CN108809927B - Identity authentication method and device - Google Patents

Identity authentication method and device Download PDF

Info

Publication number
CN108809927B
CN108809927B CN201810251246.4A CN201810251246A CN108809927B CN 108809927 B CN108809927 B CN 108809927B CN 201810251246 A CN201810251246 A CN 201810251246A CN 108809927 B CN108809927 B CN 108809927B
Authority
CN
China
Prior art keywords
identity authentication
identity
authentication
request
platform
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201810251246.4A
Other languages
Chinese (zh)
Other versions
CN108809927A (en
Inventor
罗先贤
龙觉刚
孙成
赖云辉
叶俊锋
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ping An Technology Shenzhen Co Ltd
Original Assignee
Ping An Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ping An Technology Shenzhen Co Ltd filed Critical Ping An Technology Shenzhen Co Ltd
Priority to CN201810251246.4A priority Critical patent/CN108809927B/en
Priority to PCT/CN2018/101566 priority patent/WO2019184206A1/en
Publication of CN108809927A publication Critical patent/CN108809927A/en
Application granted granted Critical
Publication of CN108809927B publication Critical patent/CN108809927B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/56Provisioning of proxy services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0281Proxies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/126Applying verification of the received information the source of the received data

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer And Data Communications (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention relates to an identity authentication method and an identity authentication device, wherein the identity authentication method comprises the following steps: the proxy server receives an identity authentication request initiated by the client according to identity information to be authenticated; sending the identity information to be authenticated in the identity authentication request to an authentication platform for identity authentication, and receiving an identity authentication result returned by the authentication platform; and if the identity authentication result indicates that the identity authentication is not finished, requesting the authentication platform to return the identity authentication result again. The identity authentication method and the identity authentication device provided by the invention solve the problem of excessively complex identity authentication process in the prior art, and effectively improve the identity authentication efficiency.

Description

Identity authentication method and device
Technical Field
The invention relates to the technical field of identity authentication, in particular to an identity authentication method and device.
Background
With the development of internet technology, more and more network sales platforms provide services for users, for example, users can purchase products through the network sales platforms, and the network sales platforms are responsible for delivery, after-sale and the like of the products, thereby greatly providing convenience for the users.
In order to ensure the safety of product sales, the network sales platform usually needs to authenticate the identity of the user. The identity authentication process comprises the following steps: the user submits identity information to be authenticated to the network sales platform, the network sales platform initiates an identity authentication request to the authentication platform according to the identity information to be authenticated, and receives an identity authentication result returned by the authentication platform for the user to inquire.
And if the user inquires that the identity authentication is not completed, the network sales platform is requested to send an identity authentication request to the authentication platform again until the user inquires that the identity authentication is successful or fails.
Therefore, in the identity authentication process, multiple interactions exist between the network sales platform and the user, and multiple identity authentication requests need to be initiated to the authentication platform, which inevitably causes the identity authentication process of the network sales platform to be too complex, and thus the identity authentication efficiency to be low.
Disclosure of Invention
In order to solve the above technical problems, an object of the present invention is to provide an identity authentication method and apparatus.
The technical scheme adopted by the invention is as follows:
in one aspect, a method of identity authentication, comprising: the proxy server receives an identity authentication request initiated by the client according to identity information to be authenticated; sending the identity information to be authenticated in the identity authentication request to an authentication platform for identity authentication, and receiving an identity authentication result returned by the authentication platform; and if the identity authentication result indicates that the identity authentication is not finished, requesting the authentication platform to return the identity authentication result again.
In an exemplary embodiment, the receiving, by the proxy server, an identity authentication request initiated by a client according to identity information to be authenticated includes: extracting a transmission port for establishing transmission connection with the client from a transmission configuration file; monitoring the transmission port, and establishing transmission connection with the client through monitoring of the transmission port; receiving the identity authentication request from the client through the established transmission connection.
In an exemplary embodiment, the sending the identity information to be authenticated in the identity authentication request to an authentication platform for identity authentication, and receiving an identity authentication result returned by the authentication platform includes: obtaining identity encryption information from the identity authentication request; sending identity encryption information to the authentication platform; and performing identity authentication on the decrypted identity information to be authenticated through the authentication platform to obtain an identity authentication result returned by the authentication platform, wherein the decrypted identity information to be authenticated is obtained by decrypting the identity encryption information through the authentication platform.
In an exemplary embodiment, requesting the authentication platform to return the authentication result again if the authentication result indicates that the authentication has not been completed includes: if the identity authentication result indicates that the identity authentication is not finished, acquiring a request service identifier from the identity authentication request; and initiating a request for returning the identity authentication result to the authentication platform again according to the request service identifier.
In an exemplary embodiment, the initiating a request for returning an identity authentication result to the authentication platform again according to the request service identifier includes: acquiring authentication request parameters from the identity authentication request, wherein the authentication request parameters comprise request time intervals; and regularly requesting the authentication platform to return an identity authentication result according to the request time interval.
In an exemplary embodiment, the authentication request parameter further includes a number of requests allowed or a latency allowed, and the initiating a request for returning an identity authentication result to the authentication platform according to the request service identifier further includes: and in the timing request process, if the request permission times or the waiting permission delay are reached, sending an identity authentication result indicating identity authentication failure to the client.
In an exemplary embodiment, the method further comprises: and if the identity authentication result indicates that the identity authentication is completed, sending the identity authentication result indicating the success or failure of the identity authentication to the client.
On the other hand, an identity authentication device applied to a proxy server includes: the authentication request receiving module is used for receiving an identity authentication request initiated by the client according to the identity information to be authenticated; the authentication result receiving module is used for sending the identity information to be authenticated in the identity authentication request to an authentication platform for identity authentication and receiving an identity authentication result returned by the authentication platform; and if the identity authentication result indicates that the identity authentication is not finished, informing the authentication result returning module. And the authentication result returning module is used for requesting the authentication platform to return the identity authentication result again.
In an exemplary embodiment, the authentication request receiving module includes: a port obtaining unit, configured to extract a transmission port used for establishing transmission connection with the client from a transmission configuration file, where the transmission port configured for the client according to a specified rule is pre-stored in the transmission configuration file; the connection establishing unit is used for monitoring the transmission port and establishing transmission connection with the client through monitoring of the transmission port; a request receiving unit, configured to receive the identity authentication request from the client through the established transmission connection.
In an exemplary embodiment, the authentication result receiving module includes: the information acquisition unit is used for acquiring identity encryption information from the identity authentication request; the information sending unit is used for sending identity encryption information to the authentication platform; and the result acquisition unit is used for carrying out identity authentication on the decrypted identity information to be authenticated through the authentication platform to obtain an identity authentication result returned by the authentication platform, wherein the decrypted identity information to be authenticated is obtained by decrypting the identity encryption information through the authentication platform.
In an exemplary embodiment, the authentication result returning module includes: an identifier obtaining unit, configured to obtain a request service identifier from the identity authentication request, where the request service identifier is used to identify the identity authentication request; and the request initiating unit is used for initiating a request for returning the identity authentication result to the authentication platform again according to the request service identifier, so that the identity authentication result returned again corresponds to the identity authentication request with the unique identifier of the request service identifier.
In an exemplary embodiment, the request initiation unit includes: a parameter obtaining subunit, configured to obtain an authentication request parameter from the identity authentication request, where the authentication request parameter includes a request time interval; and the timing request subunit is used for periodically requesting the authentication platform to return an identity authentication result according to the request time interval.
In an exemplary embodiment, the authentication request parameter further includes a number of requests allowed or a latency allowed, and the request initiating unit further includes: and a failure result feedback subunit, configured to send, in the timing request process, an identity authentication result indicating that identity authentication has failed to the client if the number of times of allowing requests or the allowed waiting time delay has been reached.
In an exemplary embodiment, the identity authentication apparatus further includes: and the result feedback module is used for sending the identity authentication result indicating the success or failure of the identity authentication to the client if the identity authentication result indicates that the identity authentication is completed.
In another aspect, an identity authentication apparatus includes a processor and a memory, where the memory stores computer readable instructions, and the computer readable instructions, when executed by the processor, implement the identity authentication method as described above.
In another aspect, a computer readable storage medium has stored thereon a computer program which, when executed by a processor, implements an identity authentication method as described above.
In the technical scheme, an identity characteristic request initiated by a client according to identity information to be authenticated is received through an agent server, so as to request an authentication platform to perform identity authentication according to the identity information to be authenticated in the identity authentication request, further, an identity authentication result returned by the authentication platform is received, and when the identity authentication result indicates that the identity authentication is not completed, the authentication platform is requested to return the identity authentication result again, that is, the agent server is additionally arranged between a network sales platform (client) and the authentication platform, and the network sales platform is proxied through the agent server to perform a plurality of requests returned by the identity authentication result to the authentication platform, so that the multiple interactions between the network sales platform and a user are avoided, the network sales platform only needs to initiate the identity authentication request once, and the identity authentication process of the network sales platform is avoided to be too complex, the identity authentication efficiency is effectively improved.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the invention, as claimed.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the invention and together with the description, serve to explain the principles of the invention.
FIG. 1 is a schematic illustration of an implementation environment in accordance with the present invention.
Fig. 2 is a block diagram illustrating a hardware architecture of a server according to an example embodiment.
Fig. 3 is a flow chart illustrating a method of identity authentication in accordance with an example embodiment.
FIG. 4 is a flow chart of one embodiment of step 310 in the corresponding embodiment of FIG. 3.
Fig. 5 is a flow chart of one embodiment of step 330 in the corresponding embodiment of fig. 3.
FIG. 6 is a flow diagram of one embodiment of step 350 of the corresponding embodiment of FIG. 3.
FIG. 7 is a flowchart of one embodiment of step 353 of the corresponding embodiment of FIG. 6.
Fig. 8 is a block diagram illustrating an identity authentication device in accordance with an example embodiment.
While specific embodiments of the invention have been shown by way of example in the drawings and will be described in detail hereinafter, such drawings and description are not intended to limit the scope of the inventive concepts in any way, but rather to explain the inventive concepts to those skilled in the art by reference to the particular embodiments.
Detailed Description
Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with the present invention. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the invention, as detailed in the appended claims.
As described above, if the user inquires that the identity authentication is not completed, the network sales platform will be requested to send an identity authentication request to the authentication platform again, so as to determine whether the identity authentication is completed according to the identity authentication result received again.
As can be seen from the above, for the network sales platform, the existing identity authentication process has the problem of too much complexity due to too much interaction with the user, and thus the identity authentication efficiency is low.
Therefore, the invention particularly provides an identity authentication method which can effectively simplify the identity authentication process of a network sales platform, namely, only one identity authentication request needs to be initiated, thereby being beneficial to improving the identity authentication efficiency.
The identity authentication method is realized by a computer program, and correspondingly, the constructed identity authentication device can be stored in the electronic equipment with the Von Neumann system so as to be executed in the electronic equipment, thereby realizing identity authentication.
Fig. 1 is a schematic diagram of an implementation environment related to an identity authentication method. The implementation environment includes an identity authentication system including a client 100, a proxy server 200, and an authentication platform 300.
The client 100, i.e., the network sales platform, may operate on a desktop computer, a notebook computer, a tablet computer, a smart phone, or other electronic devices that can interact with the agent server 200, which is not limited herein.
The proxy server 200 establishes a communication connection with the authentication platform 300 in advance, and realizes data transmission with the authentication platform 300 through the communication connection. For example, the data transmission includes sending identity information to be authenticated to the authentication platform 300, and receiving an identity authentication result returned by the authentication platform 300.
As shown in fig. 1, through interaction between a plurality of clients 100 running on a desktop computer 110, a notebook computer 130, and a smart phone 150, respectively, and a proxy server 200, the plurality of clients 100 will issue an identity authentication request to the proxy server 200, and request the proxy server 200 to proxy the authentication platform 300 for identity authentication.
For the proxy server 200, most of the clients 100 corresponding to the proxy server are massive, and the proxy server will receive the identity information to be authenticated in the identity authentication request initiated by each client 100 uninterruptedly, send the identity information to the authentication platform 300 to proxy each client 100 for identity authentication, receive the identity authentication result returned by the authentication platform 300, and feed the identity authentication result back to the client 100 for query when the identity authentication result indicates that the identity authentication is completed.
For the received massive identity authentication requests, the proxy server 200 stores the transmission ports configured for the clients 100 in the transmission configuration file, so that the transmission connection can be established with the clients 100 through the same or different transmission ports.
For mass requests that return the identity authentication result again, the proxy server 200 may sequentially perform the requests according to a time sequence, a priority, a queue, and the like.
It should be noted that, according to actual operation requirements, the proxy server 200 may be one server, or may be a server cluster formed by multiple servers, so as to process a mass identity authentication request initiated by a mass client 100, which is not limited herein.
The authentication platform 300 is configured to perform identity authentication on identity information to be authenticated, in a specific implementation of an embodiment, the identity information to be authenticated includes an identity card number, and accordingly, the authentication platform 300 is composed of a main account authentication system and an external authentication system (e.g., a public security department authentication system). The primary account authentication system, the agent server 200 and the client 100 belong to the same network sales merchant. Preferably, the primary account authentication system provides identity authentication services for a plurality of products sold by the network sales merchant. And the proxy server 200 corresponds to only one product sold by the cyber sales merchant.
Specifically, for the same product, the identity information to be authenticated is forwarded to the primary account authentication system by the corresponding proxy server 200.
And aiming at different products, the main account authentication system sends the received identity information to be authenticated to an external authentication system, and finally, the identity authentication of the identity information to be authenticated is carried out through the external authentication system.
Therefore, through repeated forwarding of the identity information to be authenticated, high availability and load balance of the identity authentication system are favorably realized, and identity authentication efficiency is favorably improved.
Fig. 2 is a block diagram illustrating a hardware architecture of a proxy server according to an example embodiment. It should be noted that the proxy server is only an example adapted to the present invention, and should not be considered as providing any limitation to the scope of the present invention. The proxy server also cannot be interpreted as needing to rely on or have to have one or more components of the exemplary proxy server 200 shown in fig. 2.
The hardware structure of the proxy server 200 may be greatly different due to different configurations or performances, as shown in fig. 2, the proxy server 200 includes: a power supply 210, an interface 230, at least one memory 250, and at least one Central Processing Unit (CPU) 270.
The power supply 210 is used to provide an operating voltage for each hardware device on the proxy server 200.
The interface 230 includes at least one wired or wireless network interface 231, at least one serial-to-parallel conversion interface 233, at least one input/output interface 235, and at least one USB interface 237, etc. for communicating with external devices.
The storage 250 is used as a carrier for resource storage, and may be a read-only memory, a random access memory, a magnetic disk or an optical disk, etc., and the resources stored thereon include an operating system 251, an application 253, data 255, etc., and the storage manner may be a transient storage or a permanent storage. The operating system 251 is used for managing and controlling each hardware device and the application 253 on the proxy server 200 to implement the computation and processing of the mass data 255 by the central processing unit 270, and may be Windows server, Mac OS XTM, unix, linux, FreeBSDTM, or the like. The application 253 is a computer program that performs at least one specific task on the operating system 251, and may include at least one module (not shown in fig. 2), each of which may contain a series of computer-readable instructions for the proxy server 200. The data 255 may be photographs, pictures, etc. stored in a disk.
The central processor 270 may include one or more processors and is arranged to communicate with the memory 250 via a bus for computing and processing the mass data 255 in the memory 250.
As described in detail above, the proxy server 200 to which the present invention is applied will complete the identity authentication method by the central processor 270 reading a series of computer readable instructions stored in the memory 250.
Furthermore, the present invention can be implemented by hardware circuits or by a combination of hardware circuits and software, and thus, the implementation of the present invention is not limited to any specific hardware circuits, software, or a combination of both.
Referring to fig. 3, in an exemplary embodiment, an identity authentication method is applied to a proxy server in the implementation environment shown in fig. 1, and the structure of the proxy server may be as shown in fig. 2.
The identity authentication method can be executed by a proxy server side and comprises the following steps:
in step 310, the proxy server receives an identity authentication request initiated by the client according to the identity information to be authenticated.
And the identity information to be authenticated is used for uniquely identifying the identity of the user, namely accurately describing the identity of the user in the form of digital information. For example, the identity information to be authenticated includes, but is not limited to: an identification number, a pass number, a login account number, etc.
It can be understood that the identity information to be authenticated is different from user to user. Therefore, in the embodiment, the identity of the user is authenticated through the identity information to be authenticated, that is, the client initiates an identity authentication request to the proxy server according to the identity information to be authenticated.
For the client, an entrance for submitting identity information to be authenticated is provided for the user, and when the identity of the user needs to be authenticated, the user can trigger corresponding operation at the entrance, so that the client obtains the identity information to be authenticated.
For example, the portal is an input dialog box in a page provided by the client, and when the user inputs the identity information to be authenticated in the input dialog box, the client correspondingly obtains the identity information to be authenticated according to the input of the user. The input operation is an operation triggered at the entrance for submitting identity information to be authenticated by a user.
Furthermore, after the client obtains the identity information to be authenticated, the validity of the identity information to be authenticated can be verified, so that the identity authentication process is prevented from being initiated by mistake, the success rate of subsequent identity authentication is ensured, and the efficiency of identity authentication is improved.
For example, if the identity information to be authenticated is an identification number, the validity check includes, but is not limited to, checking the number of digits of the identification number. If the digit of the identification card number is 18 digits, the identification card number is legal and passes validity check.
That is, only when the identity information to be authenticated is valid, the identity authentication request is sent to the proxy server. The identity authentication request is generated by performing message encapsulation on identity information to be authenticated.
For the proxy server, after the client initiates the identity authentication request, the identity authentication request can be received.
Step 330, sending the identity information to be authenticated in the identity authentication request to the authentication platform for identity authentication, and receiving the identity authentication result returned by the authentication platform.
As mentioned above, the identity authentication request is formed by performing packet encapsulation on the identity information to be authenticated, and it can also be understood that the identity authentication request carries the identity information to be authenticated.
Therefore, when the proxy server receives the identity authentication request, the proxy server can request the authentication platform to perform identity authentication according to the identity information to be authenticated in the identity authentication request.
Identity authentication means that matching search is performed according to identity information to be authenticated in an authentication platform, if identity information matched with the identity information to be authenticated exists, the identity authentication is successful, and otherwise, if identity information matched with the identity information to be authenticated does not exist, the identity authentication is failed.
It should be understood that the proxy server does not wait indefinitely after sending the request, and in order to ensure the response rate of the request, no matter whether the authentication platform finds the identity information matched with the identity information to be authenticated, the authentication platform returns the identity authentication result to the proxy server.
Based on this, the identity authentication result received by the proxy server may include the following types: an identity authentication result for indicating that identity authentication has not been completed, an identity authentication result for indicating that identity authentication is successful, and an identity authentication result for indicating that identity authentication has failed.
If the identity authentication result indicates that the identity authentication is completed, the proxy server side sends the identity authentication result indicating that the identity authentication is completed to the client side, for example, the identity authentication result indicating that the identity authentication is successful or the identity authentication result indicating that the identity authentication is failed.
If the authentication result indicates that the authentication has not been completed, it jumps to step 350.
Step 350, if the identity authentication result indicates that the identity authentication is not completed, the authentication platform is requested to return the identity authentication result again.
That is to say, when the identity authentication is not completed, the proxy server side actively requests the authentication platform to return the identity authentication result again, so that the identity authentication time of the authentication platform is prolonged, the authentication platform is further favorable for returning the identity authentication result indicating that the identity authentication is completed, and the client side is prevented from initiating the identity authentication request again because the identity authentication is not completed.
Through the process, for the proxy server, the identity authentication request initiated by the client is received only once, and when the identity authentication result indicates that the identity is not completed, the proxy server actively initiates a request for returning the identity authentication result to the authentication platform for multiple times, so that multiple interactions between the client and the user are avoided, the identity authentication process of the client is simplified, and the identity authentication efficiency is effectively improved.
Referring to FIG. 4, in an exemplary embodiment, step 310 may include the steps of:
step 311, a transmission port for establishing a transmission connection with the client is extracted from the transmission configuration file.
First, the transmission configuration file is stored in the proxy server, and is used to control the establishment of the transmission connection between the proxy server and the client. The transmission configuration file comprises a transmission port configured by the proxy server for receiving the identity authentication request initiated by the client. It can also be understood that the transmission configuration file stores the transmission ports configured for the client according to the specified rule in advance. The specified rule may be random, and may also be increment or decrement according to the port number of the transmission port, and the like, which is not limited herein.
The identity authentication requests received by the proxy server are massive, and for this reason, the configuration of the transmission port may be performed separately for each client, or may be shared by multiple clients, which is not limited herein.
It is noted that, if a plurality of clients share the same transmission port, if a plurality of clients all initiate identity authentication requests, the proxy server receives the identity authentication requests initiated by the plurality of clients in sequence according to a time sequence, thereby ensuring that no conflict exists in the receiving process.
Secondly, the transmission port is written into the transmission configuration file when the client is deployed. That is to say, when the client is deployed, in order to enable the client to perform data transmission with the proxy server, a transmission port is configured for the client so as to facilitate data transmission with the proxy server, and accordingly, the proxy server performs transmission port configuration on the proxy server according to the transmission port configured for the client.
In a specific implementation of an embodiment, the transmission port refers to a port conforming to a TCP/IP protocol, and the range of the corresponding port number is 0 to 65535. Furthermore, since the ports corresponding to the port numbers 0 to 1023 cannot be dynamically allocated, the ports corresponding to the port numbers 1024 to 65535 are used as the transmission ports for establishing transmission connection with the client.
Based on this, after the proxy server is started, the transmission port configured for the client can be obtained from the transmission ports stored in the transmission configuration file, and then the transmission connection is established with the client by monitoring the transmission port in the subsequent process.
Step 313, monitoring the transmission port, and establishing transmission connection with the client through monitoring of the transmission port.
After the agent server finishes the extraction of the transmission port, the establishment of the transmission connection between the agent server and the client can be finished according to the monitoring of the transmission port.
Step 315, an identity authentication request is received from the client via the established transport connection.
Under the effect of the embodiment, an implementable precondition is provided for the establishment of the transmission connection between the proxy server and the client through the transmission port, and further, the data transmission between the proxy server and the client, namely the receiving of the identity authentication request, is realized.
Referring to fig. 5, in an exemplary embodiment, step 330 may include the following steps:
step 331, obtain the identity encryption information from the identity authentication request.
In order to avoid the attack of the identity information to be authenticated from the internet, the transmission security of the identity information to be authenticated needs to be ensured, so for the client, before generating the identity authentication request, the identity information to be authenticated is encrypted, so that the encrypted identity information to be authenticated is carried in the identity authentication request.
The encryption method, including but not limited to algorithm encryption, digital certificate encryption, digital signature encryption, etc., can be flexibly set according to different security requirements of the actual application scenario, and is not limited herein.
For example, the client calculates the original data digest of the identity information to be authenticated by using a data digest algorithm, and performs Base64 code conversion to form the data digest of the identity information to be authenticated.
And encrypting the data summary of the identity information to be authenticated by using a private key provided by the authentication platform to generate a digital signature of the identity information to be authenticated so as to finish the encryption of the identity information to be authenticated.
And after the encryption of the identity information to be authenticated is finished, the client encapsulates the identity encryption information containing the identity information to be authenticated and the digital signature thereof into a message, thereby generating an identity authentication request.
Based on the above, the proxy server can obtain the identity encryption information from the identity authentication request, and forward the identity encryption information to the authentication platform to request the authentication platform to perform identity authentication. The identity encryption information comprises identity information to be authenticated and a digital signature thereof.
Step 333, sending the identity encryption information to the authentication platform.
And step 335, performing identity authentication on the decrypted identity information to be authenticated through the authentication platform, and obtaining an identity authentication result returned by the authentication platform.
The decrypted identity information to be authenticated is obtained by decrypting the identity encryption information by the authentication platform.
Specifically, for the encryption process performed by the client, the authentication platform decrypts the digital signature of the identity information to be authenticated according to the public key, so as to obtain the data digest of the identity information to be authenticated. The public key and the private key used by the client for encryption are a pair, and the public key is obtained by applying the authentication platform to a third-party authentication mechanism for encryption of identity information to be authenticated.
Then, the authentication platform calculates the original data abstract of the identity information to be authenticated by using a data abstract algorithm, and performs Base64 code conversion to obtain the data abstract of the identity information to be authenticated.
And finally, comparing the decrypted data digest with the calculated data digest, and if the decrypted data digest is consistent with the calculated data digest, determining that the identity information to be authenticated is not attacked illegally, further completing decryption of the identity information to be authenticated, and providing a basis for subsequent identity authentication, namely the decrypted identity information to be authenticated.
Under the cooperation of the above embodiment, the decryption cannot be completed by encrypting the identity information to be authenticated, no matter the identity information to be authenticated is modified or the digital signature is modified, so that the security of the transmission of the identity information to be authenticated is fully ensured, and the identity information to be authenticated is effectively prevented from being attacked from the internet.
Referring to FIG. 6, in an exemplary embodiment, step 350 may include the steps of:
step 351, if the identity authentication result indicates that the identity authentication is not completed, acquiring the request service identifier from the identity authentication request.
And 353, initiating a request for returning the identity authentication result to the authentication platform again according to the request service identifier.
It should be understood that no matter how many times the proxy server requests the authentication platform to return the identity authentication result, the proxy server will be directed to the same identity authentication request, in other words, different identity authentication requests, different identity authentication results returned by the authentication platform, and different degrees of completion of identity authentication. For example, the identity authentication result corresponding to some identity authentication requests indicates that the identity authentication is completed, and the identity authentication result corresponding to some identity authentication requests indicates that the identity authentication is not completed.
Therefore, the request returned by the proxy server side to the identity authentication result initiated by the authentication platform is carried out according to the request service identifier, so that the identity authentication result returned by the authentication platform is the identity authentication request which is uniquely identified aiming at the request service identifier.
The request service identifier is used for uniquely identifying the identity authentication request. For example, a request service identification a uniquely identifies an authentication request a. Further, the request service identifier is generated when the client generates the identity authentication request, and is encapsulated in the generated identity authentication request.
Through the process, a basis is provided for the authentication platform to correctly return the identity authentication result corresponding to the identity authentication request, and the correctness of identity authentication is further ensured.
Referring to FIG. 7, in an exemplary embodiment, step 353 may include the following steps:
step 3531, obtain authentication request parameters from the identity authentication request.
Wherein the authentication request parameter comprises a request time interval.
Step 3533, the authentication platform is requested to return the identity authentication result at regular time according to the request time interval.
And timing the request, namely sending a request for returning an identity authentication result to the authentication platform according to the request time interval, wherein the sending time difference between the two requests is the request time interval.
Under the effect of the embodiment, the proxy server is prevented from sending the request too frequently, the task processing pressure of the proxy server is favorably reduced, and the task processing efficiency of the proxy server is further improved.
In addition, for the authentication platform, since the identity authentication result is not obtained immediately, the authentication platform can perform identity authentication in sufficient time by setting the request time interval, and then the authentication platform can return the identity authentication result indicating that the identity authentication is completed.
Further, in an exemplary embodiment, the authentication request parameter further includes an allowed number of requests or an allowed latency.
Accordingly, step 353 may further include the steps of:
in the timing request process, if the request permission times or the waiting permission delay is reached, an identity authentication result indicating that the identity authentication fails is sent to the client.
That is, in the timed request process, if the authentication result indicates that the authentication is completed, the authentication result is directly returned to the client.
If the number of request permission times (for example, 2 times) or the permission waiting time delay (for example, 5 seconds) is reached and the identity authentication result still indicates that the identity authentication is not completed, the proxy server determines that the identity authentication fails, and then feeds back the identity authentication result indicating that the identity authentication fails to the client.
By setting the request permission times or the wait permission time delay, the client is prevented from infinitely waiting for the identity authentication result after initiating the identity authentication request, the request response rate is favorably improved, and the identity authentication experience of the user is further improved.
Of course, the number of requests allowed or the waiting time delay allowed may be flexibly adjusted according to the tolerance of the actual application scenario to the request response rate, which is not limited herein.
It should be noted that the authentication request parameter may also be set by a tester according to an identity authentication test result, or may also be configured by a user according to an actual requirement of the user, which is not limited herein.
For example, when the client runs, an entry for configuring the authentication request parameters is provided for the user, and when the user needs to configure the authentication request parameters, the corresponding operation can be triggered at the entry to configure the authentication request parameters.
The following is an embodiment of the apparatus of the present invention, which can be used to execute the identity authentication method according to the present invention. For details that are not disclosed in the embodiments of the apparatus of the present invention, refer to the embodiments of the method of identity authentication according to the present invention.
Referring to fig. 8, in an exemplary embodiment, an identity authentication apparatus 500 includes, but is not limited to: an authentication request receiving module 510, an authentication result receiving module 530, and an authentication result returning module 550.
The authentication request receiving module 510 is configured to receive an identity authentication request initiated by a client according to identity information to be authenticated.
The authentication result receiving module 530 is configured to send the identity information to be authenticated in the identity authentication request to the authentication platform for identity authentication, and receive an identity authentication result returned by the authentication platform. And if the identity authentication result indicates that the identity authentication is not finished, informing the authentication result returning module.
The authentication result returning module 550 is used for requesting the authentication platform to return the identity authentication result again.
It should be noted that, when the identity authentication device provided in the foregoing embodiment performs the identity authentication process, only the division of the functional modules is illustrated, and in practical applications, the functions may be distributed to different functional modules according to needs, that is, the internal structure of the identity authentication device is divided into different functional modules to complete all or part of the functions described above.
In addition, the embodiments of the identity authentication apparatus and the identity authentication method provided by the above embodiments belong to the same concept, and the specific manner in which each module executes operations has been described in detail in the method embodiments, and is not described herein again.
The above-mentioned embodiments are merely preferred examples of the present invention, and are not intended to limit the embodiments of the present invention, and those skilled in the art can easily make various changes and modifications according to the main concept and spirit of the present invention, so that the protection scope of the present invention shall be subject to the protection scope of the claims.

Claims (9)

1. An identity authentication method, comprising:
the proxy server receives an identity authentication request initiated by the client according to identity information to be authenticated;
sending the identity information to be authenticated in the identity authentication request to an authentication platform for identity authentication, and receiving an identity authentication result returned by the authentication platform;
if the identity authentication result indicates that the identity authentication is not finished, requesting the authentication platform to return the identity authentication result again;
wherein, if the identity authentication result indicates that the identity authentication is not completed, requesting the authentication platform to return the identity authentication result again comprises:
if the identity authentication result indicates that the identity authentication is not completed, acquiring a request service identifier from the identity authentication request, wherein the request service identifier is used for identifying the identity authentication request;
and initiating a request for returning the identity authentication result to the authentication platform again according to the request service identifier, so that the identity authentication result returned again corresponds to the identity authentication request with the unique identifier of the request service identifier.
2. The method of claim 1, wherein the proxy server receives an identity authentication request initiated by a client according to identity information to be authenticated, and the method comprises:
extracting a transmission port for establishing transmission connection with the client from a transmission configuration file, wherein the transmission port configured for the client according to a specified rule is prestored in the transmission configuration file;
monitoring the transmission port, and establishing transmission connection with the client through monitoring of the transmission port;
receiving the identity authentication request from the client through the established transmission connection.
3. The method of claim 1, wherein the sending the identity information to be authenticated in the identity authentication request to an authentication platform for identity authentication, and receiving an identity authentication result returned by the authentication platform, comprises:
obtaining identity encryption information from the identity authentication request;
sending identity encryption information to the authentication platform;
and performing identity authentication on the decrypted identity information to be authenticated through the authentication platform to obtain an identity authentication result returned by the authentication platform, wherein the decrypted identity information to be authenticated is obtained by decrypting the identity encryption information through the authentication platform.
4. The method of claim 1, wherein the initiating a request for returning the identity authentication result again to the authentication platform according to the request service identifier comprises:
acquiring authentication request parameters from the identity authentication request, wherein the authentication request parameters comprise request time intervals;
and regularly requesting the authentication platform to return an identity authentication result according to the request time interval.
5. The method of claim 4, wherein the authentication request parameter further includes a number of requests allowed or a latency allowed, and the request for returning the identity authentication result again is initiated to the authentication platform according to the request service identifier, further comprising:
and in the timing request process, if the request permission times or the waiting permission delay are reached, sending an identity authentication result indicating identity authentication failure to the client.
6. The method of any of claims 1 to 5, further comprising:
and if the identity authentication result indicates that the identity authentication is completed, sending the identity authentication result indicating the success or failure of the identity authentication to the client.
7. An identity authentication device applied to a proxy server side is characterized by comprising:
the authentication request receiving module is used for receiving an identity authentication request initiated by the client according to the identity information to be authenticated;
the authentication result receiving module is used for sending the identity information to be authenticated in the identity authentication request to an authentication platform for identity authentication and receiving an identity authentication result returned by the authentication platform; if the identity authentication result indicates that the identity authentication is not finished, the authentication result is notified to the return module;
the authentication result returning module is configured to request the authentication platform to return an identity authentication result again, where the requesting the authentication platform to return an identity authentication result again includes: acquiring a request service identifier from the identity authentication request, wherein the request service identifier is used for identifying the identity authentication request; and initiating a request for returning the identity authentication result to the authentication platform again according to the request service identifier, so that the identity authentication result returned again corresponds to the identity authentication request with the unique identifier of the request service identifier.
8. An identity authentication apparatus, comprising:
a processor; and
a memory having stored thereon computer readable instructions which, when executed by the processor, implement the identity authentication method of any one of claims 1 to 6.
9. A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the identity authentication method according to any one of claims 1 to 6.
CN201810251246.4A 2018-03-26 2018-03-26 Identity authentication method and device Active CN108809927B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201810251246.4A CN108809927B (en) 2018-03-26 2018-03-26 Identity authentication method and device
PCT/CN2018/101566 WO2019184206A1 (en) 2018-03-26 2018-08-21 Identity authentication method and apparatus

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810251246.4A CN108809927B (en) 2018-03-26 2018-03-26 Identity authentication method and device

Publications (2)

Publication Number Publication Date
CN108809927A CN108809927A (en) 2018-11-13
CN108809927B true CN108809927B (en) 2021-02-26

Family

ID=64095446

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810251246.4A Active CN108809927B (en) 2018-03-26 2018-03-26 Identity authentication method and device

Country Status (2)

Country Link
CN (1) CN108809927B (en)
WO (1) WO2019184206A1 (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112260981A (en) * 2019-07-22 2021-01-22 北京明华联盟科技有限公司 Identity authentication method, device, system and storage medium
CN113591047A (en) * 2021-08-04 2021-11-02 吉林亿联银行股份有限公司 User identity identification method and device, electronic equipment and storage medium

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105049274A (en) * 2014-04-29 2015-11-11 Ls产电株式会社 Power system

Family Cites Families (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100574190C (en) * 2005-06-17 2009-12-23 华为技术有限公司 The method that the roamer is authenticated
CN101127625B (en) * 2006-08-18 2013-11-06 华为技术有限公司 A system and method for authorizing access request
CN101662458A (en) * 2008-08-28 2010-03-03 西门子(中国)有限公司 Authentication method
CN101697529B (en) * 2009-10-28 2012-05-30 北京星网锐捷网络技术有限公司 Method, device and system for treating authentication message
CN101719238B (en) * 2009-11-30 2013-09-18 中国建设银行股份有限公司 Method and system for managing, authenticating and authorizing unified identities
CN102685093B (en) * 2011-12-08 2015-12-09 陈易 A kind of identity authorization system based on mobile terminal and method
CN102638472B (en) * 2012-05-07 2015-04-15 杭州华三通信技术有限公司 Portal authentication method and equipment
AU2013101592A4 (en) * 2013-10-25 2014-01-16 Housl Pty Ltd Property Leasing
US9578062B2 (en) * 2014-04-03 2017-02-21 Palo Alto Research Center Incorporated Portable proxy for security management and privacy protection and method of use
CN105741115B (en) * 2014-12-11 2020-05-08 中国电信股份有限公司 Method, device and system for payment authentication
CN106817347A (en) * 2015-11-27 2017-06-09 中兴通讯股份有限公司 Third-party application authentication method, certificate server, terminal and management server

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105049274A (en) * 2014-04-29 2015-11-11 Ls产电株式会社 Power system

Also Published As

Publication number Publication date
WO2019184206A1 (en) 2019-10-03
CN108809927A (en) 2018-11-13

Similar Documents

Publication Publication Date Title
CN110582768B (en) Apparatus and method for providing secure database access
US10382426B2 (en) Authentication context transfer for accessing computing resources via single sign-on with single use access tokens
US20210336966A1 (en) Authenticating access to computing resources
CN112019493B (en) Identity authentication method, identity authentication device, computer equipment and medium
WO2018145605A1 (en) Authentication method and server, and access control device
US10541991B2 (en) Method for OAuth service through blockchain network, and terminal and server using the same
WO2017186005A1 (en) Method, server, and terminal for cloud desktop authentication
US9461820B1 (en) Method and apparatus for providing a conditional single sign on
US9178868B1 (en) Persistent login support in a hybrid application with multilogin and push notifications
CN114679293A (en) Access control method, device and storage medium based on zero trust security
CN112559993B (en) Identity authentication method, device and system and electronic equipment
US20180205745A1 (en) System, method and computer program product for access authentication
CN111131416B (en) Service providing method and device, storage medium and electronic device
US20160381001A1 (en) Method and apparatus for identity authentication between systems
CN108632271B (en) Identity authentication method and device
CN110958119A (en) Identity verification method and device
CN111342964B (en) Single sign-on method, device and system
CN113626840A (en) Interface authentication method and device, computer equipment and storage medium
CN108809927B (en) Identity authentication method and device
CN114157693A (en) Power-on authentication method of communication equipment, communication module and server
CN111597537B (en) Block chain network-based certificate issuing method, related equipment and medium
CN117336092A (en) Client login method and device, electronic equipment and storage medium
CN116647345A (en) Method and device for generating permission token, storage medium and computer equipment
US20150082026A1 (en) Systems and methods for locking an application to device without storing device information on server
US11818574B2 (en) Provisioning devices securely using zero touch deployments

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant