowchart for a trusted communication identity display process. Specifically, when a calling terminal initiates a communication request to a called terminal, it generates an identity token based on the information of both the calling and called terminals and uploads the identity token to a message server. Next, the calling party receives the call request from the calling terminal, generates a token index based on the calling terminal's information, and sends the token index to the message server to obtain the calling terminal's identity token. Upon receiving the token index, the message server queries the calling terminal's identity token based on the token index and returns the identity token to the called terminal.

[0032] S102. Extract the authorization credentials from the identity token.

[0033] In this embodiment of the application, the identity token is parsed using a trusted SDK to extract the calling terminal's authorization credentials.

[0034] S103. Send an identity credential request message to the ticket inquiry server.

[0035] The identity credential request message includes the calling terminal's authorization credentials.

[0036] It should be noted that the ticket query server stores the identity credentials of trusted users and the identity credentials issued by third-party issuing centers.

[0037] In this embodiment of the application, the ticket query server queries the calling terminal's identity credentials based on the calling terminal's authorization credentials.

[0038] S104. Receive the calling terminal's identity certificate and parsing configuration information returned by the ticket query server in response to the identity credential request message.

[0039] The configuration information is matched with the calling terminal's identity certificate. The calling terminal's identity certificate is the calling terminal's identity credential.

[0040] It should be noted that each identity certificate corresponds to a unique parsing configuration. This parsing configuration indicates how to parse the field content in the identity certificate.

[0041] S105. Based on the parsing configuration information, parse the calling terminal's identity certificate to obtain the calling terminal's identity information.

[0042] In this embodiment, the calling terminal identity certificate is parsed based on the parsing configuration information to obtain the calling terminal identity information. If the calling terminal identity certificate is a personal user certificate, the calling terminal identity information includes, but is not limited to, personal information such as name, organization, and department. If the calling terminal identity certificate is a corporate certificate, the calling terminal identity information includes, but is not limited to, corporate information such as company name and organizational code. If the calling terminal identity certificate is an educational institution certificate, the calling terminal identity information includes, but is not limited to, educational information such as school name, department, and degree. If the calling terminal identity certificate is a cross-border communication certificate, the calling terminal identity information includes, but is not limited to, cross-border information such as country and region.

[0043] It should be noted that when a user needs to add a new certificate type, the user does not need to modify the code. By simply parsing the configuration information, the user can quickly complete the adaptation of the new certificate, effectively shortening the development cycle and reducing maintenance costs.

[0044] This application provides a trusted communication identity resolution method. The method is applied to a called terminal and includes: obtaining an identity token provided by the calling terminal when initiating a communication request; sending an identity credential request message to a ticket query server, the identity credential request message including the identity token; receiving the calling terminal's identity certificate and parsing configuration information returned by the ticket query server in response to the identity credential request message, the parsing configuration information matching the calling terminal's identity certificate; and parsing the calling terminal's identity certificate based on the parsing configuration information to obtain the calling terminal's identity information. Therefore, the technical solution of this application obtains the identity token provided by the calling terminal when initiating a communication request. Next, an identity credential request message is sent to a ticket query server. The identity credential request message includes the identity token. Furthermore, the calling terminal's identity certificate and parsing configuration information returned by the ticket query server in response to the identity credential request message are received. The parsing configuration information matches the calling terminal's identity certificate. Finally, the calling terminal's identity certificate is parsed based on the parsing configuration information to obtain the calling terminal's identity information. Therefore, the technical solution of this application requires no modification to the client; adaptation can be achieved simply by configuring the corresponding parsing information for each different type of calling terminal identity certificate. This mechanism can quickly respond to the iterative needs of trusted communication services, significantly shorten the development cycle for service adaptation, effectively reduce the cost and difficulty of operating and maintaining trusted communication systems, and thus promote the large-scale application and cross-scenario expansion of trusted communication technology.

[0045] In one embodiment, the parsing configuration information includes n key-value pairs, where the key in each key-value pair is used to uniquely identify the field of the calling terminal identity certificate, and the value in each key-value pair is used to indicate the parsing rules of the identification field corresponding to the key in the key-value pair, where n is an integer greater than or equal to 1.

[0046] It should be noted that the calling terminal identity certificate contains multiple fields, each of which corresponds to a parsing rule. The parsing rule for each field is recorded in the parsing configuration information.

[0047] It should be noted that different calling terminal identity certificates may contain the same fields, and these same fields may have different meanings or uses. Therefore, in this embodiment, corresponding parsing configuration information is configured for each identity certificate to instruct the called terminal to parse and obtain the calling terminal's identity information.

[0048] Please see Figures 2b-2c , Figure 2b This is one of the schematic diagrams of a trusted communication identity resolution field mapping provided in the embodiments of this application. Figure 2cThis is a second schematic diagram of a trusted communication identity resolution field mapping provided in an embodiment of this application. In one embodiment, the value in each of the n key-value pairs is the identity information mapping field corresponding to the key in the key-value pair.

[0049] Preferably, the configuration information is parsed as JSON data. For example, the configuration information is parsed as follows: { "certificateType": "enterprise", "fieldMapping": { "subjectOrganization": "cn", "dept": "ou", "title": "t", "location": "l", "country": "c", "extension1": "customField1", "extension2": "customField2" } } The `certificateType` field indicates the type of identity certificate. The `fieldMapping` field includes multiple key-value pairs; for example, the `subjectOrganization` field matches the `subjectOrganization` field of the calling terminal's identity certificate. In other words, the `subjectOrganization` field of the calling terminal's identity certificate is parsed into the `cn` field.

[0050] In one embodiment, the value in each of the n key-value pairs is the generation rule for the identity information mapping field of the identifier field corresponding to the key in the key-value pair.

[0051] It should be noted that the generation rule for the identity information mapping field can be a function name, where the client calls the corresponding function to generate the corresponding identity information mapping field. Alternatively, the generation rule can also be an executable script, where the client calls the executable script to generate the corresponding identity information mapping field.

[0052] In one embodiment, the n key-value pairs include m extended field key-value pairs, and the parsing configuration information further includes: m extended field description key-value pairs, the fields of the calling terminal identity certificate include custom fields, the keys in the m extended field key-value pairs correspond one-to-one with and are identical to the keys in the m extended field description key-value pairs, the value in each extended field description key-value pair is used to uniquely identify the custom field of the calling terminal identity certificate, and the value in each extended field key-value pair is used to indicate the parsing rule that the key in the extended field key-value pair corresponds to the identifier of the custom field, wherein m is an integer greater than or equal to 1, and m is less than or equal to n.

[0053] It should be noted that in this embodiment, custom fields in the ID card can be dynamically read based on the parsing configuration information. For example, the parsing configuration information is: { "certificateType": "education", "fieldMapping": { "subjectOrganization": "o", "dept": "ou", "title": "t", "extension1": "degree", "extension2": "major", "extension3": "studentId" }, "fieldDescription": { "extension1": "educational qualifications", "extension2": "professional", "extension3": "student ID" } } In this mechanism, the `extension1` field in the `fieldMapping` field is the key in the extended field key-value pair. The `extension1` field in the `fieldDescription` field is the key in the extended field description key-value pair. The `fieldDescription` field includes multiple extended field description key-value pairs. When a custom field A is added to the identity certificate, the user modifies the value of the `extension1` field in the `fieldDescription` field to A. Then, the user modifies the corresponding value of the `extension1` field in the `fieldMapping` field to the final field that the custom field A needs to be mapped to. This mechanism allows for rapid adaptation to identity certificate changes, enabling hot updates of identity certificates without modifying the trusted SDK code.

[0054] In one embodiment, the parsing configuration information for each certificate can be managed through a configuration management platform to achieve rapid creation, updating, and version management of the parsing configuration information, while also supporting hot updates of the configuration. In other words, users can directly modify the parsing configuration information for immediate effect, without needing to upgrade the trusted SDK.

[0055] Figure 3 This is a second flowchart illustrating a trusted communication identity resolution method provided in an embodiment of this application. In one embodiment, the method is applied to a ticket query server, and the method includes: S301-S303.

[0056] S301. Receive the identity credential request message sent by the called terminal.

[0057] The identity credential request message includes the calling terminal's authorization credentials; S302. Obtain the calling terminal's identity certificate and parse the configuration information based on the authorization credentials.

[0058] The configuration information is parsed and matched with the calling terminal's identity certificate.

[0059] It should be noted that S103-S104 above have already described in detail how the ticket query server obtains the calling terminal's identity certificate and parses configuration information based on the authorization credentials. This application will not repeat those details here.

[0060] S303. Return the calling terminal's identity certificate and parsing configuration information to the called terminal, so that the called terminal can parse the calling terminal's identity certificate based on the parsing configuration information and obtain the calling terminal's identity information.

[0061] It should be noted that S105 above has already described in detail how the called terminal parses the calling terminal's identity certificate based on the parsing configuration information to obtain the calling terminal's identity information. This application will not repeat that description here.

[0062] In one embodiment, the parsing configuration information includes n key-value pairs, where the key in each key-value pair is used to uniquely identify the field of the calling terminal identity certificate, and the value in each key-value pair is used to indicate the parsing rules of the identification field corresponding to the key in the key-value pair, where n is an integer greater than or equal to 1.

[0063] In one embodiment, the value in each of the n key-value pairs is the identity information mapping field corresponding to the key in the key-value pair.

[0064] See Figure 4 , Figure 4 This is a schematic block diagram of a trusted communication identity resolution device provided in an embodiment of this application. Corresponding to the above trusted communication identity resolution method, this application also provides a trusted communication identity resolution device. This trusted communication identity resolution device includes a unit for executing the above trusted communication identity resolution method, and can be configured in a terminal such as a desktop computer, tablet computer, or laptop computer. Specifically, the device is applied to a called terminal, and the trusted communication identity resolution device includes: The first acquisition unit 401 is used to acquire the identity token provided by the calling terminal when it initiates a communication request. Extraction unit 402 is used to extract authorization credentials from the identity token; Sending unit 403 is used to send an identity credential request message to the ticket query server, the identity credential request message including the authorization credential; The first receiving unit 404 is used to receive the calling terminal identity certificate and parsing configuration information returned by the ticket query server in response to the identity credential request message, wherein the parsing configuration information is matched with the calling terminal identity certificate. The parsing unit 405 is used to parse the calling terminal identity certificate based on the parsing configuration information to obtain the calling terminal identity information.

[0065] In one embodiment, the parsing configuration information includes n key-value pairs, where the key in each key-value pair is used to uniquely identify the field of the calling terminal identity certificate, and the value in each key-value pair is used to indicate the parsing rules of the identification field corresponding to the key in the key-value pair, where n is an integer greater than or equal to 1.

[0066] In one embodiment, the value in each of the n key-value pairs is the identity information mapping field corresponding to the key in the key-value pair.

[0067] In one embodiment, the value in each of the n key-value pairs is the generation rule for the identity information mapping field of the identifier field corresponding to the key in the key-value pair.

[0068] In one embodiment, the n key-value pairs include m extended field key-value pairs, and the parsing configuration information further includes: m extended field description key-value pairs, the fields of the calling terminal identity certificate include custom fields, the keys in the m extended field key-value pairs correspond one-to-one with and are identical to the keys in the m extended field description key-value pairs, the value in each extended field description key-value pair is used to uniquely identify the custom field of the calling terminal identity certificate, and the value in each extended field key-value pair is used to indicate the parsing rule that the key in the extended field key-value pair corresponds to the identifier of the custom field, wherein m is an integer greater than or equal to 1, and m is less than or equal to n.

[0069] See Figure 5 , Figure 5 This is a schematic block diagram of a trusted communication identity resolution device provided in an embodiment of this application. Corresponding to the above trusted communication identity resolution method, this application also provides a trusted communication identity resolution device. This trusted communication identity resolution device includes a unit for executing the above trusted communication identity resolution method, and can be configured in a terminal such as a desktop computer, tablet computer, or laptop computer. Specifically, the device is applied to a ticket query server, and the trusted communication identity resolution device includes: The second receiving unit 501 is used to receive an identity credential request message sent by the called terminal, wherein the identity credential request message includes the authorization credentials of the calling terminal. The second acquisition unit 502 is used to acquire the calling terminal identity certificate and parsing configuration information according to the authorization credential, wherein the parsing configuration information is matched with the calling terminal identity certificate. The return unit 503 is used to return the calling terminal identity certificate and the parsing configuration information to the called terminal, so that the called terminal can parse the calling terminal identity certificate based on the parsing configuration information to obtain the calling terminal identity information.

[0070] In one embodiment, the parsed configuration information includes n key-value pairs, where the key in each key-value pair is used to uniquely identify the field of the calling terminal identity certificate, and the value in each key-value pair is used to indicate the parsing rules of the identifier field corresponding to the key in the key-value pair, where n is an integer greater than or equal to 1.

[0071] In one embodiment, the value in each of the n key-value pairs is the identity information mapping field corresponding to the key in the key-value pair.

[0072] like Figure 6As shown, this application provides a computer device including a processor 61, a communication interface 62, a memory 63, and a communication bus 64. The processor 61, the communication interface 62, and the memory 63 communicate with each other through the communication bus 64. The memory 63 is used to store computer programs. In one embodiment of this application, when the processor 61 executes the program stored in the memory 63, it implements the control method for trusted communication identity resolution provided in any of the foregoing method embodiments.

[0073] It will be understood by those skilled in the art that all or part of the processes in the methods of the above embodiments can be implemented by a computer program instructing related hardware. The computer program may be stored in a storage medium, which is a computer-readable storage medium. The computer program is executed by at least one processor in the computer system to implement the process steps of the embodiments of the above methods.

[0074] Therefore, embodiments of this application also provide a computer-readable storage medium storing a computer program thereon, wherein the computer program, when executed by a processor, implements the steps of the trusted communication identity resolution method provided in any of the foregoing method embodiments.

[0075] The storage medium is a physical, non-transient storage medium, such as a USB flash drive, external hard drive, read-only memory (ROM), magnetic disk, or optical disk, or any other physical storage medium capable of storing program code. The computer-readable storage medium can be non-volatile or volatile.

[0076] Those skilled in the art will recognize that the units and algorithm steps of the various examples described in conjunction with the embodiments disclosed herein can be implemented in electronic hardware, computer software, or a combination of both. To clearly illustrate the interchangeability of hardware and software, the components and steps of the various examples have been generally described in terms of functionality in the foregoing description. Whether these functions are implemented in hardware or software depends on the specific application and design constraints of the technical solution. Those skilled in the art can use different methods to implement the described functions for each specific application, but such implementations should not be considered beyond the scope of this application.

[0077] In the several embodiments provided in this application, it should be understood that the disclosed apparatus and methods can be implemented in other ways. For example, the apparatus embodiments described above are merely illustrative. For example, the division of each unit is merely a logical functional division, and there may be other division methods in actual implementation. For example, multiple units or components may be combined or integrated into another system, or some features may be ignored or not executed.

[0078] The steps in the methods of this application embodiment can be adjusted, merged, or deleted according to actual needs. The units in the apparatus of this application embodiment can be merged, divided, or deleted according to actual needs. Furthermore, the functional units in the various embodiments of this application can be integrated into one processing unit, or each unit can exist physically separately, or two or more units can be integrated into one unit.

[0079] If the integrated unit is implemented as a software functional unit and sold or used as an independent product, it can be stored in a storage medium. Based on this understanding, the technical solution of this application, in essence, or the part that contributes to the prior art, or all or part of the technical solution, can be embodied in the form of a software product. This computer software product is stored in a storage medium and includes several instructions to cause a computer device (which may be a personal computer, a terminal, or a network device, etc.) to execute all or part of the steps of the methods described in the various embodiments of this application.

[0080] In the above embodiments, the descriptions of each embodiment have different focuses. For parts that are not described in detail in a certain embodiment, please refer to the relevant descriptions in other embodiments.

[0081] Obviously, those skilled in the art can make various modifications and variations to this application without departing from the spirit and scope of this application. Since these modifications and variations fall within the scope of the claims and their equivalents, this application also intends to include these modifications and variations.

[0082] The above description is merely a specific embodiment of this application, but the scope of protection of this application is not limited thereto. Any person skilled in the art can easily conceive of various equivalent modifications or substitutions within the technical scope disclosed in this application, and these modifications or substitutions should all be covered within the scope of protection of this application. Therefore, the scope of protection of this application should be determined by the scope of the claims.

Claims

1. A trusted communication identity resolution method, characterized in that, The method is applied to the called terminal, and the method includes: Obtain the identity token provided by the calling terminal when initiating the communication request; Extract the authorization credentials from the identity token; Send an identity credential request message to the ticket inquiry server, wherein the identity credential request message includes the authorization credential; The system receives the calling terminal identity certificate and parsing configuration information returned by the ticket query server in response to the identity credential request message, wherein the parsing configuration information is matched with the calling terminal identity certificate. The calling terminal identity certificate is parsed based on the parsed configuration information to obtain the calling terminal identity information.

2. The method according to claim 1, characterized in that, The parsing configuration information includes n key-value pairs. The key in each key-value pair is used to uniquely identify the field of the calling terminal identity certificate, and the value in each key-value pair is used to indicate the parsing rules of the identifier field corresponding to the key in the key-value pair, where n is an integer greater than or equal to 1.

3. The method according to claim 2, characterized in that, The value in each of the n key-value pairs is the identity information mapping field corresponding to the key in the key-value pair.

4. The method according to claim 2, characterized in that, The value in each of the n key-value pairs is the generation rule for the identity information mapping field of the identifier field corresponding to the key in the key-value pair.

5. The method according to claim 2, characterized in that, The n key-value pairs include m extended field key-value pairs. The parsing configuration information also includes m extended field description key-value pairs. The fields of the calling terminal identity certificate include custom fields. The keys in the m extended field key-value pairs correspond one-to-one with and are identical to the keys in the m extended field description key-value pairs. The value in each extended field description key-value pair is used to uniquely identify the custom field of the calling terminal identity certificate. The value in each extended field key-value pair is used to indicate the parsing rule that identifies the custom field corresponding to the key in the extended field key-value pair. Here, m is an integer greater than or equal to 1, and m is less than or equal to n.

6. A trusted communication identity resolution method, characterized in that, The method is applied to a ticket query server, and the method includes: Receive an identity credential request message sent by the called terminal, wherein the identity credential request message includes the authorization credentials of the calling terminal; The calling terminal identity certificate and parsing configuration information are obtained based on the authorization credentials, and the parsing configuration information is matched with the calling terminal identity certificate. The calling terminal's identity certificate and the parsing configuration information are returned to the called terminal, so that the called terminal can parse the calling terminal's identity certificate based on the parsing configuration information to obtain the calling terminal's identity information.

7. The method according to claim 6, characterized in that, The parsing configuration information includes n key-value pairs. The key in each key-value pair is used to uniquely identify the field of the calling terminal identity certificate, and the value in each key-value pair is used to indicate the parsing rules of the identifier field corresponding to the key in the key-value pair, where n is an integer greater than or equal to 1.

8. The method according to claim 7, characterized in that, The value in each of the n key-value pairs is the identity information mapping field corresponding to the key in the key-value pair.

9. A trusted communication identity resolution device, characterized in that, The device is applied to the called terminal, and the device includes: The first acquisition unit is used to acquire the identity token provided by the calling terminal when initiating a communication request; Extraction unit, used to extract authorization credentials from the identity token; A sending unit is configured to send an identity credential request message to a ticket query server, wherein the identity credential request message includes the authorization credential. The first receiving unit is configured to receive the calling terminal identity certificate and parsing configuration information returned by the ticket query server in response to the identity credential request message, wherein the parsing configuration information is matched with the calling terminal identity certificate. The parsing unit is used to parse the calling terminal identity certificate based on the parsing configuration information to obtain the calling terminal identity information.

10. A trusted communication identity resolution device, characterized in that, The device is used in a ticket query server, and the device includes: The second receiving unit is used to receive an identity credential request message sent by the called terminal, wherein the identity credential request message includes the authorization credentials of the calling terminal. The second acquisition unit is used to acquire the calling terminal identity certificate and parsing configuration information based on the authorization credential, wherein the parsing configuration information is matched with the calling terminal identity certificate. The return unit is used to return the calling terminal identity certificate and the parsing configuration information to the called terminal, so that the called terminal can parse the calling terminal identity certificate based on the parsing configuration information to obtain the calling terminal identity information.