CN113037773A

CN113037773A - Active identification carrier, management method thereof and service platform

Info

Publication number: CN113037773A
Application number: CN202110340025.6A
Authority: CN
Inventors: 贾雪琴; 孙阳阳; 史可; 林晨
Original assignee: China United Network Communications Group Co Ltd; Unicom Vsens Telecommunications Co Ltd
Current assignee: China United Network Communications Group Co Ltd; Unicom Vsens Telecommunications Co Ltd
Priority date: 2021-03-30
Filing date: 2021-03-30
Publication date: 2021-06-25
Anticipated expiration: 2041-03-30
Also published as: CN113037773B

Abstract

The embodiment of the application provides an active identification carrier, a management method thereof and a service platform, relates to the technical field of industry, and is used for realizing batch management of the active identification carrier. The method comprises the following steps: the method comprises the steps that an active identification carrier service platform receives a first write-in request message sent by an enterprise information system; the first write request message comprises an industrial identification and an active identification carrier identification; the active identification carrier service platform sends a second write request message to the active identification carrier; the second write request message comprises an industrial identifier, and the active identifier carrier corresponds to the active identifier carrier identifier; the active identification carrier receives a second write request message sent by the active identification carrier service platform and stores a corresponding industrial identification; the active identification carrier returns a first write request response message to the enterprise information system; the first write request response message is used to indicate that the industrial identity write was successful. The method and the device are used for managing the active identification carriers in batches.

Description

Active identification carrier, management method thereof and service platform

Technical Field

The invention relates to the technical field of industry, in particular to an active identification carrier, a management method thereof and a service platform.

Background

The industrial internet identification analysis system is an important component of an industrial internet network architecture, is an infrastructure supporting interconnection and intercommunication of industrial internet networks, and is a core key for realizing data sharing and sharing of the industrial internet. The industrial internet identification code is an identity symbol which can uniquely identify physical resources such as machines and products and virtual resources such as algorithms and processes; the industrial internet identification analysis system is a system device which can inquire the network position of a target object or related information according to an industrial internet identification code, uniquely positions machines and articles and inquires information, and is a premise and basis for realizing accurate butt joint, product full-life-cycle management and intelligent service of a global supply chain system and an enterprise production system.

The industrial internet identification analysis system can store the information of the machine or the product through the identification carrier, thereby realizing the management of the corresponding machine or the product. At present, the management of information in the identification carrier is mainly realized in an independent management mode, and because the identification carrier included in an industrial internet identification analysis system comprises thousands of identification carriers, the information management operation depending on the mode is complex, and the batch management of the identification carriers cannot be realized.

Disclosure of Invention

The embodiment of the application provides an active identification carrier, a management method thereof and a service platform, which are used for realizing batch management of the active identification carrier.

In order to achieve the above purpose, the embodiment of the present application adopts the following technical solutions:

in a first aspect, an active identification carrier management method is provided, which is applied to an active identification carrier management system, where the active identification carrier management system includes an active identification carrier, an active identification carrier service platform, and an enterprise information system, and includes: the method comprises the steps that an active identification carrier service platform receives a first write-in request message sent by an enterprise information system; the first write request message comprises an industrial identification and an active identification carrier identification; the active identification carrier service platform sends a second write request message to the active identification carrier; the second write request message includes an industrial identification, and the active identification bearer corresponds to the active identification bearer identification.

In a second aspect, a method for managing an active identification carrier is provided, which is applied to an active identification carrier management system, where the active identification carrier management system includes an active identification carrier, an active identification carrier service platform, and an enterprise information system, and includes: the active identification carrier receives a second write request message sent by the active identification carrier service platform and stores a corresponding industrial identification; the second write request message includes an industrial identification; the active identification carrier returns a first write request response message to the enterprise information system; the first write request response message is used to indicate that the industrial identity write was successful.

In a third aspect, an active identity bearer service platform is provided, including: the receiving module is used for receiving a first write request message sent by an enterprise information system; the first write request message comprises an industrial identification and an active identification carrier identification; a sending module, configured to send a second write request message to the active identity bearer; the second write request message includes an industrial identification, and the active identification bearer corresponds to the active identification bearer identification.

In a fourth aspect, an active identification carrier is provided, comprising: the receiving module is used for receiving a second write-in request message sent by the active identification carrier service platform and storing a corresponding industrial identification; the second write request message includes an industrial identification; the sending module is used for returning a first write request response message to the enterprise information system; the first write request response message is used to indicate that the industrial identity write was successful.

In a fifth aspect, an active identity bearer service platform is provided, including: a memory, a processor, a bus, and a communication interface; the memory is used for storing computer execution instructions, and the processor is connected with the memory through a bus; when the active identity carrier service platform is running, the processor executes the computer execution instructions stored by the memory to cause the active identity carrier service platform to perform the active identity carrier management method as provided by the first aspect.

In a sixth aspect, a computer-readable storage medium is provided, which comprises computer-executable instructions, which, when executed on a computer, cause the computer to perform the method for active identity bearer management as provided in the first aspect.

In a seventh aspect, an active identification carrier is provided, including: a memory, a processor, a bus, and a communication interface; the memory is used for storing computer execution instructions, and the processor is connected with the memory through a bus; when the active identity carrier is running, the processor executes the computer-executable instructions stored by the memory to cause the active identity carrier to perform the active identity carrier management method as provided by the second aspect.

In an eighth aspect, a computer-readable storage medium is provided, which comprises computer-executable instructions, which, when executed on a computer, cause the computer to perform the method for active identified carrier management as provided in the second aspect.

The active identification carrier management method provided by the embodiment of the application is applied to an active identification carrier management system, the active identification carrier management system comprises an active identification carrier, an active identification carrier service platform and an enterprise information system, and the method comprises the following steps: the method comprises the steps that an active identification carrier service platform receives a first write-in request message sent by an enterprise information system; the first write request message comprises an industrial identification and an active identification carrier identification; the active identification carrier service platform sends a second write request message to the active identification carrier; the second write request message comprises an industrial identifier, and the active identifier carrier corresponds to the active identifier carrier identifier; the active identification carrier receives a second write request message sent by the active identification carrier service platform and stores a corresponding industrial identification; the active identification carrier returns a first write request response message to the enterprise information system; the first write request response message is used to indicate that the industrial identity write was successful. In the active identification carrier management method provided by the embodiment of the application, an industrial enterprise can request the stored industrial identification from the corresponding active identification carrier through an enterprise information system, and compared with the mode of realizing information management in the identification carrier by depending on a reader-writer at present, the embodiment of the application realizes the information management in the active identification carrier through the enterprise information system.

Drawings

In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present application, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.

Fig. 1 is a schematic diagram of an architecture of an active identity bearer management system according to an embodiment of the present application;

fig. 2 is a second schematic diagram of an architecture of an active identity bearer management system according to an embodiment of the present application;

fig. 3 is a schematic flowchart of an active identification carrier verification method according to an embodiment of the present application;

fig. 4 is a second schematic flowchart of an active identification carrier verification method according to an embodiment of the present application;

fig. 5 is a third schematic flowchart of an active identification carrier verification method according to an embodiment of the present application;

fig. 6 is a fourth schematic flowchart of an active identification carrier verification method according to an embodiment of the present application;

fig. 7 is a fifth flowchart illustrating an active identification carrier verification method according to an embodiment of the present application;

fig. 8 is a schematic flowchart of an active identification bearer management method according to an embodiment of the present application;

fig. 9 is a second schematic flowchart of an active identification bearer management method according to an embodiment of the present application;

fig. 10 is a third schematic flowchart of an active identification bearer management method according to an embodiment of the present application;

fig. 11 is a fourth schematic flowchart of an active identification bearer management method according to an embodiment of the present application;

fig. 12 is a schematic structural diagram of an active identification carrier service platform according to an embodiment of the present disclosure;

fig. 13 is a schematic structural diagram of an active identification carrier according to an embodiment of the present application;

fig. 14 is a schematic structural diagram of another active identification carrier service platform provided in an embodiment of the present application;

fig. 15 is a schematic structural diagram of another active identification carrier provided in an embodiment of the present application.

Detailed Description

The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.

It should be noted that in the embodiments of the present application, words such as "exemplary" or "for example" are used to indicate examples, illustrations or explanations. Any embodiment or design described herein as "exemplary" or "e.g.," is not necessarily to be construed as preferred or advantageous over other embodiments or designs. Rather, use of the word "exemplary" or "such as" is intended to present concepts related in a concrete fashion.

It should be noted that in the embodiments of the present application, "of", "corresponding" and "corresponding" may be sometimes used in combination, and it should be noted that the intended meaning is consistent when the difference is not emphasized.

For the convenience of clearly describing the technical solutions of the embodiments of the present application, in the embodiments of the present application, the terms "first", "second", and the like are used for distinguishing the same items or similar items with basically the same functions and actions, and those skilled in the art can understand that the terms "first", "second", and the like are not limited in number or execution order.

Some technical terms related to the embodiments of the present application are explained below.

Marking a carrier: refers to a label that carries an identifying coded resource. The identification carrier can be divided into an active identification carrier and a passive identification carrier according to whether the identification carrier can actively carry out communication interaction with identification data reading and writing equipment, an identification analysis service node, an identification data application platform and the like.

Active identification carrier: the device can be embedded in industrial equipment, bears industrial internet identification codes and necessary security certificates, algorithms and keys, has a networking communication function, and can initiatively initiate connection to an identification analysis service node or an identification data application platform and the like without being triggered by identification reading and writing equipment. The active identity carrier may be a Universal Integrated Circuit Card (UICC), a communication module, a Micro Controller Unit (MCU), or the like.

Passive identification carrier: the fingers are attached to the surface of an industrial device or product to be read by a face card reader. In the industrial internet, a passive identification carrier generally bears an industrial internet identification code, lacks remote network connection capability, and needs to rely on an identification reader-writer to initiate an identification analysis request to an identification analysis server. The passive identification carrier may be a one-dimensional barcode, a two-dimensional barcode, a Radio Frequency Identification (RFID) technology, Near Field Communication (NFC), and the like.

Industrial identification: generally attached to a label, trademark, nameplate or product, does not exist independently, but is embodied with the product. The industrial identification is generally reflected by different information attributes of products in production and circulation links, and the content of the industrial identification mainly comprises time, place, batch, image, bar code, number, character and the like.

Because the passive identification carrier needs to realize the management of the recorded information by the identification reader-writer, only the single reading-writing can be realized; the active identification carrier can realize remote batch management of the identification carrier, but the active identification carrier has a risk of being forged, so that the batch management of the active identification carrier also needs to ensure the safety of stored information. In order to implement the mass management of the identification carriers and ensure the security of the identification carriers, the embodiment of the application provides an active identification carrier authentication method, which implements identity authentication of the active identification carriers through an active identification carrier service platform and distributes identity certificates for the active identification carriers, thereby ensuring the security of the active identification carriers subsequently participating in the mass management.

As shown in fig. 1, an active identification bearer management system according to an embodiment of the present application includes an active identification bearer 01 and an active identification bearer service platform 02.

The active identification carrier 01 is used for storing relevant information of industrial products, such as industrial identifications of the industrial products and the like; the active identification carrier 01 is also used for communicating with the active identification carrier service platform 02 to realize the management of the stored information. The active identification carrier 01 can be a UICC, an MCU, a communication module, and the like.

The active identification carrier service platform 02 is used for communicating with an enterprise information system and realizing information management of the active identification carrier 01, such as addition and deletion of information stored in the active identification carrier 01; the active identification carrier service platform 02 is further configured to verify the identity of the active identification carrier 01. The active identity bearer service platform 02 may be one server in a server cluster (composed of a plurality of servers), a chip in the one server, a system on chip in the one server, or a Virtual Machine (VM) deployed on a physical machine.

It should be noted that, because the active identity bearer 01 is generally a component such as a UICC and does not have an independent communication capability, in practice, the active identity bearer 01 needs to be configured with a corresponding terminal, so that the active identity bearer 01 can communicate with the active identity bearer service platform 02 and the enterprise information system 03 through the terminal.

Optionally, as shown in fig. 2, the active identification bearer management system may further include an enterprise information system 03.

And the enterprise information system 03 is used for managing the information in the active identification carrier 01 through the active identification carrier service platform 02. The enterprise information system 03 here may be an application program deployed on a computer.

It should be noted that, the foregoing only exemplifies partial functions of the active identifier carrier 01, the active identifier carrier service platform 02 and the enterprise information system 03, and in practice, those skilled in the art may also configure other functions for the active identifier carrier 01, the active identifier carrier service platform 02 and the enterprise information system 03 according to needs, and details are not repeated here.

The embodiment of the application provides an active identification carrier authentication method, which is applied to the active identification carrier management system. As shown in fig. 3, the method includes:

s101, the active identification carrier sends a first request message to an active identification carrier service platform.

Wherein the first request message comprises an active identity bearer identity.

Specifically, when an industrial enterprise uses an active identification carrier to identify corresponding industrial product information, the active identification carrier needs to request a corresponding identity credential from an active identification carrier service platform to ensure uniqueness of the active identification carrier and avoid counterfeiting of the active identification carrier. The first request message is used for requesting the active identification carrier service platform to distribute the identity certificate for the active identification carrier so as to ensure the uniqueness and the security of the active identification carrier.

It should be noted that, because the active identification bearer generally includes components such as a UICC, an MCU, a communication module, and the like, and does not have a communication capability when existing alone, a corresponding terminal needs to be configured for the active identification bearer, so that the active identification bearer can be adapted to the corresponding terminal and communicate with the active identification bearer service platform through the corresponding terminal.

In some embodiments, since the active identity bearer may be a component such as a UICC, an MCU, a communication module, and the like, the active identity bearer identifier herein may also be different identifier information. For example, when the active identification carrier is a UICC, the corresponding active identification carrier identifier may be an Integrated Circuit Card Identification (ICCID); when the active identification carrier is a communication module, the corresponding active identification carrier identifier may be a unique identifier, such as TX0001, assigned by its manufacturer.

S102, the active identification carrier service platform receives a first request message sent by an active identification carrier.

S103, the active identification carrier service platform determines a target identity certificate according to the active identification carrier identification and the target algorithm.

Specifically, after receiving the first request message, the active identification bearer service platform may generate, according to the corresponding target algorithm, the target identity credential for the corresponding active identification bearer according to the active identification bearer identifier carried in the first request message.

In some embodiments, the target algorithm can be set by one skilled in the art as required; for example, the target Algorithm may be SM2 cryptographic Algorithm, Message Digest Algorithm (MD 5), and the like. According to different target algorithms, different identity certificates can be formulated for corresponding active identification carriers according to active identification carrier identifications, for example, according to the SM2 cryptographic algorithm, corresponding signature certificates can be formulated for the active identification carriers, and the signature certificates are used as identity certificates of the active identification carriers; and the corresponding key information can be formulated for the active identification carrier according to the MD5 algorithm, for example, and the key information is used as the identity credential of the active identification carrier. Of course, those skilled in the art may also formulate a corresponding identity credential for the active identity bearer according to other algorithms, which is not limited in this embodiment of the present application.

In some embodiments, the first request message may further include other related information of the active identification carrier, for example, information such as a key, a security certificate, and the like, which is made by a manufacturer of the active identification carrier. Here, the process of generating the target identity credential by the active identity bearer service platform according to the active identity bearer identifier, the key and other information carried in the first request message may refer to technical means used in the art, and is not described herein again.

S104, the active identification carrier service platform returns a first request response message to the active identification carrier.

Wherein the first request response message includes the target identity credential.

S105, the active identification carrier receives a first request response message sent by the active identification carrier service platform.

Specifically, after generating a corresponding target identity credential for the active identity carrier, the active identity carrier service platform may send the target identity credential to the active identity carrier through a first request response message; after receiving the first request response message, the active identification carrier can store the target identity certificate carried by the active identification carrier, so that the active identification carrier can establish mutual secure communication through the target identity certificate in subsequent communication with the active identification carrier service platform, and avoid the access of forged active identification carriers to the active identification carrier management system.

Optionally, the active identification carrier and the active identification carrier service platform both include corresponding keys (public keys and private keys), where the keys may be set by manufacturers of the active identification carrier and the active identification carrier service platform when the active identification carrier and the active identification carrier service platform leave a factory, and the active identification carrier service platform may be provided by the same manufacturer, so that the active identification carrier may preset a first public key of the active identification carrier service platform before leaving the factory, and the active identification carrier service platform may also preset a second public key of the active identification carrier before leaving the factory.

The first request response message may include information such as the target identity credential, the active identity bearer identifier, and a correspondence between the target identity credential and the active identity bearer identifier. The second public key of the active identification carrier is stored in the active identification carrier service platform, so that the active identification carrier service platform can encrypt the first request response message by using the second public key, sign the first request response message by using the first private key of the active identification carrier service platform, and further send the encrypted and signed first request response message to the active identification carrier.

The first public key of the active identification carrier service platform is stored in the active identification carrier, so that the active identification carrier can use the first public key to verify the signature of the first request response message after receiving the first request response message; after the signature verification of the first request response message by the active identification carrier is successful, the encrypted first request response message can be decrypted by using a second private key of the active identification carrier, so that information such as a target identity certificate, an active identification carrier identification, a corresponding relation between the target identity certificate and the active identification carrier identification, and the like carried by the first request response message is determined. Certainly, after the signature verification of the first request response message fails, the active identification carrier cannot acquire the corresponding identity credential, and at this time, the authentication process of the active identification carrier is ended.

It should be noted that, the first public key and the first private key are key information for actively identifying the carrier service platform, and the first public key corresponds to the first private key; similarly, the second public key and the second private key are key information of the active identification carrier, and the second public key corresponds to the second private key.

Optionally, the active identification carrier is used for identifying a product of an industrial enterprise, and the active identification carrier service platform may be provided by a manufacturer of the active identification carrier, so as to facilitate a corresponding industrial enterprise to use the active identification carrier, and therefore, the active identification carrier management system may further include an enterprise information system, so that the industrial enterprise manages the active identification carrier through the enterprise information system. Therefore, after the identity authentication of the active identity bearer is implemented through the above steps, as shown in fig. 4, the active identity bearer authentication method may further include:

s106, the active identification carrier sends a first request completion message to the enterprise information system.

Wherein the first request completion message is used for indicating that the active identity bearer authentication is completed.

Specifically, the first request completion message herein may include an active identification bearer identification corresponding to the active identification bearer, and a corresponding identity credential. After receiving the first request completion message, the enterprise information system can determine that the active identification carrier service platform distributes identity certificates for the active identification carriers; at this time, the enterprise information system can manage the corresponding active identification carrier through the active identification carrier service platform.

Optionally, before the active identification carrier service platform allocates the identity credential to the active identification carrier, the active identification carrier further needs to register with the active identification carrier service platform, so as to facilitate the active identification carrier to legally access the active identification carrier service platform, and enable the active identification carrier service platform to allocate the identity credential to the active identification carrier. Therefore, before step S101, as shown in fig. 5, the method further includes:

s201, the active identification carrier sends a first registration request message to an active identification carrier service platform.

Wherein the first registration request message includes an active identity bearer identity.

S202, the active identification carrier service platform receives a first registration request message sent by the active identification carrier.

S203, the active identification carrier service platform returns a first registration request response message to the active identification carrier.

Wherein the first registration request response message is used for indicating that the active identity carrier is registered completely.

S204, the active identification carrier receives a first registration request response message sent by the active identification carrier service platform.

Specifically, steps S201 to S204 are a procedure of registering the active identity bearer with the active identity bearer service platform, and the active identity bearer service platform may store the active identity bearer identifier carried in the first registration request message.

After the active identification carrier service platform stores the corresponding active identification carrier identifier, the identity identifier can be allocated to the corresponding active identification carrier. For example, when the active identification carrier service platform stores a first active identification carrier identifier, if the first active identification carrier requests the active identification carrier service platform for an identity credential through a first request message, the active identification carrier service platform may match the active identification carrier identifier carried in the first request message with the first active identification carrier identifier inside the first active identification carrier identifier; if the two are matched, the active identification carrier service platform can execute the active identification carrier authentication method provided by the embodiment, so as to distribute a corresponding identity certificate for the active identification carrier; if the two are not matched, the active identification carrier service platform can refuse to distribute the identity certificate for the active identification carrier.

Optionally, the first registration request response message may further include a first password. The first password may be an access password generated by the active identification bearer service platform, and is used for enabling the active identification bearer to legally access the active identification bearer service platform. The first password is generated by the active identification carrier service platform, so that the active identification carrier service platform stores the first password, and meanwhile, the active identification carrier can also store the first password through the first registration request response message. Therefore, when the subsequent active identification carrier communicates with the active identification carrier service platform, the active identification carrier can legally access the active identification carrier service platform through the first password.

Further, as shown in fig. 6, before step S103, the active identity bearer service platform may further perform the following steps:

s102, determining that the first password is matched with the second password 102A.

Specifically, the second password is the first password generated by the active identity bearer service platform. After receiving the first request message, the active identifier carrier service platform may match a first password carried in the first request message with a second password stored in the active identifier carrier service platform, and if the first password is matched with the second password, the active identifier carrier service platform performs step S103; if the first password is not matched with the second password, the active identification carrier service platform refuses the access of the active identification carrier, and at this time, the active identification carrier authentication method provided by the embodiment of the application can be ended.

It should be noted that the first password here may be set as required by a person skilled in the art, for example, when the active identification carrier is a UICC, the first password here may be a Personal Identification Number (PIN). Of course, the first password may be other password information commonly used in the art, and will not be described herein.

In some embodiments, before step S101, the method may further include:

s100a, the active identification carrier sends a first access request message to the active identification carrier service platform.

Wherein the first access request message includes a first password.

And S100b, if the active identification carrier service platform determines that the first password is matched with the second password, returning a first access request response message to the active identification carrier.

The first access request response message is used for indicating that the access of the active identification carrier is successful.

Specifically, the active carrier may also access the active carrier service platform through steps S100a-S100b before requesting the identity credential from the active carrier service platform. At this time, the active identification carrier service platform matches the first password carried by the first access request message with the second password stored by the active identification carrier service platform, if the first password and the second password are matched, the active identification carrier service platform returns a first access request response message to the active identification carrier, and the active identification carrier continues to execute the step S101; if the two are not matched, the active identification carrier service platform returns a first access request rejection message to the active identification carrier, which is used for indicating the active identification carrier service platform to reject the access of the active identification carrier, and at this moment, the embodiment of the application is finished.

In some embodiments, the active identity bearer may further obtain the first password through the first message, and at this time, the first registration request response message does not include the first password any more. At this time, as shown in fig. 7, after step S202, the registration process of the active identity bearer may further include:

S202A, the active identity bearer service platform sends a first message to the active identity bearer.

Wherein the first message includes a first password.

S202B, the active identity bearer returns a first response message to the active identity bearer service platform.

Wherein the first response message is used for indicating that the active identification carrier stores the first password.

Specifically, after the active identification carrier sends a first registration request message to the active identification carrier service platform, the active identification carrier service platform can return a first password to the active identification carrier through the first message, so that a subsequent active identification carrier is legally accessed to the active identification carrier service platform; after the active identification carrier stores the first password, the active identification carrier service platform may be notified through the first response message that the active identification carrier stores the first password. At this time, the active identity bearer service platform may perform step S202.

In some embodiments, the active identity bearer may obtain the first public key through the first registration request response message, and the active identity bearer service platform may obtain the second public key through the first registration request message. At this time, the first public key does not need to be stored in the active identification carrier in a factory preset manner, and the second public key does not need to be stored in the active identification carrier service platform in a factory preset manner. Of course, the above-mentioned manner of presetting and obtaining the public key of the opposite end (active identity carrier or active identity carrier service platform) through the registration process is only exemplary, and those skilled in the art may also obtain corresponding public key information through other signaling messages therebetween, which is not limited in the embodiment of the present application.

The above embodiment provides a process in which the active identification carrier applies for the identity credential from the active identification carrier service platform, and after the active identification carrier obtains the corresponding identity credential, the industrial enterprise can manage the active identification carrier through the enterprise information system, for example, write the industrial identifier into the active identification carrier, or delete the industrial identifier from the active identification carrier.

The embodiment of the application provides an active identification carrier management method, which comprises a writing method and a deleting method of an active identification carrier. As shown in fig. 8, the writing method of the active identification carrier includes:

s301, the enterprise information system sends a first writing request message to the active identification carrier service platform.

Wherein the first write request message comprises an industrial identity and an active identity bearer identity.

S302, the active identification carrier service platform receives a first write request message sent by the enterprise information system.

Specifically, after the active identification carrier service platform allocates the identity credential to the active identification carrier, the enterprise information system may send a first write request message to the active identification carrier service platform, so as to write corresponding identification information, such as an industrial identification, into the active identification carrier.

The active identification carrier service platform stores relevant information of the active identification carrier when the active identification carrier applies for the identity certificate, such as the active identification carrier identification, the relationship between the active identification carrier identification and the active identification carrier, and the like. Therefore, after receiving the first write request message, the active identification bearer service platform may determine the corresponding active identification bearer according to the active identification bearer identifier carried by the active identification bearer service platform.

S303, the active identification carrier service platform sends a second writing request message to the active identification carrier.

Wherein the second write request message comprises an industry identity, where the active identity bearer corresponds to the active identity bearer identity.

Specifically, the active identifier bearer service platform may encrypt the second write request message using the second public key, sign the second write request message using the first private key of the active identifier bearer service platform, and send the encrypted and signed second write request message to the active identifier bearer.

S304, the active identification carrier receives a second writing request message sent by the active identification carrier service platform, and stores the corresponding industrial identification.

S305, the active identification carrier returns a first write request response message to the enterprise information system.

Wherein the first write request response message is used for indicating that the writing of the industrial identifier is successful.

Specifically, since the active identifier carrier stores the first public key of the active identifier carrier service platform, after receiving the second write request message, the active identifier carrier can verify the signature of the second write request message by using the first public key; after the signature verification of the second write request message by the active identification carrier is successful, the encrypted second write request message can be decrypted by using a second private key of the active identification carrier, so that the industrial identification carried by the second write request message is determined and stored.

After the active identification carrier stores the corresponding industrial identification, a first write request response message can be returned to the enterprise information system to indicate that the active identification carrier successfully stores the corresponding industrial identification.

It should be noted that the second write request message may further include a second password, and after receiving the second write request message, the active identification bearer may match the second password carried by the active identification bearer with the first password stored in the active identification bearer. If the two are matched, the active identification carrier may execute step S304, thereby storing the industrial identification; if the two are not matched, the active identification carrier can refuse to store the industrial identification carried in the second write request message, and returns a second write request refuse message to the active identification carrier service platform to indicate that the active identification carrier refuses to store the industrial identification. Of course, the second password may also be sent to the active identity bearer by the active identity bearer service platform through other signaling messages, and the specific process may refer to the above steps S202A-S202B, which is not described herein again.

In some embodiments, as shown in fig. 9, before step S301, the method further includes:

s401, the enterprise information system sends a second registration request message to the active identification carrier service platform.

Wherein the second registration request message includes an identification of the enterprise information system.

S402, the active identification carrier service platform receives a second registration request message sent by the enterprise information system.

And S403, the active identification carrier service platform returns a second registration request response message to the enterprise information system.

Wherein the second registration request response message is used to indicate that the enterprise information system is registered.

S404, the enterprise information system receives a second registration request response message sent by the active identification carrier service platform.

Specifically, the registration process of the enterprise information system may refer to the registration process of the active identity carrier in steps S201 to S204, and the active identity carrier may be managed by the active identity carrier service platform after the registration is completed.

After the active identification carrier service platform stores the identification of the enterprise information system according to the registration process of the enterprise information system, the corresponding enterprise information system can manage the active identification carrier for distributing the identity certificate through the active identification carrier service platform. For example, when the enterprise information system sends a first write request message to the active identity carrier service platform, the first write request message may include an identity of the enterprise information system; when the active identification carrier service platform can inquire the identification of the enterprise information system carried by the first write request message, the active identification carrier management service can be provided for the enterprise information system; otherwise, the active identification carrier service platform refuses to provide the active identification carrier management service for the enterprise information system.

Optionally, the second registration request response message may further include a third password. The third password may be an access password generated by the active identification carrier service platform, and is used for enabling the enterprise information system to legally access the active identification carrier service platform. The third password is generated by the active identification carrier service platform, so that the active identification carrier service platform stores the third password, and meanwhile, the enterprise information system can also store the third password through the second registration request response message. Therefore, when the subsequent enterprise information system is communicated with the active identification carrier service platform, the enterprise information system can legally access the active identification carrier service platform through the third password.

Further, before step S303, the active identity bearer service platform may further perform the following steps:

and S302A, determining that the third password and the fourth password are matched.

Specifically, the fourth password may be generated by the active identification carrier service platform, that is, the third password stored in the active identification carrier service platform is referred to as the fourth password. When the third password is matched with the fourth password, the enterprise information system can legally access the active identification carrier service platform, and then step S303 is executed; and if the third password is not matched with the fourth password, the active identification carrier service platform refuses to provide service for the enterprise information system, and the active identification carrier management process is ended.

Here, the fourth password may be the same as or different from the second password.

In some embodiments, before step S301, the method may further include:

and S300a, the enterprise information system sends a second access request message to the active identification carrier service platform.

Wherein the second access request message includes a third password.

And S300b, the active identification carrier service platform receives the second access request message, and if the third password is determined to be matched with the fourth password, the second access request response message is returned to the enterprise information system.

And the second access request response message is used for indicating that the access of the enterprise information system is successful.

Specifically, the enterprise information system herein may also access the active identity carrier service platform through steps S300a-S300b before requesting the industrial identity from the active identity carrier service platform. At this time, the active identification carrier service platform matches a third password carried by the second access request message with a fourth password stored by the active identification carrier service platform, if the third password and the fourth password are matched, the active identification carrier service platform returns a second access request response message to the enterprise information system, and the enterprise information system continues to execute step S301; if the two are not matched, the active identification carrier service platform returns a second access request rejection message to the enterprise information system, which is used for indicating the active identification carrier service platform to reject the access of the enterprise information system, and at this moment, the embodiment of the application is finished.

In some embodiments, the enterprise information system may further obtain the third password through the second message, and at this time, the third password is no longer included in the second registration request response message. At this time, as shown in fig. 10, after step S402, the registration process of the enterprise information system may further include:

S402A, the active carrier service platform sends a second message to the enterprise information system.

Wherein the second message includes a third password.

S402B, the enterprise information system returns a second response message to the active carrier service platform.

Wherein the second response message is to indicate that the enterprise information system has stored the third password.

Specifically, the steps S402A-S402B may refer to the above steps S202A-S202B, and are not described herein again.

The active identification carrier writing method provided by the embodiment of the application can verify an enterprise information system through an active identification carrier service platform, so that the enterprise information system passing the verification manages the active identification carriers to which identity certificates are distributed, not only can the counterfeiting of the active identification carriers by illegal users be avoided, but also the batch management of the active identification carriers can be realized through the enterprise information system (for example, if a writing request message sent to the active identification carrier service platform by the enterprise information system can include a plurality of active identification carrier identifications and industrial identifications corresponding to the active identification carrier identifications, the active identification carrier service platform can write corresponding industrial identifications into the active identification carriers corresponding to the active identification carrier identifications at the same time).

As shown in fig. 11, an embodiment of the present application further provides an active identification bearer deleting method, including:

s501, the enterprise information system sends a deletion request message to the active identification carrier service platform.

The deletion request message includes an industrial identifier and an active identifier carrier identifier corresponding to the industrial identifier, and is used for requesting to delete the industrial identifier in the corresponding active identifier carrier.

Specifically, when an industrial enterprise needs to delete related information in the active identification carrier, a corresponding deletion request message may be sent to the active identification carrier service platform through the enterprise information system. The enterprise information system deletes the industrial identification in the active identification carrier through the active identification carrier service platform, can verify the enterprise information system, and ensures the safety of the active identification carrier management system.

It should be noted that, the active identification carrier herein already stores the corresponding industrial identification, that is, the enterprise information system has written the corresponding information, such as the industrial identification, into the corresponding active identification carrier by the above-mentioned active identification carrier writing method. Because the enterprise information system can actually be an application program in a computer, the enterprise information system can store information of an active identification carrier which has finished information entry, such as an active identification carrier identifier, and further delete information of a corresponding active identification carrier according to the active identification carrier identifier; if the active identification carrier only completes the application of the identity certificate and does not write the information of the enterprise information system, the enterprise information system cannot delete the information of the active identification carrier.

S502, the active identification carrier service platform receives the deletion request message and sends a first indication message to the active identification carrier.

The first indication message comprises an industrial identifier and is used for indicating the active identification carrier to delete the corresponding industrial identifier.

Specifically, the second public key of the active identification carrier is stored in the active identification carrier service platform, so that the active identification carrier service platform can encrypt the first indication message by using the second public key, sign the first indication message by using the first private key of the active identification carrier service platform, and then send the encrypted and signed first indication message to the active identification carrier.

S503, the active identification carrier receives the first indication message sent by the active identification carrier service platform, and deletes the corresponding industrial identification.

Specifically, since the first public key of the active identifier service platform is stored in the active identifier carrier, after receiving the first indication message, the active identifier carrier can use the first public key to verify the signature of the first indication message; after the signature verification of the first indication message by the active identification carrier is successful, the encrypted first indication message can be decrypted by using a second private key of the active identification carrier, the industrial identification to be deleted is determined, and then the industrial identification stored in the active identification carrier is deleted.

It should be noted that the industrial identifier is merely an example, and in practice, the enterprise information system may also delete other information in the active identifier carrier, which is not limited in this embodiment of the present application. However, it should be noted that, when the information deleted by the enterprise information system is different, the deletion request message may include different fields, for example, when the first field is included, the deletion request message is used to delete the industrial identifier; and when the second field is included, the deletion request message is used for deleting information of a manufacturer and the like.

S504, the active identification carrier returns a first indication response message to the active identification carrier service platform.

Wherein the first indication response message comprises an active identification bearer identification for indicating that the active identification bearer has deleted the corresponding industrial identification.

Specifically, the active identification carriers can be managed in batch by the enterprise information system, so that the enterprise information system can delete the industrial identifications in the active identification carriers through the active identification carrier service platform at the same time, and the active identification carriers carry the active identification carrier identifications when returning the first indication response message to the active identification carrier service platform, so as to determine the active identification carriers which have successfully deleted the industrial identifications.

And S505, the active identification carrier service platform receives the first indication response message and deletes the first information according to the active identification carrier identification.

The first information comprises an active identification carrier identification and an identity certificate corresponding to the active identification carrier identification.

Specifically, the active identification carrier service platform determines an active identification carrier from which the industrial identification has been successfully deleted according to the active identification carrier identification carried by the first indication response message, and deletes first information stored inside the active identification carrier service platform and related to the active identification carrier identification. The first information includes identity credentials corresponding to the active identification carrier identifier, a second password, and other information.

S506, the active identification carrier service platform returns a deletion request response message to the enterprise information system.

Wherein the deletion request response message is used for indicating that the active identification carrier deletes the corresponding industrial identification.

Specifically, after deleting first information related to the active identification carrier identifier stored inside the active identification carrier service platform, a deletion request response message can be returned to the enterprise information system; certainly, in the step S503, if the active identifier carrier fails to decrypt the first indication message, the corresponding industrial identifier cannot be deleted, and at this time, the active identifier carrier may return a first indication direction rejection message to the active identifier carrier service platform to indicate that the corresponding industrial identifier is failed to be deleted; meanwhile, the active identification carrier service platform can return a deletion request rejection message to the enterprise information system to indicate that the deletion of the industrial identification fails.

Optionally, the deletion request message further includes a third password, and after the active identity bearer service platform receives the deletion request message, the method further includes:

determining that the third password and the fourth password match.

Specifically, when the third password is matched with the fourth password, the enterprise information system can legally access the active identification carrier service platform, and further sends a first indication message to the active identification carrier; and if the third password is not matched with the fourth password, the active identification carrier service platform refuses to provide service for the enterprise information system, and the active identification carrier management process is ended.

In some embodiments, before step S501, the enterprise information system also includes an access procedure, which may refer to steps S300a-S300b described above, and is not described herein again.

It should be noted that, the embodiment of the present application provides an active identification carrier authentication method and an active identification carrier management method, before an enterprise information system manages an active identification carrier, an active identification carrier service platform needs to allocate an identity credential to the active identification carrier, and then the enterprise information system writes related information into the active identification carrier and deletes information stored in the active identification carrier.

The active identification carrier management method provided by the embodiment of the application is applied to an active identification carrier management system, the active identification carrier management system comprises an active identification carrier, an active identification carrier service platform and an enterprise information system, and the method comprises the following steps: the method comprises the steps that an active identification carrier service platform receives a first write-in request message sent by an enterprise information system; the first write request message comprises an industrial identification and an active identification carrier identification; the active identification carrier service platform sends a second write request message to the active identification carrier; the second write request message comprises an industrial identifier, and the active identifier carrier corresponds to the active identifier carrier identifier; the active identification carrier receives a second write request message sent by the active identification carrier service platform and stores a corresponding industrial identification; the active identification carrier returns a first write request response message to the enterprise information system; the first write request response message is used to indicate that the industrial identity write was successful. In the active identification carrier management method provided by the embodiment of the application, an industrial enterprise can request the stored industrial identification from the corresponding active identification carrier through an enterprise information system, and compared with the mode of realizing information management in the identification carrier by depending on a reader-writer at present, the embodiment of the application realizes the information management in the active identification carrier through the enterprise information system. Meanwhile, the enterprise information system and the active identification carrier are communicated through the active identification carrier service platform, and the active identification carrier service platform verifies the identities of the enterprise information system and the active identification carrier, so that the safety of communication between the enterprise information system and the active identification carrier is ensured.

As shown in fig. 12, an active identification bearer service platform 60 according to an embodiment of the present application includes:

a receiving module 601, configured to receive a first write request message sent by an enterprise information system; the first write request message includes an industrial identity and an active identity bearer identity.

A sending module 602, configured to send a second write request message to the active identity bearer; the second write request message includes an industrial identification, and the active identification bearer corresponds to the active identification bearer identification.

Optionally, the first write request message further includes a third password; the active identification carrier service platform 60 further comprises a storage module 603 and a processing module 604.

The storage module 603 is configured to store the fourth password.

A processing module 604 for determining that the third password and the fourth password match.

Optionally, in another implementation, the active identification bearer service platform 60 further includes a storage module 603 and a processing module 604.

The storage module 603 is configured to store the fourth password.

A receiving module 601, configured to receive a second access request message; the second access request message includes a third password.

The sending module 602 is further configured to return a second access request response message to the enterprise information system when the processing module 604 determines that the third password matches the fourth password; the second access request response message is used for indicating that the access of the enterprise information system is successful.

Optionally, the receiving module 601 is further configured to receive a deletion request message, and send a first indication message to the active identity bearer; the deletion request message comprises an industrial identifier and an active identifier carrier identifier corresponding to the industrial identifier, and the first indication message comprises the industrial identifier.

A receiving module 601, configured to receive a first indication response message; the first indication response message comprises an active identity bearer identity.

The processing module 604 is further configured to delete the first information according to the active identification bearer identifier; the first information comprises an active identification carrier identifier and an identity certificate corresponding to the active identification carrier identifier.

The sending module 602 is further configured to return a deletion request response message to the enterprise information system; the delete request response message is used to indicate that the active identity bearer has deleted the corresponding industrial identity.

As shown in fig. 13, the present embodiment also provides an active identification carrier 70, including:

a receiving module 701, configured to receive a second write request message sent by the active identifier carrier service platform, and store a corresponding industrial identifier; the second write request message includes an industry identification.

A sending module 702, configured to return a first write request response message to the enterprise information system; the first write request response message is used to indicate that the industrial identity write was successful.

Optionally, the active identification carrier 70 further comprises a processing module 703.

The receiving module 701 is further configured to receive a first indication message sent by the active identity bearer service platform; the first indication message includes an industrial identification.

The processing module 703 is further configured to delete the corresponding industrial identifier.

A sending module 702, configured to return a first indication response message to the active identity bearer service platform; the first indication response message is used for indicating that the active identification carrier deletes the corresponding industrial identification.

It should be noted that, the foregoing only shows partial functions of the active identification carrier service platform and each module in the active identification carrier, and in practice, the active identification carrier service platform and each module in the active identification carrier may also execute the corresponding method in the foregoing method embodiments.

In the embodiment of the application, an active identification carrier service platform receives a first write request message sent by an enterprise information system; the first write request message comprises an industrial identification and an active identification carrier identification; the active identification carrier service platform sends a second write request message to the active identification carrier; the second write request message comprises an industrial identifier, and the active identifier carrier corresponds to the active identifier carrier identifier; the active identification carrier receives a second write request message sent by the active identification carrier service platform and stores a corresponding industrial identification; the active identification carrier returns a first write request response message to the enterprise information system; the first write request response message is used to indicate that the industrial identity write was successful. In the embodiment of the application, an industrial enterprise can request the stored industrial identification from the corresponding active identification carrier through the enterprise information system, and compared with the mode of realizing information management in the identification carrier by depending on a reader-writer at present, the embodiment of the application realizes the information management in the active identification carrier through the enterprise information system, and because the enterprise information system can communicate with the corresponding identification carrier according to the identification of the identification carrier, the enterprise information system can not only realize the independent management of the active identification carrier, but also realize the management of batched active identification carriers according to batched active identification carrier identifications. Meanwhile, the enterprise information system and the active identification carrier are communicated through the active identification carrier service platform, and the active identification carrier service platform verifies the identities of the enterprise information system and the active identification carrier, so that the safety of communication between the enterprise information system and the active identification carrier is ensured.

As shown in fig. 14, the embodiment of the present application further provides another active identification carrier service platform, which includes a memory 81, a processor 82, a bus 83, and a communication interface 84; the memory 81 is used for storing computer execution instructions, and the processor 82 is connected with the memory 81 through a bus 83; when the active identification carrier service platform is running, the processor 82 executes the computer-executable instructions stored by the memory 81 to cause the active identification carrier service platform to perform the active identification carrier authentication method provided in the above-described embodiment.

In particular implementations, processor 82(82-1 and 82-2) may include one or more CPUs, such as CPU0 and CPU1 shown in FIG. 14, for example, as one embodiment. And as an example, the active identification carrier service platform may include a plurality of processors 82, such as processor 82-1 and processor 82-2 shown in fig. 14. Each of the processors 82 may be a single-Core Processor (CPU) or a multi-Core Processor (CPU). Processor 82 herein may refer to one or more devices, circuits, and/or processing cores for processing data (e.g., computer program instructions).

The memory 81 may be, but is not limited to, a read-only memory 81 (ROM) or other type of static storage device that can store static information and instructions, a Random Access Memory (RAM) or other type of dynamic storage device that can store information and instructions, an electrically erasable programmable read-only memory (EEPROM), a compact disc read-only memory (CD-ROM) or other optical disc storage, optical disc storage (including compact disc, laser disc, optical disc, digital versatile disc, blu-ray disc, etc.), magnetic disk storage media or other magnetic storage devices, or any other medium that can be used to carry or store desired program code in the form of instructions or data structures and that can be accessed by a computer. The memory 81 may be self-contained and coupled to the processor 82 via a bus 83. The memory 81 may also be integrated with the processor 82.

In a specific implementation, the memory 81 is used for storing data in the present application and computer-executable instructions corresponding to software programs for executing the present application. The processor 82 may actively identify various functions of the carrier service platform by running or executing software programs stored in the memory 81 and invoking data stored in the memory 81.

The communication interface 84 is any device, such as a transceiver, for communicating with other devices or communication networks, such as a control system, a Radio Access Network (RAN), a Wireless Local Area Network (WLAN), and the like. The communication interface 84 may include a receiving unit to implement the receiving function and a transmitting unit to implement the transmitting function.

The bus 83 may be an Industry Standard Architecture (ISA) bus, a Peripheral Component Interconnect (PCI) bus, an extended ISA (enhanced industry standard architecture) bus, or the like. The bus 83 may be divided into an address bus, a data bus, a control bus, etc. For ease of illustration, only one thick line is shown in FIG. 14, but this is not intended to represent only one bus or type of bus.

The embodiment of the present application further provides a computer-readable storage medium, where the computer-readable storage medium includes computer-executable instructions, and when the computer-executable instructions are executed on a computer, the computer is enabled to execute the active identification carrier management method provided in the foregoing embodiment.

The embodiment of the present application further provides a computer program, where the computer program may be directly loaded into the memory and contains a software code, and the computer program is loaded and executed by a computer, so as to implement the active identification carrier management method provided by the foregoing embodiment.

As shown in fig. 15, the present embodiment further provides another active identification carrier, which includes a memory 91, a processor 92, a bus 92, and a communication interface 94; the memory 91 is used for storing computer execution instructions, and the processor 92 is connected with the memory 91 through a bus 92; when the active identification bearer is running, the processor 92 executes computer-executable instructions stored by the memory 91 to cause the active identification bearer to perform the active identification bearer authentication method as provided in the above embodiments.

In particular implementations, processor 92(92-1 and 92-2) may include one or more CPUs, such as CPU0 and CPU1 shown in FIG. 15, for example, as one embodiment. And as an example, the active identification carrier may include a plurality of processors 92, such as processor 92-1 and processor 92-2 shown in fig. 15. Each of the processors 92 may be a single-Core Processor (CPU) or a multi-Core Processor (CPU). Processor 92 may refer herein to one or more devices, circuits, and/or processing cores that process data (e.g., computer program instructions).

The memory 91 may be a read-only memory 91 (ROM) or other type of static storage device that can store static information and instructions, a Random Access Memory (RAM) or other type of dynamic storage device that can store information and instructions, an electrically erasable programmable read-only memory (EEPROM), a compact disc read-only memory (CD-ROM) or other optical disc storage, optical disc storage (including compact disc, laser disc, optical disc, digital versatile disc, blu-ray disc, etc.), magnetic disk storage media or other magnetic storage devices, or any other medium that can be used to carry or store desired program code in the form of instructions or data structures and that can be accessed by a computer, but is not limited to these. The memory 91 may be separate and coupled to the processor 92 via a bus 92. The memory 91 may also be integrated with the processor 92.

In a specific implementation, the memory 91 is used for storing data in the present application and computer-executable instructions corresponding to software programs for executing the present application. The processor 92 may actively identify the various functions of the carrier by running or executing software programs stored in the memory 91 and calling up data stored in the memory 91.

The communication interface 94, which may be any transceiver or the like, is used for communicating with other devices or communication networks, such as a control system, a Radio Access Network (RAN), a Wireless Local Area Network (WLAN), and the like. The communication interface 94A may include a receiving unit implementing a receiving function and a transmitting unit implementing a transmitting function.

The bus 92 may be an Industry Standard Architecture (ISA) bus, a Peripheral Component Interconnect (PCI) bus, an extended ISA (enhanced industry standard architecture) bus, or the like. The bus 92 may be divided into an address bus, a data bus, a control bus, etc. For ease of illustration, only one thick line is shown in FIG. 15, but this is not intended to represent only one bus or type of bus.

Those skilled in the art will recognize that in one or more of the examples described above, the functions described herein may be implemented in hardware, software, firmware, or any combination thereof. When implemented in software, the functions may be stored on or transmitted over as one or more instructions or code on a computer-readable medium. Computer-readable media includes both computer storage media and communication media including any medium that facilitates transfer of a computer program from one place to another. A storage media may be any available media that can be accessed by a general purpose or special purpose computer.

Through the above description of the embodiments, it is clear to those skilled in the art that, for convenience and simplicity of description, the foregoing division of the functional modules is merely used as an example, and in practical applications, the above function distribution may be completed by different functional modules according to needs, that is, the internal structure of the device may be divided into different functional modules to complete all or part of the above described functions.

In the several embodiments provided in the present application, it should be understood that the disclosed apparatus and method may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the modules or units is only one logical function division, and there may be other division ways in actual implementation. For example, various elements or components may be combined or may be integrated into another device, or some features may be omitted, or not implemented. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form. Units described as separate parts may or may not be physically separate, and parts displayed as units may be one physical unit or a plurality of physical units, may be located in one place, or may be distributed to a plurality of different places. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.

In addition, functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit. The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a readable storage medium. Based on such understanding, the technical solutions of the embodiments of the present application may be essentially or partially contributed to by the prior art, or all or part of the technical solutions may be embodied in the form of a software product, where the software product is stored in a storage medium and includes several instructions to enable a device (which may be a single chip, a chip, or the like) or a processor (processor) to execute all or part of the steps of the methods described in the embodiments of the present application. And the aforementioned storage medium includes: various media capable of storing program codes, such as a U disk, a removable hard disk, a ROM, a RAM, a magnetic disk, or an optical disk.

The above description is only for the specific embodiments of the present application, but the scope of the present application is not limited thereto, and any changes or substitutions that can be easily conceived by those skilled in the art within the technical scope of the present application should be covered within the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.

Claims

1. An active identification carrier management method is characterized in that the method is applied to an active identification carrier management system, and the active identification carrier management system comprises an active identification carrier, an active identification carrier service platform and an enterprise information system; the method comprises the following steps:

the active identification carrier service platform receives a first write request message sent by the enterprise information system; the first write request message comprises an industrial identifier and an active identifier carrier identifier;

the active identification carrier service platform sends a second writing request message to the active identification carrier; the second write request message includes an industrial identification, and the active identification bearer corresponds to the active identification bearer identification.

2. The active identity bearer management method of claim 1, wherein the first write request message further comprises a third password, and the active identity bearer service platform comprises a fourth password; before the active identity bearer service platform sends the second write request message to the active identity bearer, the method further includes:

determining that the third password and the fourth password match.

3. The active identification bearer management method of claim 1, wherein the active identification bearer service platform comprises a fourth password; before the active identification carrier service platform receives the first write request message sent by the enterprise information system, the method further includes:

the active identification carrier service platform receives a second access request message; the second access request message comprises a third password;

if the third password is determined to be matched with the fourth password, returning a second access request response message to the enterprise information system; the second access request response message is used for indicating that the access of the enterprise information system is successful.

4. The active identity bearer management method according to claim 2 or 3, wherein the method further comprises:

the active identification carrier service platform receives the deletion request message and sends a first indication message to the active identification carrier; the deletion request message comprises an industrial identifier and an active identifier carrier identifier corresponding to the industrial identifier, and the first indication message comprises the industrial identifier;

the active identification carrier service platform receives a first indication response message; the first indication response message comprises the active identity carrier identity;

deleting the first information according to the active identification carrier identification; the first information comprises an active identification carrier identifier and an identity certificate corresponding to the active identification carrier identifier;

the active identification carrier service platform returns a deletion request response message to the enterprise information system; the deletion request response message is used for indicating that the active identification carrier deletes the corresponding industrial identification.

5. An active identification carrier management method is characterized in that the method is applied to an active identification carrier management system, and the active identification carrier management system comprises an active identification carrier, an active identification carrier service platform and an enterprise information system; the method comprises the following steps:

the active identification carrier receives a second write request message sent by the active identification carrier service platform and stores a corresponding industrial identification; the second write request message includes an industrial identification;

the active identification carrier returns a first write request response message to the enterprise information system; the first write request response message is used for indicating that the industrial identification is successfully written.

6. The active identification bearer management method of claim 5, wherein the method further comprises:

the active identification carrier receives a first indication message sent by the active identification carrier service platform; the first indication message comprises the industrial identification;

the active identification carrier deletes the corresponding industrial identification;

the active identification carrier returns a first indication response message to the active identification carrier service platform; the first indication response message is used for indicating that the active identification carrier deletes the corresponding industrial identification.

7. An active identification carrier service platform, comprising:

the receiving module is used for receiving a first write request message sent by an enterprise information system; the first write request message comprises an industrial identifier and an active identifier carrier identifier;

a sending module, configured to send a second write request message to the active identity bearer; the second write request message includes an industrial identification, and the active identification bearer corresponds to the active identification bearer identification.

8. The active identification carrier service platform of claim 7, wherein the first write request message further comprises a third password; the active identification carrier service platform also comprises a storage module and a processing module;

the storage module is used for storing a fourth password;

and the processing module is used for determining that the third password is matched with the fourth password.

9. The active identification carrier service platform of claim 7, further comprising a storage module and a processing module;

the storage module is used for storing a fourth password;

the receiving module is further configured to receive a second access request message; the second access request message comprises a third password;

the sending module is further configured to return a second access request response message to the enterprise information system when the processing module determines that the third password matches the fourth password; the second access request response message is used for indicating that the access of the enterprise information system is successful.

10. The active identity bearer service platform according to claim 8 or 9, wherein the receiving module is further configured to receive a deletion request message and send a first indication message to the active identity bearer; the deletion request message comprises an industrial identifier and an active identifier carrier identifier corresponding to the industrial identifier, and the first indication message comprises the industrial identifier;

the receiving module is further configured to receive a first indication response message; the first indication response message comprises the active identity carrier identity;

the processing module is further configured to delete the first information according to the active identification carrier identifier; the first information comprises an active identification carrier identifier and an identity certificate corresponding to the active identification carrier identifier;

the sending module is further configured to return a deletion request response message to the enterprise information system; the deletion request response message is used for indicating that the active identification carrier deletes the corresponding industrial identification.

11. An active identification carrier, comprising:

the receiving module is used for receiving a second write-in request message sent by the active identification carrier service platform and storing a corresponding industrial identification; the second write request message includes an industrial identification;

the sending module is used for returning a first write request response message to the enterprise information system; the first write request response message is used for indicating that the industrial identification is successfully written.

12. The active identification carrier of claim 11 further comprising a processing module;

the receiving module is further configured to receive a first indication message sent by the active identity bearer service platform; the first indication message comprises the industrial identification;

the processing module is further configured to delete the corresponding industrial identifier;

the sending module is further configured to return a first indication response message to the active identity bearer service platform; the first indication response message is used for indicating that the active identification carrier deletes the corresponding industrial identification.

13. An active identification carrier service platform is characterized by comprising a memory, a processor, a bus and a communication interface; the memory is used for storing computer execution instructions, and the processor is connected with the memory through the bus; the computer-executable instructions stored by the memory are executed by the processor when the active identification carrier service platform is running to cause the active identification carrier service platform to perform the active identification carrier management method of any of claims 1-4.

14. A computer-readable storage medium, comprising computer-executable instructions, which, when executed on a computer, cause the computer to perform the method of active identification bearer management according to any one of claims 1-4.