Search

CN-122027179-A - Authentication and authorization method, device, communication equipment, authentication and authorization system and storage medium

CN122027179ACN 122027179 ACN122027179 ACN 122027179ACN-122027179-A

Abstract

The application relates to an authentication and authorization method, an authentication and authorization device, a communication device, an authentication and authorization system and a storage medium. The method comprises the steps that an authentication and authorization module of an opening layer of the computing power network capability determines the authenticity and credibility of a computing power network application accessing the opening capability of the computing power network, and the authentication and authorization module controls the access authority of the computing power network application to the opening capability of the computing power network. The application can ensure the authenticity and the credibility of the application program accessing the computational power network opening capability, and strictly control the access right to the computational power network opening capability, thereby realizing the credibility opening and the authentication of the computational power.

Inventors

  • LI JIACONG
  • Lv hang

Assignees

  • 中国电信股份有限公司技术创新中心
  • 中国电信股份有限公司

Dates

Publication Date
20260512
Application Date
20241213

Claims (19)

  1. 1. An authentication and authorization method, the method comprising: The authentication and authorization module of the computing power network capability opening layer determines the authenticity and the credibility of the computing power network application accessing the computing power network capability opening layer; and the authentication and authorization module controls the access authority of the computing power network application to the computing power network opening capability.
  2. 2. The method according to claim 1, wherein the method further comprises: The authentication and authorization module receives a registration request from an application program, wherein the application program applies for registration to the computing network capability opening layer as the computing network application, and registration information comprises a digital certificate of the application program; And the authentication and authorization module is used for auditing the digital certificate of the application program, generating a registration result when the digital certificate passes the auditing, and transmitting the registration result to the application program.
  3. 3. The method according to claim 2, wherein the method further comprises: the computing power network capability opening layer receives an authentication request sent by the computing power network application, wherein the authentication request comprises authentication information; the authentication authorization module authenticates the power network application according to the authentication information to obtain an authentication result; and the authentication authorization module sends the authentication result to the computing power network application.
  4. 4. A method according to claim 3, characterized in that the method further comprises: When the authentication result is that the authentication passes, the authentication authorization module generates an access token, wherein the access token comprises the access level of the computing power network application; the authentication authorization module sends the access token to the computing power network application.
  5. 5. The method of claim 4, wherein the access token is cryptographically secured by a preset key corresponding to the computing network application.
  6. 6. A method according to claim 3, characterized in that the method further comprises: The authentication and authorization module generates an account number, a password and a preset secret key corresponding to the computing power network application; And the authentication and authorization module sends the account number, the password and the preset key to the application program.
  7. 7. The method of claim 6, wherein the authentication information is obtained by encrypting the account number and the password by the computing power network application using the preset key.
  8. 8. An authentication and authorization method, the method comprising: And the computing power network application determines the access authority to the computing power network opening capability according to the control of an authentication and authorization module of the computing power network capability opening layer, wherein the authentication and authorization module determines the authenticity and the credibility of the computing power network application.
  9. 9. The method of claim 8, wherein the method further comprises: an application program sends a registration request to the computing network capability opening layer, and applies for registration to the computing network capability opening layer as the computing network application, wherein registration information comprises a digital certificate of the application program; And the computing power network application receives the registration result sent by the authentication and authorization module.
  10. 10. The method according to claim 9, wherein the method further comprises: the computing power network application sends an authentication request to the computing power network capability opening layer, wherein the authentication request comprises authentication information; And the computing power network application receives the authentication result sent by the authentication and authorization module.
  11. 11. The method according to claim 10, wherein the method further comprises: The computing power network application receives an access token sent by the authentication and authorization module, wherein the access token comprises the access level of the computing power network application.
  12. 12. The method of claim 10, further comprising, prior to the computing network application sending an authentication request to the computing network capability openness layer: The computing power network application receives an account number, a password and a preset secret key which are sent by the authentication and authorization module and correspond to the computing power network application; the computing power network application generates the authentication information, wherein the authentication information is obtained by encrypting the account number and the password by adopting the preset secret key.
  13. 13. An authentication and authorization apparatus, characterized by an authentication and authorization module applied to an open layer of computing power network capabilities, the apparatus comprising: the management module is used for determining the authenticity and the credibility of the computing power network application accessing the computing power network opening capability; And the authority control module is used for controlling the access authority of the power computing network application to the power computing network opening capability.
  14. 14. An authentication and authorization apparatus, the apparatus comprising: The access module is used for determining the access right to the opening capability of the computing power network according to the control of the authentication and authorization module of the opening layer of the computing power network, wherein the authentication and authorization module determines the authenticity and the credibility of the application of the computing power network.
  15. 15. A communication device comprising a processor; the processor is used for determining the authenticity and the credibility of the computing power network application accessing the computing power network opening capability and controlling the access authority of the computing power network application to the computing power network opening capability.
  16. 16. A communication device comprising a processor; The processor is used for determining the access right to the open capability of the computing power network according to the control of the authentication and authorization module of the open layer of the computing power network, wherein the authentication and authorization module determines the authenticity and the credibility of the application of the computing power network.
  17. 17. An authentication and authorization system is characterized by comprising a computing power network capability opening layer and a computing power network application, wherein the computing power network capability opening layer and the computing power network application are communicated through a network; An authentication and authorization module of the computing network capability opening layer performs the steps of the method of any one of claims 1 to 7; the computing power network application performs the steps of the method of any one of claims 8 to 12.
  18. 18. A computer readable storage medium, on which a computer program is stored, characterized in that the computer program, when being executed by a processor, implements the steps of the method of any of claims 1 to 12.
  19. 19. A computer program product comprising a computer program, characterized in that the computer program, when being executed by a processor, implements the steps of the method of any one of claims 1 to 12.

Description

Authentication and authorization method, device, communication equipment, authentication and authorization system and storage medium Technical Field The present application relates to the field of communications technologies, and in particular, to an authentication and authorization method, an apparatus, a communication device, an authentication and authorization system, and a storage medium. Background With the development of information technology, the computing power network (Computing Power Network, CPN) integrates and schedules scattered computing resources, so that the dynamic allocation and efficient utilization of computing power are realized, and computing support is provided for various applications. However, the scale of the current computing network is gradually enlarged and the application scene is more and more abundant, and the problem that the trusted opening and authentication of the computing capability cannot be realized exists. Disclosure of Invention The embodiment of the application provides an authentication and authorization method, an authentication and authorization device, a communication device, an authentication and authorization system and a storage medium, which can realize the trusted opening and authentication of computing capacity. In a first aspect, the present application provides an authentication and authorization method, the method comprising: The authentication and authorization module of the computing power network capability opening layer determines the authenticity and the credibility of the computing power network application accessing the computing power network capability opening layer; The authentication and authorization module controls access rights of the computing power network application to the computing power network opening capability. In one embodiment, the method further comprises: The authentication authorization module receives a registration request from an application program, wherein the application program applies for registration as an computing network application to a computing network capability opening layer, and registration information comprises a digital certificate of the application program; the authentication and authorization module examines the digital certificate of the application program, and generates a registration result and sends the registration result to the application program when the examination passes. In one embodiment, the method further comprises: The computing power network capability development layer receives an authentication request sent by a computing power network application, wherein the authentication request comprises authentication information; The authentication authorization module authenticates the computing power network application according to the authentication information to obtain an authentication result; The authentication authorization module sends the authentication result to the computing network application. In one embodiment, the method further comprises: when the authentication result is that the authentication passes, the authentication authorization module generates an access token, wherein the access token comprises the access level of the computing network application; The authentication authorization module sends the access token to the power network application. In one embodiment, the access token is cryptographically secured by a pre-set key to the computing power network application. In one embodiment, the method further comprises: The authentication and authorization module generates an account number, a password and a preset key corresponding to the computing power network application; and the authentication and authorization module sends the account number, the password and the preset key to the application program. In one embodiment, the authentication information is obtained by encrypting an account number and a password by using a preset key through the power network application. In a second aspect, the present application further provides an authentication and authorization method, where the method includes: the computing power network application determines the access right to the computing power network opening capability according to the control of an authentication and authorization module of the computing power network capability opening layer, wherein the authentication and authorization module determines the authenticity and the credibility of the computing power network application. In one embodiment, the method further comprises: the application program sends a registration request to the computing network capability opening layer, and applies for registration as the computing network application to the computing network capability opening layer, wherein the registration information comprises a digital certificate of the application program; the computing power network application receives the registration result sent by the authentication and authorization module.