A trusted identity display method, device, equipment and medium

By generating and transmitting identity tokens through a trusted gateway, the problem of unclear caller identity in privacy number services is solved, and the enterprise identity of the called terminal is displayed, thereby enhancing the enterprise's brand awareness.

CN122179149APending Publication Date: 2026-06-09WEIWEI SHANGHAI NETWORK TECH CO LTD +1

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
WEIWEI SHANGHAI NETWORK TECH CO LTD
Filing Date
2026-02-06
Publication Date
2026-06-09

AI Technical Summary

Technical Problem

In existing privacy number services, the lack of clear caller identification leads to a decrease in corporate brand awareness.

Method used

The trusted gateway receives the privacy number binding relationship and the target company's identifier sent by the intermediate number platform, obtains the target company's identity credentials, generates a first identity token, and uploads it to the token message transmission server, enabling the called terminal to download and display the calling terminal's corporate identity information.

Benefits of technology

This technology enables the called terminal to accurately display the enterprise identity information of the calling terminal, thereby improving the enterprise's brand awareness and solving the problem of reduced brand recognition caused by unclear caller identity identification.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN122179149A_ABST
    Figure CN122179149A_ABST
Patent Text Reader

Abstract

This application relates to a trusted identity display method, apparatus, device, and medium, comprising: receiving a privacy number, a called terminal number, and an enterprise identifier sent by an intermediate number platform; obtaining the enterprise's identity credentials based on the identifier; generating an identity token based on the identity credentials, the privacy number, and the called terminal number; and uploading the identity token to a token message transmission server, so that the called terminal can download the identity token and display the calling terminal's enterprise identity information based on the identity token. As can be seen, this application generates an identity token based on the enterprise's identity credentials, privacy number, and the called terminal number and uploads it to a token message transmission server. After receiving a call from the calling terminal, the called terminal obtains and parses the identity token from the token message transmission server, thereby obtaining and displaying the calling terminal's enterprise identity information. This mechanism enables the called terminal to display the calling terminal's enterprise identity information, effectively improving enterprise brand awareness.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This application relates to the field of trusted communication, and in particular to a trusted identity display method, apparatus, device and medium. Background Technology

[0002] In the wave of the digital economy, the internet industry has experienced explosive growth, with deep integration of online and offline businesses and increasingly diversified interaction scenarios between enterprises and users. Whether it's transaction communication on e-commerce platforms or order communication for food delivery, service quality and information security have become key components of a company's core competitiveness. Users are increasingly aware of the importance of protecting their personal information, and relevant laws and regulations are becoming more comprehensive. Against this backdrop, privacy number services, which enable the hiding of the real phone numbers of both parties in communication, are gradually becoming a fundamental feature of enterprise services for users, providing crucial support for the compliant operation of various businesses, thanks to their core roles in privacy protection and risk avoidance.

[0003] Currently, the core operating logic of existing privacy number services generally revolves around "virtual phone number relay". Specifically, companies connect with operators or third-party privacy number service providers to assign a unique virtual phone number for each communication scenario between the user and the company. When a user initiates a call, the signal is first processed through the privacy number platform, and the terminal devices of both communicating parties only display the assigned virtual phone number, rather than each other's real phone numbers.

[0004] However, enterprise-side applications account for a very large proportion of the privacy account service. The existing single mode of "displaying only the virtual phone number" is gradually revealing its shortcomings in adapting to enterprise business scenarios due to brand building needs. This has significantly impacted the brand's recognition and authenticity, seriously affecting the company's brand competitiveness. Summary of the Invention

[0005] This application provides a trusted identity display method, apparatus, computer device, and storage medium, aiming to solve the technical problem of reduced corporate brand awareness caused by unclear caller identity in existing privacy number services.

[0006] In a first aspect, embodiments of this application provide a trusted identity display method, the method being applied to a trusted gateway, the method comprising: The system receives the privacy number binding relationship and the target enterprise's identifier sent by the intermediate number platform. The privacy number binding relationship includes the privacy number and the number of the called terminal, and the target enterprise is matched with the privacy number. Obtain the target company's identity credentials based on the identifier; A first identity token is generated based on the target enterprise's identity credentials, the privacy number, and the number of the called terminal; The first identity token is uploaded to the token message transmission server so that the called terminal downloads the first identity token and displays the calling terminal's enterprise identity information based on the first identity token.

[0007] Optionally, the privacy number binding relationship also includes the caller's terminal number, and before obtaining the target enterprise's identity credential based on the identifier, the method further includes: The identity information of the calling terminal is verified based on the calling terminal's number and the privacy number; If the identity information of the calling terminal is verified, then the step of obtaining the identity credential of the target enterprise based on the identifier is executed.

[0008] Optionally, verifying the identity information of the calling terminal based on the calling terminal's number and the privacy number includes: A first token index is generated based on the calling terminal's number and the privacy number; Download the second identity token from the token message transmission server based on the first token index; Extract the first authorization credential from the second identity token; The caller's identity credential is obtained from the identity credential query server based on the first authorization credential. The identity information of the calling terminal is verified based on the calling terminal's identity credentials.

[0009] Optionally, verifying the identity information of the calling terminal based on the calling terminal's identity credentials includes: The identity credentials of the calling terminal are verified using a certificate chain. The identity credentials of the calling terminal are used to verify the second identity token. If the certificate chain verification passes and the second identity token verification passes, then the identity information of the calling terminal is verified. If the certificate chain verification fails or the second identity token verification fails, then the identity information verification of the calling terminal fails.

[0010] Secondly, embodiments of this application also provide a trusted identity display method, the method being applied to a called terminal, the method comprising: Receive a call request initiated by a calling terminal, the call request including a privacy number, the privacy number being matched with a target enterprise; Obtain the number of the called terminal; A second token index is generated based on the called terminal's number and the privacy number; The first identity token is downloaded from the token message transmission server based on the second token index. The first identity token is generated based on the identity credentials of the target enterprise, the privacy number, and the number of the called terminal. The identity information of the target enterprise is verified based on the first identity token; If the identity information of the target enterprise is verified, the enterprise identity information of the calling terminal is displayed.

[0011] Optionally, verifying the identity information of the target enterprise based on the first identity token includes: Extract the second authorization credential from the first identity token; Based on the second authorization credential, the identity credential of the target enterprise is obtained from the identity credential query server; The identity information of the target company is verified based on the target company's identity credentials.

[0012] Optionally, the step of verifying the identity information of the target enterprise based on the target enterprise's identity credentials includes: The identity credentials of the target enterprise are verified using a certificate chain. The first identity token is verified using the identity credentials of the target enterprise. If the certificate chain verification passes and the first identity token signature verification passes, then the identity information of the target enterprise is verified. If the certificate chain verification fails or the first identity token verification fails, then the identity information verification of the target enterprise fails.

[0013] Thirdly, embodiments of this application also provide a trusted identity display device, which is applied to a trusted gateway and includes a unit for performing the above-described method.

[0014] Fourthly, embodiments of this application also provide a trusted identity display device, which is applied to a called terminal and includes a unit for performing the above-described method.

[0015] Fifthly, embodiments of this application also provide a computer device, which includes a memory and a processor, wherein the memory stores a computer program, and the processor executes the computer program to implement the above-described method.

[0016] Sixthly, embodiments of this application also provide a computer-readable storage medium storing a computer program that, when executed by a processor, can implement the above-described method.

[0017] This application provides a trusted identity display method, apparatus, device, and medium. The method, applied to a trusted gateway, includes: receiving a privacy number binding relationship and a target enterprise identifier sent by an intermediate number platform; the privacy number binding relationship includes a privacy number and the number of the called terminal, with the target enterprise matching the privacy number; obtaining the target enterprise's identity credentials based on the identifier; generating a first identity token based on the target enterprise's identity credentials, the privacy number, and the number of the called terminal; and uploading the first identity token to a token message transmission server, so that the called terminal downloads the first identity token and displays the calling terminal's enterprise identity information based on the first identity token. Therefore, in this application's technical solution, the trusted gateway receives the privacy number binding relationship and the target enterprise identifier sent by an intermediate number platform. The privacy number binding relationship includes a privacy number and the number of the called terminal, with the target enterprise matching the privacy number. Next, the target enterprise's identity credentials are obtained based on the identifier. Furthermore, a first identity token is generated based on the target enterprise's identity credentials, the privacy number, and the number of the called terminal. Finally, the first identity token is uploaded to the token message transmission server, enabling the called terminal to download the first identity token and display the calling terminal's corporate identity information based on it. Therefore, the technical solution of this application first generates a first identity token based on the target enterprise's identity credentials, privacy number, and the called terminal's number. The target enterprise matches the privacy number. Next, the first identity token is uploaded to the token message transmission server. After receiving a call from the calling terminal, the called terminal can obtain and parse the first identity token from the token message transmission server to obtain and display the calling terminal's corporate identity information. In privacy number service scenarios, this mechanism enables the called terminal to accurately display the calling terminal's corporate identity information, effectively solving the problem of reduced corporate brand awareness caused by unclear caller identity in privacy number services, thereby significantly improving corporate brand awareness. Attached Figure Description

[0018] The accompanying drawings, which are incorporated in and form part of this specification, illustrate embodiments consistent with this application and, together with the description, serve to explain the principles of this application.

[0019] To more clearly illustrate the technical solutions in the embodiments of this application or the prior art, the drawings used in the description of the embodiments or the prior art will be briefly introduced below. Obviously, for those skilled in the art, other drawings can be obtained based on these drawings without creative effort.

[0020] One or more embodiments are illustrated by way of example with reference numerals in the accompanying drawings. These illustrations do not constitute a limitation on the embodiments. Elements with the same reference numerals in the drawings are denoted as similar elements. Unless otherwise stated, the figures in the drawings are not to be limited by scale.

[0021] Figure 1a One of the flowcharts illustrating a trusted identity display method provided in this application embodiment; Figure 1b This is one of the schematic diagrams of a trusted identity display method system provided in the embodiments of this application; Figure 1c This is a second schematic diagram of a trusted identity display method system provided in an embodiment of this application; Figure 2 A second flowchart illustrating a trusted identity display method provided in an embodiment of this application; Figure 3 One of the schematic block diagrams of a trusted identity display device provided in the embodiments of this application; Figure 4 A second schematic block diagram of a trusted identity display device provided in the embodiments of this application; Figure 5 A computer device provided in an embodiment of this application. Detailed Implementation

[0022] To make the objectives, technical solutions, and advantages of the embodiments of this application clearer, the technical solutions of the embodiments of this application will be clearly and completely described below with reference to the accompanying drawings. Obviously, the described embodiments are only some embodiments of this application, not all embodiments. Based on the embodiments of this application, all other embodiments obtained by those skilled in the art without creative effort are within the scope of protection of this application.

[0023] The following disclosure provides numerous different embodiments or examples for implementing various structures of this application. To simplify the disclosure, specific examples of components and arrangements are described below. These are merely examples and are not intended to limit the scope of this application. Furthermore, reference numerals and / or letters may be repeated in different examples. Such repetition is for simplification and clarity and does not in itself indicate a relationship between the various embodiments and / or arrangements discussed.

[0024] It should be understood that, when used in this specification and the appended claims, the terms "comprising" and "including" indicate the presence of the described features, integrals, steps, operations, elements and / or components, but do not exclude the presence or addition of one or more other features, integrals, steps, operations, elements, components and / or collections thereof.

[0025] It should also be understood that the terminology used in this specification is for the purpose of describing particular embodiments only and is not intended to limit the scope of the application. As used in this specification and the appended claims, the singular forms “a,” “an,” and “the” are intended to include the plural forms unless the context clearly indicates otherwise.

[0026] It should also be further understood that the term “and / or” as used in this application specification and the appended claims means any combination of one or more of the associated listed items and all possible combinations, and includes such combinations.

[0027] As used in this specification and the appended claims, the term "if" may be interpreted, depending on the context, as "when," "once," "in response to determination," or "in response to detection." Similarly, the phrase "if determined" or "if [described condition or event] is detected" may be interpreted, depending on the context, as "once determined," "in response to determination," "once [described condition or event] is detected," or "in response to detection of [described condition or event]."

[0028] To address the technical issue of reduced brand awareness caused by unclear caller identity in existing privacy number services, this application provides a trusted identity display device that enables the called terminal to display the caller's identity.

[0029] Please see Figures 1a-1b , Figure 1a This is one of the flowcharts illustrating a trusted identity display method provided in an embodiment of this application. Figure 1b This is one of the schematic diagrams of a trusted identity display method system provided in an embodiment of this application. In one embodiment, the method is applied to a trusted gateway, and the method includes: S101-S104.

[0030] S101, Receive the privacy number binding relationship and the target company's identifier sent by the intermediate number platform.

[0031] The privacy number binding relationship includes the privacy number and the called terminal's number. The target enterprise is matched with the privacy number.

[0032] It should be noted that in the privacy number service scenario, when a target enterprise uses the privacy number service, it needs to submit a registration application to the operator's intermediary number platform in advance. The intermediary number platform then synchronizes the target enterprise's identifier and enterprise name, along with other enterprise information, with the trusted communication platform for filing. After successful filing, the trusted gateway can download the organization's identity certificate from the identity certificate issuance center. Additionally, the operator simultaneously assigns at least one privacy number to the target enterprise for its privacy number service usage.

[0033] When a calling terminal needs to initiate a call to a called terminal, the calling terminal obtains the corresponding privacy number from the target enterprise's business system. This privacy number is associated with both the calling terminal's number and the called terminal's number. Then, the calling terminal initiates a call to the privacy number. Upon receiving the call carrying the privacy number, the operator's intermediate number platform obtains the privacy number binding relationship and the target enterprise's identifier from the target enterprise's business system, and sends the privacy number binding relationship to the trusted gateway.

[0034] S102. Obtain the target company's identity credentials based on the identifier.

[0035] It should be noted that the trusted gateway can download the target company's identity credentials from the identity credential issuance center based on the company's identifier.

[0036] S103. Generate a first identity token based on the target company's identity credentials, privacy number, and the called terminal's number.

[0037] The first identity token includes the target company's identity credentials, privacy number, and the number of the called terminal.

[0038] S104. Upload the first identity token to the token message transmission server so that the called terminal can download the first identity token and display the calling terminal's enterprise identity information based on the first identity token.

[0039] It should be noted that the trusted gateway uploads the first identity token to the token message transmission server. When the called terminal receives a call from the calling terminal, it downloads the first identity token from the token message transmission server and displays the calling terminal's enterprise identity information based on the first identity token.

[0040] It should be noted that this application will describe in detail how the called terminal displays the calling terminal's enterprise identity information based on the first identity token in the later embodiments. This application will not repeat those details here.

[0041] It should be noted that the first identity token in this application is generated using the target enterprise's identity credentials, so that the called party can display the calling terminal's enterprise identity information rather than its personal identity information. Furthermore, in this embodiment, the calling terminal does not need to integrate a trusted SDK to complete the calling terminal's authentication and identity display.

[0042] This application provides a trusted identity display method. The method is applied to a trusted gateway and includes: receiving a privacy number binding relationship and a target enterprise identifier sent by an intermediate number platform. The privacy number binding relationship includes a privacy number and the number of the called terminal, and the target enterprise matches the privacy number; obtaining the target enterprise's identity credential based on the identifier; generating a first identity token based on the target enterprise's identity credential, the privacy number, and the number of the called terminal; and uploading the first identity token to a token message transmission server, so that the called terminal downloads the first identity token and displays the calling terminal's enterprise identity information based on the first identity token. Therefore, in this application's technical solution, the trusted gateway receives the privacy number binding relationship and the target enterprise identifier sent by an intermediate number platform. The privacy number binding relationship includes a privacy number and the number of the called terminal, and the target enterprise matches the privacy number. Next, the target enterprise's identity credential is obtained based on the identifier. Then, a first identity token is generated based on the target enterprise's identity credential, the privacy number, and the number of the called terminal. Finally, the first identity token is uploaded to a token message transmission server, so that the called terminal downloads the first identity token and displays the calling terminal's enterprise identity information based on the first identity token. Therefore, the technical solution of this application first generates a first identity token based on the target enterprise's identity credentials, privacy number, and the called terminal's number. The target enterprise is matched with the privacy number. Next, the first identity token is uploaded to a token message transmission server. After receiving a call from the calling terminal, the called terminal can obtain and parse the first identity token from the token message transmission server, thereby obtaining and displaying the calling terminal's enterprise identity information. In the privacy number service scenario, this mechanism enables the called terminal to accurately display the calling terminal's enterprise identity information, effectively solving the problem of reduced brand awareness caused by unclear caller identity in privacy number services, and thus significantly improving the enterprise's brand awareness.

[0043] Please see Figure 1c , Figure 1c This is a second schematic diagram of a trusted identity display method system provided in an embodiment of this application. In one embodiment, the privacy number binding relationship also includes the number of the calling terminal. Before S102 described above, the method further includes: S105-S106.

[0044] S105. Verify the identity information of the calling terminal based on the calling terminal's number and privacy number.

[0045] It should be noted that, in this embodiment of the application, the identity information of the calling terminal can also be verified to provide security for communication between the two parties.

[0046] In one embodiment, S105 specifically includes the following steps: S1051-S1055.

[0047] S1051. Generate a first token index based on the calling terminal's number and privacy number.

[0048] S1052. Download the second identity token from the token message delivery server based on the first token index.

[0049] S1053. Extract the first authorization credential from the second identity token.

[0050] S1054. Obtain the calling terminal's identity credential from the identity credential query server based on the first authorization credential.

[0051] S1055. Verify the identity information of the calling terminal based on the calling terminal's identity credentials.

[0052] It should be noted that S1051-S1055 will be described in detail below.

[0053] In this embodiment of the application, when the calling terminal initiates a call request to the called terminal, the calling terminal generates a second identity token based on the calling terminal's number and privacy number, which is then downloaded by the trusted gateway to verify the calling terminal's identity information.

[0054] The trusted gateway generates a first token index based on the calling terminal's number and privacy number. Then, it downloads a second identity token from the token message delivery server based on the first token index. Next, the trusted gateway extracts a first authorization credential from the second identity token. Then, based on the first authorization credential, it retrieves the calling terminal's identity credential from the identity credential query server. Finally, it verifies the calling terminal's identity information based on the calling terminal's identity credential.

[0055] In one embodiment, S1055 specifically includes the following steps: S10551-S10554.

[0056] S10551. Verify the certificate chain of the calling terminal's identity credentials.

[0057] S10552. Use the calling terminal's identity credentials to verify the second identity token.

[0058] S10553. If the certificate chain verification passes and the second identity token verification passes, then the calling terminal's identity information verification passes.

[0059] S10554. If the certificate chain verification fails or the second identity token verification fails, the identity information verification of the calling terminal fails.

[0060] It should be noted that the calling terminal's identity credential is essentially an identity certificate issued by an identity credential issuance center, i.e., a CA certificate. In this embodiment, a certificate chain verification is required for the calling terminal's identity credential. Once the certificate chain verification passes, the calling terminal's identity credential is then used to verify the signature of the second identity token. Only when both the certificate chain verification and the second identity token verification pass are the calling terminal's identity information verified.

[0061] S106. If the identity information of the calling terminal is verified, then the steps of S102 above shall be executed.

[0062] It should be noted that, in this embodiment of the application, both the calling terminal and the called terminal need to integrate a trusted SDK to achieve authentication and display of the calling terminal.

[0063] It should be noted that this embodiment not only displays the calling terminal's enterprise identity information in the privacy number service, but also interfaces with a trusted platform to achieve identity verification of the calling terminal. This mechanism effectively prevents attackers from impersonating legitimate platforms and using intermediate numbers for fraud. On the one hand, it can enhance the company's visibility; on the other hand, it can ensure the authenticity and reliability of the company's information.

[0064] Please see Figure 2 , Figure 2 This is a second flowchart illustrating a trusted identity display method provided in an embodiment of this application. In one embodiment, the method is applied to a called terminal, and the method includes: S201-S205.

[0065] S201, Receive a call request initiated by the calling terminal.

[0066] The call request includes a private number that is matched with the target company.

[0067] It should be noted that the privacy number and target company have already been detailed in S101 above. Therefore, this application will not repeat them here.

[0068] S202. Obtain the number of the called terminal.

[0069] S203. Generate a second token index based on the called terminal's number and privacy number.

[0070] S204. Download the first identity token from the token message delivery server based on the second token index.

[0071] The first identity token is generated based on the target company's identity credentials, privacy number, and the called terminal's number.

[0072] S205. Verify the identity information of the target enterprise based on the first identity token.

[0073] In one embodiment, S205 specifically includes the following steps: S2051-S2053.

[0074] S2051. Extract the second authorization credential from the first identity token.

[0075] S2052. Obtain the target company's identity credentials from the identity credential query server based on the second authorization credentials.

[0076] S2053. Verify the identity information of the target company based on the target company's identity credentials.

[0077] It should be noted that S2051-S2053 are similar to S1053-S1055, and will not be described again here.

[0078] In one embodiment, S2053 specifically includes the following steps: S20531-S20534.

[0079] S20531. Verify the certificate chain of the target company's identity credentials.

[0080] S20532. Verify the first identity token using the target company's identity credentials; S20533. If the certificate chain verification passes and the first identity token verification passes, then the identity information of the target enterprise is verified.

[0081] S20534. If the certificate chain verification fails or the first identity token verification fails, then the identity information verification of the target enterprise fails.

[0082] It should be noted that S20531-S20534 are the same as or similar to S10551-S10554. This application will not elaborate further on these points.

[0083] S206. If the identity information of the target enterprise is verified, the enterprise identity information of the calling terminal is displayed.

[0084] The enterprise identity information includes, but is not limited to, the enterprise name, department name, individual name, employee number, and job title.

[0085] See Figure 3 , Figure 3 This is one of the schematic block diagrams of a trusted identity display device provided in the embodiments of this application. Corresponding to the above trusted identity display method, this application also provides a trusted identity display device. The trusted identity display device includes a unit for executing the above trusted identity display method, and the trusted identity display device can be configured in a terminal such as a desktop computer, tablet computer, or laptop computer. Specifically, the device is applied to a trusted gateway, and the trusted identity display device includes: The first receiving unit 301 is used to receive the privacy number binding relationship and the identifier of the target enterprise sent by the intermediate number platform. The privacy number binding relationship includes the privacy number and the number of the called terminal, and the target enterprise is matched with the privacy number. The first acquisition unit 302 is used to acquire the identity credential of the target enterprise based on the identifier; The first generation unit 303 is used to generate a first identity token based on the identity credentials of the target enterprise, the privacy number, and the number of the called terminal; The uploading unit 304 is used to upload the first identity token to the token message transmission server, so that the called terminal downloads the first identity token and displays the calling terminal's enterprise identity information based on the first identity token.

[0086] In one embodiment, the device further includes: The first verification unit 305 is used to verify the identity information of the calling terminal based on the calling terminal's number and the privacy number; If the identity information of the calling terminal is verified, then the step of obtaining the identity credential of the target enterprise based on the identifier is executed.

[0087] In one embodiment, the first verification unit 305 is specifically used for: A first token index is generated based on the calling terminal's number and the privacy number; Download the second identity token from the token message transmission server based on the first token index; Extract the first authorization credential from the second identity token; The caller's identity credential is obtained from the identity credential query server based on the first authorization credential. The identity information of the calling terminal is verified based on the calling terminal's identity credentials.

[0088] In one embodiment, the first verification unit 305 is specifically used for: The identity credentials of the calling terminal are verified using a certificate chain. The identity credentials of the calling terminal are used to verify the second identity token. If the certificate chain verification passes and the second identity token verification passes, then the identity information of the calling terminal is verified. If the certificate chain verification fails or the second identity token verification fails, then the identity information verification of the calling terminal fails.

[0089] See Figure 4 , Figure 4This is a second schematic block diagram of a trusted identity display device provided in an embodiment of this application. Corresponding to the above trusted identity display method, this application also provides a trusted identity display device. The trusted identity display device includes a unit for executing the above trusted identity display method, and the trusted identity display device can be configured in a terminal such as a desktop computer, tablet computer, or laptop computer. Specifically, the device is applied to a called terminal, and the trusted identity display device includes: The second receiving unit 401 is used to receive a call request initiated by the calling terminal, wherein the call request includes a privacy number and the privacy number is matched with the target enterprise; The second acquisition unit 402 is used to acquire the number of the called terminal; The second generation unit 403 is used to generate a second token index based on the number of the called terminal and the privacy number; Download unit 404 is used to download a first identity token from the token message transmission server based on the second token index. The first identity token is generated based on the identity credentials of the target enterprise, the privacy number, and the number of the called terminal. The second verification unit 405 is used to verify the identity information of the target enterprise based on the first identity token; The display unit 406 is used to display the enterprise identity information of the calling terminal if the identity information of the target enterprise is verified.

[0090] In one embodiment, the second verification unit 405 is specifically used for: Extract the second authorization credential from the first identity token; Based on the second authorization credential, the identity credential of the target enterprise is obtained from the identity credential query server; The identity information of the target company is verified based on the target company's identity credentials.

[0091] In one embodiment, the second verification unit 405 is specifically used for: The identity credentials of the target enterprise are verified using a certificate chain. The first identity token is verified using the identity credentials of the target enterprise. If the certificate chain verification passes and the first identity token signature verification passes, then the identity information of the target enterprise is verified. If the certificate chain verification fails or the first identity token verification fails, then the identity information verification of the target enterprise fails.

[0092] like Figure 5As shown, this application provides a computer device including a processor 51, a communication interface 52, a memory 53, and a communication bus 54. The processor 51, the communication interface 52, and the memory 53 communicate with each other through the communication bus 54. The memory 53 is used to store computer programs. In one embodiment of this application, when the processor 51 executes the program stored in the memory 53, it implements the control method for displaying trusted identity provided in any of the foregoing method embodiments.

[0093] It will be understood by those skilled in the art that all or part of the processes in the methods of the above embodiments can be implemented by a computer program instructing related hardware. The computer program may be stored in a storage medium, which is a computer-readable storage medium. The computer program is executed by at least one processor in the computer system to implement the process steps of the embodiments of the above methods.

[0094] Therefore, embodiments of this application also provide a computer-readable storage medium storing a computer program thereon, wherein the computer program, when executed by a processor, implements the steps of the trusted identity display method provided in any of the foregoing method embodiments.

[0095] The storage medium is a physical, non-transient storage medium, such as a USB flash drive, external hard drive, read-only memory (ROM), magnetic disk, or optical disk, or any other physical storage medium capable of storing program code. The computer-readable storage medium can be non-volatile or volatile.

[0096] Those skilled in the art will recognize that the units and algorithm steps of the various examples described in conjunction with the embodiments disclosed herein can be implemented in electronic hardware, computer software, or a combination of both. To clearly illustrate the interchangeability of hardware and software, the components and steps of the various examples have been generally described in terms of functionality in the foregoing description. Whether these functions are implemented in hardware or software depends on the specific application and design constraints of the technical solution. Those skilled in the art can use different methods to implement the described functions for each specific application, but such implementations should not be considered beyond the scope of this application.

[0097] In the several embodiments provided in this application, it should be understood that the disclosed apparatus and methods can be implemented in other ways. For example, the apparatus embodiments described above are merely illustrative. For example, the division of each unit is merely a logical functional division, and there may be other division methods in actual implementation. For example, multiple units or components may be combined or integrated into another system, or some features may be ignored or not executed.

[0098] The steps in the methods of this application embodiment can be adjusted, merged, or deleted according to actual needs. The units in the apparatus of this application embodiment can be merged, divided, or deleted according to actual needs. Furthermore, the functional units in the various embodiments of this application can be integrated into one processing unit, or each unit can exist physically separately, or two or more units can be integrated into one unit.

[0099] If the integrated unit is implemented as a software functional unit and sold or used as an independent product, it can be stored in a storage medium. Based on this understanding, the technical solution of this application, in essence, or the part that contributes to the prior art, or all or part of the technical solution, can be embodied in the form of a software product. This computer software product is stored in a storage medium and includes several instructions to cause a computer device (which may be a personal computer, a terminal, or a network device, etc.) to execute all or part of the steps of the methods described in the various embodiments of this application.

[0100] In the above embodiments, the descriptions of each embodiment have different focuses. For parts that are not described in detail in a certain embodiment, please refer to the relevant descriptions in other embodiments.

[0101] Obviously, those skilled in the art can make various modifications and variations to this application without departing from the spirit and scope of this application. Since these modifications and variations fall within the scope of the claims and their equivalents, this application also intends to include these modifications and variations.

[0102] The above description is merely a specific embodiment of this application, but the scope of protection of this application is not limited thereto. Any person skilled in the art can easily conceive of various equivalent modifications or substitutions within the technical scope disclosed in this application, and these modifications or substitutions should all be covered within the scope of protection of this application. Therefore, the scope of protection of this application should be determined by the scope of the claims.

Claims

1. A method for displaying a trusted identity, characterized in that, The method is applied to a trusted gateway, and the method includes: The system receives the privacy number binding relationship and the target enterprise's identifier sent by the intermediate number platform. The privacy number binding relationship includes the privacy number and the number of the called terminal, and the target enterprise is matched with the privacy number. Obtain the target company's identity credentials based on the identifier; A first identity token is generated based on the target enterprise's identity credentials, the privacy number, and the number of the called terminal; The first identity token is uploaded to the token message transmission server so that the called terminal downloads the first identity token and displays the calling terminal's enterprise identity information based on the first identity token.

2. The method according to claim 1, characterized in that, The privacy number binding relationship also includes the caller's terminal number. Before obtaining the target enterprise's identity credential based on the identifier, the method further includes: The identity information of the calling terminal is verified based on the calling terminal's number and the privacy number; If the identity information of the calling terminal is verified, then the step of obtaining the identity credential of the target enterprise based on the identifier is executed.

3. The method according to claim 2, characterized in that, The step of verifying the identity information of the calling terminal based on the calling terminal's number and the privacy number includes: A first token index is generated based on the calling terminal's number and the privacy number; Download the second identity token from the token message transmission server based on the first token index; Extract the first authorization credential from the second identity token; The caller's identity credential is obtained from the identity credential query server based on the first authorization credential. The identity information of the calling terminal is verified based on the calling terminal's identity credentials.

4. The method according to claim 3, characterized in that, The step of verifying the identity information of the calling terminal based on the calling terminal's identity credentials includes: The identity credentials of the calling terminal are verified using a certificate chain. The identity credentials of the calling terminal are used to verify the second identity token. If the certificate chain verification passes and the second identity token verification passes, then the identity information of the calling terminal is verified. If the certificate chain verification fails or the second identity token verification fails, then the identity information verification of the calling terminal fails.

5. A method for demonstrating a trusted identity, characterized in that: The method is applied to the called terminal, and the method includes: Receive a call request initiated by a calling terminal, the call request including a privacy number, the privacy number being matched with a target enterprise; Obtain the number of the called terminal; A second token index is generated based on the called terminal's number and the privacy number; The first identity token is downloaded from the token message transmission server based on the second token index. The first identity token is generated based on the identity credentials of the target enterprise, the privacy number, and the number of the called terminal. The identity information of the target enterprise is verified based on the first identity token; If the identity information of the target enterprise is verified, the enterprise identity information of the calling terminal is displayed.

6. The method according to claim 5, characterized in that, The verification of the target enterprise's identity information based on the first identity token includes: Extract the second authorization credential from the first identity token; Based on the second authorization credential, the identity credential of the target enterprise is obtained from the identity credential query server; The identity information of the target company is verified based on the target company's identity credentials.

7. The method according to claim 6, characterized in that, The step of verifying the identity information of the target enterprise based on the target enterprise's identity credentials includes: The identity credentials of the target enterprise are verified using a certificate chain. The first identity token is verified using the identity credentials of the target enterprise. If the certificate chain verification passes and the first identity token signature verification passes, then the identity information of the target enterprise is verified. If the certificate chain verification fails or the first identity token verification fails, then the identity information verification of the target enterprise fails.

8. A trusted identity display device, characterized in that, The device is used in a trusted gateway, and the device includes: The receiving unit is used to receive the privacy number binding relationship and the identifier of the target enterprise sent by the intermediate number platform. The privacy number binding relationship includes the privacy number and the number of the called terminal, and the target enterprise is matched with the privacy number. The acquisition unit is used to acquire the identity credentials of the target enterprise based on the identifier; The generation unit is used to generate a first identity token based on the identity credentials of the target enterprise, the privacy number, and the number of the called terminal; The uploading unit is used to upload the first identity token to the token message transmission server, so that the called terminal downloads the first identity token and displays the calling terminal's enterprise identity information based on the first identity token.

9. A computer device, characterized in that, The computer device includes a memory and a processor, the memory storing a computer program, and the processor executing the computer program to implement the method as described in any one of claims 1 to 7.

10. A computer-readable storage medium, characterized in that, The storage medium stores a computer program that, when executed by a processor, can implement the method as described in any one of claims 1 to 7.