CN105959323B - Identity authorization system, method and device - Google Patents
Identity authorization system, method and device Download PDFInfo
- Publication number
- CN105959323B CN105959323B CN201610555428.1A CN201610555428A CN105959323B CN 105959323 B CN105959323 B CN 105959323B CN 201610555428 A CN201610555428 A CN 201610555428A CN 105959323 B CN105959323 B CN 105959323B
- Authority
- CN
- China
- Prior art keywords
- encrypted message
- terminal equipment
- response message
- server
- user identifier
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0815—Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0884—Network architectures or network communication protocols for network security for authentication of entities by delegation of authentication, e.g. a proxy authenticates an entity to be authenticated on behalf of this entity vis-à-vis an authentication entity
Abstract
The embodiment of the present application provides identity authorization system, method and device, subscriber terminal equipment obtains purpose response message from computing terminal equipment, purpose user identifier and purpose response message are sent to server, server is according to purpose user identifier, purpose encrypted message is obtained, and judges whether authentication succeeds according to purpose encrypted message and purpose response message.In entire verification process, purpose encrypted message is inputted without user, i.e., user is without remembering purpose encrypted message, therefore for higher safety, purpose password can be arranged more complicated.Since the security level of server is far longer than the security level of computing terminal equipment, purpose encrypted message is stored in the server, is avoided user in computing terminal equipment and is inputted purpose encrypted message, leads to the case where revealing purpose encrypted message.Since purpose encrypted message is to be obtained based on purpose user identifier, and increase re-examination card, to further improve the reliability of authentication.
Description
Technical field
This application involves fields of communication technology, more particularly relate to identity authorization system, method and device.
Background technique
Currently, the information in electronic equipment is stolen by illegal user in order to prevent, in user to the data in electronic equipment
When being operated, user is needed to carry out authentication.During carrying out authentication, authenticating device and electronic equipment are needed
It is connected, and inputs encrypted message in authenticating device, after the entry password and encrypted message of user are all verified, user
Just there is the permission operated to the data in electronic equipment.It is illustrated by taking encryption equipment as an example below.
User needs to be inserted into USB KEY in encryption equipment when operating on encryption equipment, when user's entry password authenticates
Pass through, and PIN (Personal Identification Number, personal identification number) code that user inputs on USB KEY
After being verified, user could operate the data in electronic equipment.
When user forgets Password information, user cannot operate the data in electronic equipment.
Summary of the invention
In view of this, the present invention provides a kind of identity authorization system, method and device, with solve in the prior art when with
Family forget Password information when, the problem of user cannot operate the data in electronic equipment.
To achieve the above object, the invention provides the following technical scheme:
A kind of identity authorization system, comprising: authenticating device, computing terminal equipment, server and subscriber terminal equipment,
In:
The authenticating device generates purpose response message for the login authentication request that the computing terminal equipment is sent,
And it is sent to the computing terminal equipment;
The computing terminal equipment is led to for login authentication request to be sent to establish with the computing terminal equipment
Believe the authenticating device of connection;Receive the purpose response message;
The subscriber terminal equipment, for by the computing terminal equipment acquisition purpose response message, and by institute
It states purpose response message and purpose user identifier is sent to the server, the purpose user identifier includes that the user is whole
Purpose user's login banner that the purpose subscriber terminal equipment of end equipment is identified and/or currently logged in;
The server, for obtaining purpose encrypted message according to the purpose user identifier;According to the purpose password
Information and the purpose response message judge whether authentication succeeds.
Preferably, the computing terminal equipment is also used to:
The purpose response message is generated into answer signal, the answer signal is response voice signal, response optical signal
Or response figure signal;
The subscriber terminal equipment is specific to use when obtaining the purpose response message by the computing terminal equipment
In:
The answer signal obtained;
The answer signal is parsed, the purpose response message is obtained.
Wherein, the server is being specifically used for when obtaining purpose encrypted message according to the purpose user identifier:
According to the purpose user identifier and the server for encrypting information, the purpose encrypted message is generated;
Or, the corresponding relationship according to pre-stored user identifier and encrypted message, determines the purpose user identifier
The corresponding purpose encrypted message.
Preferably, the server is also used to:
When receiving update encrypted message instruction, the encryption information of the server is updated, obtains and updates encryption information;
According to the purpose user identifier and the update encryption information, obtains and update purpose encrypted message;
The update purpose encrypted message is stored to the authenticating device.
A kind of identity identifying method, is applied to server, and the identity identifying method includes:
Receive subscriber terminal equipment send purpose response message and purpose user identifier, the purpose response message be
Authenticating device is generated based on the login authentication request that computing terminal equipment is sent, and the purpose user identifier includes the user
User's login banner that the purpose subscriber terminal equipment of terminal device is identified and/or currently logged in;
According to the purpose user identifier, purpose encrypted message is obtained;
According to the purpose encrypted message and the purpose response message, judge whether authentication succeeds.
Wherein, described according to the purpose user identifier, obtaining purpose encrypted message includes:
According to the purpose user identifier and the server for encrypting information, the purpose encrypted message is generated;
Or, the corresponding relationship according to pre-stored user identifier and encrypted message, determines the purpose user identifier
The corresponding purpose encrypted message.
Preferably, further includes:
When receiving update encrypted message instruction, the encryption information of the server is updated, obtains and updates encryption information;
According to the purpose user identifier and the update encryption information, obtains and update purpose encrypted message;
The update purpose encrypted message is stored to the authenticating device.
Wherein, described to judge whether authentication succeeds according to the purpose encrypted message and the purpose response message
Include:
The purpose response message is encrypted using the purpose encrypted message, generates authentication code, and be sent to institute
State authenticating device;
The matching result of the authenticating device feedback is received, the matching result shows the authenticating device and is based on itself
The matching result or described of accurate authentication code and the authentication code that the precise code information and purpose response message of storage obtain
The parsing response message and the purpose response that authenticating device is parsed from the authentication code based on the precise code information
The matching result of information;
Determine whether authentication succeeds according to the matching result.
Wherein, described to judge whether authentication succeeds according to the purpose encrypted message and the purpose response message
Include:
Receive what authenticating device was sent, it is accurate that the precise code information based on itself storage is obtained with purpose response message
Authentication code;
Determine that matching result, the matching result are shown the server and answered based on the purpose encrypted message with purpose
It answers the authentication code of information acquisition and the matching result of the accurate authentication code or the server is based on the purpose encrypted message
The matching result of the parsing response message and the purpose response message that are parsed from the accurate authentication code;
Determine whether authentication succeeds according to the matching result.
A kind of identification authentication system, is applied to server, and the identification authentication system includes:
Receiving module, it is described for receiving the purpose response message and purpose user identifier of subscriber terminal equipment transmission
Purpose response message is that authenticating device is generated based on the login authentication request that the computing terminal equipment is sent, and the purpose is used
Family mark includes user's login banner that the purpose subscriber terminal equipment is identified and/or currently logged in;
Module is obtained, for obtaining purpose encrypted message according to the purpose user identifier;
Judgment module, for judging that authentication is according to the purpose encrypted message and the purpose response message
No success.
It can be seen via above technical scheme that compared with prior art, the embodiment of the invention provides a kind of authentications
System, subscriber terminal equipment obtain purpose response message from computing terminal equipment, by purpose user identifier and purpose response
Information is sent to server, and server obtains purpose encrypted message according to purpose user identifier, and according to purpose encrypted message with
And purpose response message judges whether authentication succeeds.In entire verification process, purpose encrypted message is inputted without user,
I.e. user is without remembering purpose encrypted message, therefore for higher safety, purpose password can be arranged more complicated.
Since the security level of server is far longer than the security level of computing terminal equipment, purpose encrypted message is stored in server
In, user is avoided in computing terminal equipment and inputs purpose encrypted message, leads to the case where revealing purpose encrypted message.Due to mesh
Encrypted message be to be obtained based on purpose user identifier, i.e., intervention electronic third-party equipment, that is, subscriber terminal equipment, and increase
One re-examination card, to further improve the reliability of authentication.
Detailed description of the invention
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below
There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this
The embodiment of invention for those of ordinary skill in the art without creative efforts, can also basis
The attached drawing of offer obtains other attached drawings.
Fig. 1 is the information exchange process signal of each equipment in a kind of identity authorization system provided by the embodiments of the present application
Figure;
Fig. 2 be in a kind of identity authorization system provided by the embodiments of the present application server according to the purpose encrypted message with
And whether successfully the purpose response message judges a kind of authentication signaling diagram of implementation;
Fig. 3 be in a kind of identity authorization system provided by the embodiments of the present application server according to the purpose encrypted message with
And the purpose response message judges the signaling diagram of the whether successful another implementation of authentication;
Fig. 4 be in a kind of identity authorization system provided by the embodiments of the present application server according to the purpose encrypted message with
And the purpose response message judges the signaling diagram of the whether successful another implementation of authentication;
Fig. 5 is a kind of flow chart of implementation of identity identifying method provided by the embodiments of the present application;
Fig. 6 is the structural schematic diagram of the identification authentication system provided by the embodiments of the present application applied to server.
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete
Site preparation description, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is based on
Embodiment in the present invention, it is obtained by those of ordinary skill in the art without making creative efforts every other
Embodiment shall fall within the protection scope of the present invention.
The embodiment of the present application provides a kind of identity authorization system, which includes: authenticating device 11, calculates
Terminal device 12, server 13 and subscriber terminal equipment 14 are as shown in Figure 1 the information of each equipment in identity authorization system
Interaction flow schematic diagram.
Step S101: computing terminal equipment 12 sends login authentication request to authenticating device 11.
Establishing communication connection in authenticating device 11 and computing terminal equipment 12 (can be wired connection, or wireless
Connection) after, computing terminal equipment 12 can send login authentication request to authenticating device 11;Alternatively, in authenticating device 11 and meter
It calculates terminal device 12 and establishes communication connection, and user's login banner (may include user login name and/or user login code)
After certification passes through, computing terminal equipment 12 can send login authentication request to authenticating device;Alternatively, user is calculated by clicking
Some virtual key in 12 display interface of terminal device or after clicking the physical button of computing terminal equipment 12, computing terminal
Equipment 12 can send login authentication request to authenticating device.
Computing terminal equipment 12 can be computer, notebook, PAD, PDA, smart phone etc..
Step S102: authenticating device 11 feeds back purpose response message to computing terminal equipment.
Purpose response message can be random number, i.e., for same user's login banner and same authenticating device, meter
After calculation terminal device sends login authentication request to authenticating device every time, the random number of authenticating device feedback can not be identical.
Purpose response message is also possible to according to logging request generation, such as purposeful use can be carried in logging request
Family login banner (such as user name or user password) can generate purpose response message according to purpose user's login banner.
By the current user for logging in computing terminal equipment and subscriber terminal equipment in the embodiment of the present application, referred to as purpose is used
Family, purpose user are also the holder of the authenticating device, and purpose user is being carried out authentication in the embodiment of the present application
The noun being related in journey is referred to as to distinguish with other users: purpose user identifier, purpose user terminal mark
Knowledge, purpose user login banner, purpose encrypted message, purpose response message.Purpose user is also any user.
Step S103: subscriber terminal equipment 14 obtains purpose response message from computing terminal equipment 12.
Can be pre-establish computing terminal equipment and subscriber terminal equipment communication connection (can for wired connection,
Can be wireless connection), purpose response message actively can be sent to subscriber terminal equipment or user by computing terminal equipment 12
14 active of terminal device obtains purpose response message from computing terminal equipment.
Step S104: purpose response message and purpose user identifier are sent to server 13 by subscriber terminal equipment 14.
Purpose user identifier includes user's login banner purpose subscriber terminal equipment mark and/or currently logged in.
Purpose subscriber terminal equipment mark can (Subscriber Identification Module client knows for SIM
Other module) mark or purpose subscriber terminal equipment unique sequence numbers.
Step S105: server 13 obtains purpose encrypted message according to the purpose user identifier.
Specifically, can be to generate the purpose according to the purpose user identifier and the server for encrypting information
Encrypted message;Or, the corresponding relationship according to pre-stored user identifier and encrypted message, determines the purpose user identifier
The corresponding purpose encrypted message.
Purpose encrypted message can be PIN code.
Step S106: server 13 judges authentication according to the purpose encrypted message and the purpose response message
Whether succeed.
Due to server 13 according to state purpose encrypted message and the purpose response message judge authentication whether at
Function is related to server 13, computing terminal equipment 12 and authenticating device 11, therefore the step such as Fig. 1 is located at server 13, calculates
11 lower section of terminal device 12 and authenticating device.
In identity authorization system provided by the embodiments of the present application, subscriber terminal equipment 14 is obtained from computing terminal equipment 12
Purpose user identifier and purpose response message are sent to server 13 by purpose response message, and server 13 is used according to purpose
Family mark, obtain purpose encrypted message, and according to purpose encrypted message and purpose response message judge authentication whether at
Function.In entire verification process, purpose encrypted message is inputted without user, i.e., user is without remembering purpose encrypted message, therefore
For higher safety, purpose password can be arranged more complicated.Since the security level of server is far longer than meter
The security level of terminal device is calculated, purpose encrypted message stores in the server, avoids user and inputs in computing terminal equipment
Purpose encrypted message leads to the case where revealing purpose encrypted message.Since purpose encrypted message is obtained based on purpose user identifier
, that is, electronic third-party equipment, that is, subscriber terminal equipment is intervened, and increase re-examination card, to further improve identity
The reliability of verifying.
In above-mentioned identity authorization system embodiment, computing terminal equipment is also used to: purpose response message generation is answered
Signal is answered, the answer signal is response voice signal, response optical signal or response figure signal;Correspondingly, the user is whole
End equipment is specifically used for when obtaining the purpose response message by the computing terminal equipment: the response letter of acquisition
Number;The answer signal is parsed, the purpose response message is obtained.
Answer signal can be response voice signal, the frequency of the corresponding response voice signal of different purpose response messages
May different, amplitude may different, wavelength may be different, subscriber terminal equipment 14 can according to response voice signal frequency,
Amplitude and/or wavelength parse purpose answer signal.
Answer signal can be response optical signal, and the corresponding response optical signal of different purpose response messages is different, such as
When purpose response message is 1123, response optical signal can be for this flash red, red, yellow and green, i.e., different face
The optical signal set of color synthesizes a response optical signal, and purpose response message can be determined according to response optical signal.
Answer signal can be response figure signal, such as two dimensional code.
Corresponding subscriber terminal equipment 14 has the function of to scan the two-dimensional code.Such as subscriber terminal equipment 14 includes camera,
It can use camera to scan the two-dimensional code.
Subscriber terminal equipment 14 can be smart phone, PDA (Personal Digital Assistant, palm electricity
Brain), PAD (portable android device, tablet computer), notebook etc..
It, can be by preset time or authentication default time in order to further increase the safety of encrypted message
After number, the encrypted message in authenticating device is updated.
If the corresponding relationship of user identifier and encrypted message is not stored in advance in server, but receiving purpose
After user identifier, generated according to purpose user identifier and the encryption information of server, then, in above-mentioned identity authorization system
Server be also used to:
When receiving update encrypted message instruction, the encryption information of the server is updated, obtains and updates encryption information;According to
According to the purpose user identifier and the update encryption information, obtains and update purpose encrypted message;The update purpose is close
Code information is stored to the authenticating device.
Optionally, the encryption information of server is the same for all users, can save server in this way
In memory space, optionally, the encryption information that different user identifies corresponding server can be different.
If being previously stored with the corresponding relationship of user identifier and encrypted message in server, then above-mentioned authentication
Server in system is also used to:
When receiving update encrypted message instruction, the corresponding purpose encrypted message of the purpose user identifier is updated.
It is understood that before receiving update encrypted message instruction, according to original purpose encrypted message
It is successfully made authentication.
In above-mentioned identity authorization system embodiment, server is believed according to the purpose encrypted message and the purpose response
Breath judges that the whether successful implementation of authentication has six kinds, and the embodiment of the present application provides but is not limited to following six kinds of modes.
In the embodiment of the present application, the encrypted message that itself is stored in authenticating device is known as precise code information, will be authenticated
Equipment encrypts purpose response message, the authentication code of acquisition, referred to as accurate authentication code using precise code information.By server or meter
It calculates the authentication code that terminal device generates and is known as authentication code.By server, computing terminal equipment, authenticating device or subscriber terminal equipment
The response message parsed is known as parsing response message.
The first, implementation is as shown in Figure 2.
Step S201: server 13 encrypts purpose response message using purpose encrypted message, generates authentication code, and
Authentication code is sent to authenticating device 11.
Authentication code can first be issued computing terminal equipment 12 by server 13, and computing terminal equipment 12 again issues authentication code
Authenticating device 11;Or authentication code is directly sent to authenticating device 11 by server 13.
Assuming that purpose encrypted message is PIN code, purpose response message is indicated with ACK1, then authentication code AUTH=CPIHER
(PIN, AKC1).CPIHER () be using PIN be ACK1 encryption function.
Step S202: authenticating device 11 parses authentication code according to the precise code information that itself is stored, and is solved
Response message is analysed, parsing response message is matched with purpose response message, obtains matching result;And matching result is sent
To server 13.
Matching result first can be sent to computing terminal equipment 12 by authenticating device 11, then be sent by computing terminal equipment 12
To server 13;Or matching result is directly sent to server 13 by authenticating device 11.
Step S203: when server 13 detects matching result to match, authentication success is determined;Detect matching knot
Fruit is to determine that authentication fails when mismatching.
Second of implementation is as shown in Figure 2.
Step S201: server 13 encrypts purpose response message using purpose encrypted message, generates authentication code, and
Authentication code is sent to authenticating device 11.
Step S202: authenticating device 11 encrypts purpose response message using the precise code information that itself is stored,
Accurate authentication code is obtained, accurate authentication code is matched with authentication code, obtains matching result;And matching result is sent to clothes
Business device 13.
Step S202 in second of implementation is the alternate embodiments of the step S202 in the first implementation,
Therefore it is shown in Fig. 2 with dotted line frame.
Step S203: when server 13 detects matching result to match, authentication success is determined;Detect matching knot
Fruit is to determine that authentication fails when mismatching.
The third implementation is as shown in Figure 3.
Step S301: authenticating device 11 encrypts purpose response message using the precise code information that itself is stored,
Accurate authentication code is obtained, accurate authentication code is sent to server 13.
Accurate authentication code first can be sent to computing terminal equipment by authenticating device 11, then is sent to by computing terminal equipment
Server;Or, accurate authentication code directly can be sent to server by authenticating device 11.
Step S302: server 13 is directed at true authentication code according to purpose encrypted message and is parsed, and obtains parsing response letter
Parsing response message is matched with purpose response message, obtains matching result by breath.
Step S303: when server 13 detects matching result to match, authentication success is determined;Detect matching knot
Fruit is to determine that authentication fails when mismatching.
4th kind of implementation is as shown in Figure 3.
Step S301: authenticating device 11 encrypts purpose response message using the precise code information that itself is stored,
Accurate authentication code is obtained, accurate authentication code is sent to server 13.
Accurate authentication code first can be sent to computing terminal equipment by authenticating device 11, then is sent to by computing terminal equipment
Server;Or, accurate authentication code directly can be sent to server by authenticating device 11.
Step S302: server 13 encrypts purpose response message using purpose encrypted message, obtains authentication code, will
Accurate authentication code is matched with authentication code, obtains matching result.
Step S302 in 4th kind of implementation is the alternate embodiments of the step S302 in the third implementation,
Therefore it is shown in Fig. 3 with dotted line frame.
Step S303: when server 13 detects matching result to match, authentication success is determined;Detect matching knot
Fruit is to determine that authentication fails when mismatching.
5th kind of implementation is as shown in Figure 4.
Step S401: purpose response message and purpose encrypted message are sent to computing terminal equipment 12 by server 13.
Step S402: computing terminal equipment 12 is encrypted purpose response message using purpose encrypted message, and generation is recognized
Code is demonstrate,proved, and authentication code is sent to authenticating device 11.
Step S403: authenticating device 11 parses authentication code according to the precise code information that itself is stored, and is solved
Response message is analysed, parsing response message is matched with purpose response message, obtains matching result;And matching result is sent
To server 13.
Matching result first can be sent to computing terminal equipment 12 by authenticating device 11, then be sent by computing terminal equipment 12
To server 13;Or matching result is directly sent to server 13 by authenticating device 11.
Step S404: when server 13 detects matching result to match, authentication success is determined;Detect matching knot
Fruit is to determine that authentication fails when mismatching.
6th kind of implementation is as shown in Figure 4.
Step S401: purpose response message and purpose encrypted message are sent to computing terminal equipment 12 by server 13.
Step S402: computing terminal equipment 12 is encrypted purpose response message using purpose encrypted message, and generation is recognized
Code is demonstrate,proved, and authentication code is sent to authenticating device 11.
Step S403: authenticating device 11 encrypts purpose response message using the precise code information that itself is stored,
Accurate authentication code is obtained, accurate authentication code is matched with authentication code, obtains matching result;And matching result is sent to clothes
Business device 13.
Step S403 in 6th kind of implementation is the alternate embodiments of the step S403 in the 5th kind of implementation,
Therefore it is shown in Fig. 2 with dotted line frame.
Matching result first can be sent to computing terminal equipment 12 by authenticating device 11, then be sent by computing terminal equipment 12
To server 13;Or matching result is directly sent to server 13 by authenticating device 11.
Step S404: when server 13 detects matching result to match, authentication success is determined;Detect matching knot
Fruit is to determine that authentication fails when mismatching.
The embodiment of the present application also provides a kind of identity identifying methods, as shown in figure 5, being body provided by the embodiments of the present application
A kind of flow chart of implementation of identity authentication method, this method are applied to the server in identity authorization system (as shown in Figure 1
Server), this method comprises:
Step S501: the purpose response message and purpose user identifier that subscriber terminal equipment is sent are received.
The purpose response message is that authenticating device is generated based on the login authentication request that the computing terminal equipment is sent
, the user identifier includes user's login banner purpose subscriber terminal equipment mark and/or currently logged in.
Step S502: according to the purpose user identifier, purpose encrypted message is obtained.
Step S503: according to the purpose encrypted message and the purpose response message, judge authentication whether at
Function.
In the above-mentioned identity identifying method embodiment applied to server, according to the purpose user identifier, purpose is obtained
Encrypted message includes:
According to the purpose user identifier and the server for encrypting information, the purpose encrypted message is generated;Or, according to
According to the corresponding relationship of pre-stored user identifier and encrypted message, the corresponding purpose of the purpose user identifier is determined
Encrypted message.
It can also include: to receive update encrypted message in the above-mentioned identity identifying method embodiment applied to server
When instruction, the encryption information of the server is updated, obtains and updates encryption information;According to the purpose user identifier and described
Encryption information is updated, obtains and updates purpose encrypted message;The update purpose encrypted message is stored to the authenticating device.
In the above-mentioned identity identifying method embodiment applied to server, according to the purpose encrypted message and the mesh
Response message judge there are many whether successful implementations of authentication, in specific method such as identity authorization system embodiment
The method that server is realized in the six kinds of modes provided, details are not described herein.
The embodiment of the present application also provides a kind of identity identifying method applied to computing terminal equipment, this method includes such as
The implementation method of the computing terminal equipment referred in any identity authorization system embodiment.
The embodiment of the present application also provides a kind of identity identifying method applied to subscriber terminal equipment, this method includes such as
The implementation method of the subscriber terminal equipment referred in any identity authorization system embodiment.
The embodiment of the present application also provides a kind of identity identifying method applied to authenticating device, this method includes as any
The implementation method of the authenticating device referred in identity authorization system embodiment.
The embodiment of the present application also provides a kind of identification authentication systems applied to server, as shown in fig. 6, being the application
The structural schematic diagram for the identification authentication system applied to server (server as shown in Figure 1) that embodiment provides, the identity
Authentication device includes: receiving module 61, obtains module 62 and judgment module 63, in which:
Receiving module 61, for receiving the purpose response message and purpose user identifier of subscriber terminal equipment transmission.
The purpose response message is that authenticating device is generated based on the login authentication request that the computing terminal equipment is sent
, the purpose user identifier includes user's login banner purpose subscriber terminal equipment mark and/or currently logged in.
Module 62 is obtained, for obtaining purpose encrypted message according to the purpose user identifier.
Judgment module 63, for judging authentication according to the purpose encrypted message and the purpose response message
Whether succeed.
It may include: generation unit applied to the acquisition module in the identification authentication system of server, for according to described in
Purpose user identifier and the server for encrypting information, generate the purpose encrypted message;Or, the first determination unit, is used for
According to the corresponding relationship of pre-stored user identifier and encrypted message, the corresponding mesh of the purpose user identifier is determined
Encrypted message.
Applied to that can also include: update module in the identification authentication system of server, for receiving update message in cipher
When breath instruction, the encryption information of the server is updated, obtains and updates encryption information;It obtains and updates crypto module, be used for foundation
The purpose user identifier and the update encryption information obtain and update purpose encrypted message;Memory module, being used for will be described
Purpose encrypted message is updated to store to the authenticating device.
Applied to the judgment module in the identification authentication system of server realization structure there are many, specific implementation structure such as
Under:
The first realizes structure (corresponding with method shown in Fig. 2 in authentication system), and judgment module includes:
Authentication code unit is generated, it is raw for being encrypted using the purpose encrypted message to the purpose response message
At authentication code, and it is sent to the authenticating device.
Matching result unit is received, for receiving the matching result of the authenticating device feedback.
The matching result shows the authenticating device to be believed based on the precise code information and purpose response itself stored
Cease obtain accurate authentication code and the authentication code matching result or the authenticating device be based on the precise code information from
The matching result of the parsing response message and the purpose response message that are parsed in the authentication code.
Second determination unit, for determining whether authentication succeeds according to the matching result.
Second of realization structure (corresponding with method shown in Fig. 3 in authentication system), judgment module includes:
Authentication code unit is received, for receiving authenticating device transmission, precise code information and mesh based on itself storage
Response message obtain accurate authentication code.
Third determination unit, for determining matching result.
The matching result shows what the server was obtained based on the purpose encrypted message and purpose response message
The matching result or the server of authentication code and the accurate authentication code are based on the purpose encrypted message accurately to be recognized from described
The matching result of the parsing response message and the purpose response message that are parsed in card code.
4th determination unit, for determining whether authentication succeeds according to the matching result.
The third realizes structure (corresponding with method shown in Fig. 4 in authentication system), and judgment module includes:
Purpose response message and purpose encrypted message are sent to computing terminal equipment.
Receive the matching result of authenticating device feedback.
Matching result show the authenticating device be applicable in itself storage precise code information to purpose response message into
Row encryption, the standard that the matching result or the authenticating device of the authentication code of acquisition and the accurate authentication code are stored based on itself
The matching result of parsing response message and the purpose response message that true encrypted message is parsed from the authentication code.
It should be noted that all the embodiments in this specification are described in a progressive manner, each embodiment weight
Point explanation is the difference from other embodiments, and the same or similar parts between the embodiments can be referred to each other.
The foregoing description of the disclosed embodiments enables those skilled in the art to implement or use the present invention.
Various modifications to these embodiments will be readily apparent to those skilled in the art, as defined herein
General Principle can be realized in other embodiments without departing from the spirit or scope of the present invention.Therefore, of the invention
It is not intended to be limited to the embodiments shown herein, and is to fit to and the principles and novel features disclosed herein phase one
The widest scope of cause.
Claims (10)
1. a kind of identity authorization system characterized by comprising authenticating device, computing terminal equipment, server and user are whole
End equipment, in which:
The authenticating device generates purpose response message, concurrently for the login authentication request that the computing terminal equipment is sent
It send to the computing terminal equipment;
The computing terminal equipment establishes communication link with the computing terminal equipment for being sent to login authentication request
The authenticating device connect;Receive the purpose response message;
The subscriber terminal equipment, for by the computing terminal equipment acquisition purpose response message, and by the mesh
Response message and purpose user identifier be sent to the server, the purpose user identifier includes that the user terminal is set
Purpose user's login banner that standby purpose subscriber terminal equipment is identified and/or currently logged in;
The server, for obtaining purpose encrypted message according to the purpose user identifier;According to the purpose encrypted message
And the purpose response message judges whether authentication succeeds.
2. identity authorization system according to claim 1, which is characterized in that the computing terminal equipment is also used to:
The purpose response message is generated into answer signal, the answer signal is response voice signal, response optical signal or answers
Answer figure signal;
The subscriber terminal equipment is specifically used for when obtaining the purpose response message by the computing terminal equipment:
The answer signal obtained;
The answer signal is parsed, the purpose response message is obtained.
3. identity authorization system according to claim 1, which is characterized in that the server is marked according to the purpose user
Know, when obtaining purpose encrypted message, be specifically used for:
According to the purpose user identifier and the server for encrypting information, the purpose encrypted message is generated;
Or, the corresponding relationship according to pre-stored user identifier and encrypted message, determines that the purpose user identifier is corresponding
The purpose encrypted message.
4. identity authorization system according to claim 3, which is characterized in that the server is also used to:
When receiving update encrypted message instruction, the encryption information of the server is updated, obtains and updates encryption information;
According to the purpose user identifier and the update encryption information, obtains and update purpose encrypted message;
The update purpose encrypted message is stored to the authenticating device.
5. a kind of identity identifying method, which is characterized in that be applied to server, the identity identifying method includes:
The purpose response message and purpose user identifier that subscriber terminal equipment is sent are received, the purpose response message is certification
Equipment is generated based on the login authentication request that computing terminal equipment is sent, and the purpose user identifier includes the user terminal
User's login banner that the purpose subscriber terminal equipment of equipment is identified and/or currently logged in;
According to the purpose user identifier, purpose encrypted message is obtained;
According to the purpose encrypted message and the purpose response message, judge whether authentication succeeds.
6. identity identifying method according to claim 5, which is characterized in that it is described according to the purpose user identifier, it obtains
Purpose encrypted message includes:
According to the purpose user identifier and the server for encrypting information, the purpose encrypted message is generated;
Or, the corresponding relationship according to pre-stored user identifier and encrypted message, determines that the purpose user identifier is corresponding
The purpose encrypted message.
7. identity identifying method according to claim 6, which is characterized in that further include:
When receiving update encrypted message instruction, the encryption information of the server is updated, obtains and updates encryption information;
According to the purpose user identifier and the update encryption information, obtains and update purpose encrypted message;
The update purpose encrypted message is stored to the authenticating device.
8. identity identifying method according to claim 5, which is characterized in that described according to the purpose encrypted message and institute
State purpose response message judge authentication whether successfully include:
The purpose response message is encrypted using the purpose encrypted message, generates authentication code, and is sent to and described recognizes
Demonstrate,prove equipment;
The matching result of the authenticating device feedback is received, the matching result is shown the authenticating device and stored based on itself
Precise code information and purpose response message obtain accurate authentication code and the authentication code matching result or the certification
The parsing response message and the purpose response message that equipment is parsed from the authentication code based on the precise code information
Matching result;
Determine whether authentication succeeds according to the matching result.
9. identity identifying method according to claim 5, which is characterized in that described according to the purpose encrypted message and institute
State purpose response message judge authentication whether successfully include:
Receive what authenticating device was sent, the accurate certification that precise code information and purpose response message based on itself storage obtain
Code;
Determine that matching result, the matching result show the server and be based on the purpose encrypted message and purpose response letter
The matching result or the server for ceasing the authentication code and the accurate authentication code that obtain are based on the purpose encrypted message from institute
State the matching result of the parsing response message and the purpose response message that parse in accurate authentication code;
Determine whether authentication succeeds according to the matching result.
10. a kind of identification authentication system, which is characterized in that be applied to server, the identification authentication system includes:
Receiving module, for receiving the purpose response message and purpose user identifier of subscriber terminal equipment transmission, the purpose
Response message is that authenticating device is generated based on the login authentication request that computing terminal equipment is sent, the purpose user identifier packet
Include user's login banner that the purpose subscriber terminal equipment of the subscriber terminal equipment is identified and/or currently logged in;
Module is obtained, for obtaining purpose encrypted message according to the purpose user identifier;
Judgment module, for according to the purpose encrypted message and the purpose response message, judge authentication whether at
Function.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610555428.1A CN105959323B (en) | 2016-07-14 | 2016-07-14 | Identity authorization system, method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610555428.1A CN105959323B (en) | 2016-07-14 | 2016-07-14 | Identity authorization system, method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105959323A CN105959323A (en) | 2016-09-21 |
| CN105959323B true CN105959323B (en) | 2019-03-22 |
Family
ID=56901436
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610555428.1A Active CN105959323B (en) | 2016-07-14 | 2016-07-14 | Identity authorization system, method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105959323B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109684799B (en) * | 2018-08-21 | 2023-12-26 | Tcl金融科技(深圳)有限公司 | Account login method, login device, account login equipment and storage medium |
| CN116389168B (en) * | 2023-05-31 | 2023-08-29 | 北京芯盾时代科技有限公司 | Identity authentication method and device |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104202744A (en) * | 2014-08-14 | 2014-12-10 | 腾讯科技(深圳)有限公司 | Operation authentication method for intelligent terminal, terminal and system |
| CN105099673A (en) * | 2014-04-15 | 2015-11-25 | 阿里巴巴集团控股有限公司 | Authorization method, authorization requesting method and devices |
-
2016
- 2016-07-14 CN CN201610555428.1A patent/CN105959323B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105099673A (en) * | 2014-04-15 | 2015-11-25 | 阿里巴巴集团控股有限公司 | Authorization method, authorization requesting method and devices |
| CN104202744A (en) * | 2014-08-14 | 2014-12-10 | 腾讯科技(深圳)有限公司 | Operation authentication method for intelligent terminal, terminal and system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105959323A (en) | 2016-09-21 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105847247A (en) | Authentication system and working method thereof | |
| CN106302502B (en) | A kind of secure access authentication method, user terminal and server-side | |
| CN103621127B (en) | For the access point controller of wireless authentication, method and integrated circuit | |
| US9323915B2 (en) | Extended security for wireless device handset authentication | |
| CN101340436B (en) | Method and apparatus implementing remote access control based on portable memory apparatus | |
| CN107295011B (en) | Webpage security authentication method and device | |
| US9473493B2 (en) | Secure data communication | |
| CN108880822A (en) | A kind of identity identifying method, device, system and a kind of intelligent wireless device | |
| CN110189442A (en) | Authentication method and device | |
| CN104469765B (en) | Terminal authentication method and apparatus for use in mobile communication system | |
| KR20160021763A (en) | User identity authenticating method, terminal, and server | |
| CN106100848A (en) | Double factor identity authorization system based on smart mobile phone and user password and method | |
| CN103945380A (en) | Method and system for network login authentication based on graphic code | |
| JP2007058469A (en) | Authentication system, authentication server, authentication method, and authentication program | |
| CN109920100B (en) | Unlocking method and system of intelligent lock | |
| CN104821933A (en) | Device and method certificate generation | |
| CN108024243B (en) | A kind of eSIM is caught in Network Communication method and its system | |
| US20160357954A1 (en) | Method for controlling access to a production system of a computer system not connected to an information system of said computer system | |
| KR20130048695A (en) | An authentication system, authentication method and authentication server | |
| CN107360124A (en) | Access authentication method and device, WAP and user terminal | |
| US20210256102A1 (en) | Remote biometric identification | |
| CN110278084B (en) | eID establishing method, related device and system | |
| US20180176223A1 (en) | Use of Personal Device for Convenient and Secure Authentication | |
| CN107911211B (en) | Two-dimensional code authentication system based on quantum communication network | |
| CN105741116A (en) | Fast payment method, apparatus and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |