US 11,784,788 B2
Identity management method, device, communications network, and storage medium
Yizhen Wu, Shanghai (CN); Yada Huang, Shanghai (CN); and He Guan, Shanghai (CN)
Assigned to Huawei Technologies Co., Ltd., Shenzhen (CN)
Filed by HUAWEI TECHNOLOGIES CO., LTD., Guangdong (CN)
Filed on Sep. 1, 2020, as Appl. No. 17/9,145.
Application 17/009,145 is a continuation of application No. PCT/CN2019/079784, filed on Mar. 27, 2019.
Claims priority of application No. 201810259814.5 (CN), filed on Mar. 27, 2018.
Prior Publication US 2020/0396060 A1, Dec. 17, 2020
Int. Cl. H04L 9/06 (2006.01); H04L 9/08 (2006.01); H04L 9/32 (2006.01); H04L 9/00 (2022.01)
CPC H04L 9/0637 (2013.01) [H04L 9/0825 (2013.01); H04L 9/3247 (2013.01); H04L 9/50 (2022.05)] 13 Claims
OG exemplary drawing
 
1. An identity management method, applied to a communications network, wherein the communications network comprises user equipment and a blockchain network, the blockchain network comprises at least one control plane node and at least one data plane node, wherein the at least one control plane node comprises a first control plane node and a second control plane node, and the method comprises:
receiving, by the second control plane node in the at least one control plane node, first transaction data, wherein the first transaction data is broadcasted by the first control plane node, the first control plane node is an internet of things (IOT) industry customer entity node that generates identifications for a plurality of user equipment in the communications network, the first transaction data comprise a first identification of the user equipment and a first public key of the user equipment that are signed with a second private key of the first control plane node, and the second control plane node is an operator management device of the communications network;
verifying, by the second control plane node, the first transaction data based on a second public key of the first control plane node;
after the verification succeeds, performing, by the second control plane node, consensus calculation on the first transaction data; and
wherein the communications network further comprises an authentication unit, and the method further comprises:
receiving, by the authentication unit, first identification information sent by the user equipment;
querying, by the authentication unit based on the first identification information, the first transaction data corresponding to the first identification;
verifying, by the authentication unit, the first transaction data;
after the verification succeeds:
generating, by the authentication unit, a first key; and
encrypting, by the authentication unit, the first key based on the first public key, to obtain a first encrypted ciphertext;
sending, by the authentication unit to the user equipment, the first encrypted ciphertext and identity management transaction data that is of the authentication unit;
receiving, by the authentication unit, a second encrypted ciphertext sent by the user equipment, wherein the second encrypted ciphertext comprises the first key and a second key, and wherein authentication on the user equipment uses the second encrypted ciphertext;
decrypting, by the authentication unit, the second encrypted ciphertext based on a third private key of the authentication unit, to obtain the first key and the second key;
encrypting, by the authentication unit, the second key based on the first public key, to obtain a third encrypted ciphertext; and
sending, by the authentication unit, the third encrypted ciphertext to the user equipment, wherein authentication on the authentication unit uses the third encrypted ciphertext.