CN109670290A - The method for determining user identity - Google Patents
The method for determining user identity Download PDFInfo
- Publication number
- CN109670290A CN109670290A CN201811591603.8A CN201811591603A CN109670290A CN 109670290 A CN109670290 A CN 109670290A CN 201811591603 A CN201811591603 A CN 201811591603A CN 109670290 A CN109670290 A CN 109670290A
- Authority
- CN
- China
- Prior art keywords
- user
- service provider
- data
- image
- embedded
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/33—User authentication using certificates
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/36—User authentication by graphic or iconic representation
Abstract
The purpose of the present invention is designing a kind of user authen method, to ensure a trustworthy identity checks, using mobile device, for example, phone, none username and password.The purpose captures user registration image (such as bar code or QR code) Lai Shixian of particular production by user in his mobile device shown by service provider.
Description
Technical field
The present invention relates to the information protections in computer network and system.There are user authen method, using password from pre-
Password segment is obtained in the color image of definition.
Background technique
There is an existing user identification method, using PIN code, thus user is assigned a unique personal generation
Code is used for access information system [2].There are a kind of for accessing the cipher-code input method of Computer Database, is counted using dynamic
The image [3] that calculation machine generates.In the presence of the existing method [4] for accessing protected service using disposal password.
Using username and password [5-8], there are user identification methods.
User identification method exists, and passes through the disposable password generator of Additional Verification factor (dual factor anthentication) one, print
The username and password of code card, biomolecule and other factors supplement inputs [9].
In order to mitigate security risk, all existing methyl-ODS and system requirements user are difficult to remember and use using those
Inconvenient complicated password.The invasion for invading the Service Providers system of user ID data is increasing.In user name and close
The each additional identities verifying factor added on code can bring huge cost, and user experience is made to become complicated, thus
It can not it is expected to obtain improvement of safety.
Summary of the invention
Mobile device will turn to structural data from the received data sequence of optical sensor, extract service provider identity
Symbol, service provider's access point resource identifier and unique access token, and/or other data of insertion in the images.It moves
Dynamic equipment is digitally signed the unique access token and/or other data that are embedded in the images, and is submitted to clothes
Business provider's access point, service provider's access point are demonstrate,proved along with public key/number of the mobile phone for signing the message
Book.Service provider verifies the digital signature of received message, and if it succeeds, by the received public key/digital certificate of institute
It is associated with the profile that user has created.
In repeated accesses, user is captured in special login image, such as bar code or QR code, is shown by ISP
Show in his mobile device.Structural data is serialized by the image that optical sensor captures, extracts service provider's mark
Know other data of symbol, service provider's access point resource identifier and unique access token and/or insertion in the images.With
The common identity used during family selection service provider's registration herein, unique visit of the mobile device to being embedded into login image
It asks that token and/or other data are digitally signed, and submits to service provider access point and its subsidiary public key/digital certificate
For signing the message.Service provider verifies the digital signature of received message, passes through the public key/number stored during registration
Word signature opens to match user profiles for the unique access token received or other data being embedded in login image
Use user conversation.
In order to begin to use system big from service (such as Email, forum, E-business service, interactive TV service etc.)
It is mostly provided in online form, user opens from Service Source page computer or any other equipment.Service mentions user herein
For creating configuration file at quotient, the information of special services is presented in the specific request of specified services provider.If user is in spy
Determine to create configuration file at service provider, then user any is recognized by what he may use when creating configuration file
Card means authenticate the configuration file.User is captured special using the application program (for example, smart phone) in the mobile device
The registration image of production, such as bar code or QR code.The data sequence captured by optical sensor is turned to structuring by application program
Data extract Service Provider Identifier, service provider's access point resource identifier, and insertion in the images unique
Access token and/or other data.Mobile device counts the unique access token and/or other data that are embedded in the image
Word signature, and is submitted to service provider's access point, and with the public key for signing the mobile phone of the message/
Digital certificate.Service provider verifies the digital signature of received message, and if it succeeds, by the received public key/number of institute
Word certificate is associated with the profile that user creates.
When needing additional safety inspection, begin to use the occasion of service, such as bank service, user may need every
The place of son presence service provider.Then, can registration image be presented to user in person in service provider, for example, will
It is printed upon on service registration table, on the computer screen display etc..Then user is captured with app on his mobile device
The registration image.As described above, carrying out next register step.In repeated accesses, user catches on his mobile device
Obtain the login image of particular production, such as the equipment that bar code or QR code service provider show.By being somebody's turn to do for optical sensor capture
Image is serialized into structural data, extracts Service Provider Identifier, service provider access point resource identifier, and
It is embedded in unique access token in the images and/or other data.User's selection uses during service provider registration
Common identity.Mobile device is digitally signed the unique access token and/or other data that are embedded into login image,
And it is submitted to service provider access point, along with public key/digital certificate for signing the message.Service provider tests
The digital signature for demonstrate,proving the message received, by the public key/digital signature matches user profile stored during registration, and to connect
The unique access token received or other data being embedded in enable user conversation.Log in picture.This completes with
Family verification process.
Sometimes, when service provider needs to implement add-on security control during login process, service provider can be with
Registration is for submitting the IP address of the original mobile device of login request message and disposing geographical location limitation.The use then enabled
Family session.For example, service provider can use only to allow accessing from the equipment very close with the IP address of initiation mobile device
Family session becomes more complicated so that initiating any identity theft attacks.
Claims (1)
1. one kind is for determining user identity, being related to creating new user profiles or being authenticated to by pre-existing authentication device existing
There is the method for user profiles, wherein after creating user profiles, user captures the registration image of particular production, such as bar shaped
Code or QR code have application program, such as smart phone on the mobile apparatus;The data that application program will be captured by optical sensor
Sequence turns to structural data, extracts Service Provider Identifier, service provider's access point resource identifier and is embedded in this
Unique access token and/or other data in image, are digitally signed and/or are embedded in the figure to unique access token
Other data as in;Mobile device carries out number to the unique access token being embedded in described image and/or other data
Signature, and described image is submitted into service provider's access point, which is accompanied by for signing message
User public key/digital certificate;The digital signature of message that service provider's verifying receives, if it succeeds, will receive
Public key/digital certificate is associated with the configuration file that user creates;In repeated accesses, use that user shows in service provider
Special login image, such as bar code or QR code are captured in the mobile device of family;By the described image of optical sensor capture by sequence
Column turn to structural data, extract Service Provider Identifier, service provider's access point resource identifier and are embedded in described
Unique access token and/or other data in image;The identical body that user selects user to use when service provider registers
Part, the unique access token of mobile device digital signing and/or insertion log in other data of image, and by the token, data
And/or image submits to service provider's access point, public key/digital certificate with user's signature message;Service provider tests
The digital signature for demonstrate,proving the message received, by the public key/digital signature matches user profile stored during registration, and to connect
Other data being embedded in the unique access token or login image received enable user conversation, to complete user authentication mistake
Journey.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811591603.8A CN109670290A (en) | 2018-12-20 | 2018-12-20 | The method for determining user identity |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811591603.8A CN109670290A (en) | 2018-12-20 | 2018-12-20 | The method for determining user identity |
Publications (1)
Publication Number | Publication Date |
---|---|
CN109670290A true CN109670290A (en) | 2019-04-23 |
Family
ID=66146889
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201811591603.8A Withdrawn CN109670290A (en) | 2018-12-20 | 2018-12-20 | The method for determining user identity |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109670290A (en) |
Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20140359299A1 (en) * | 2011-10-04 | 2014-12-04 | Relative Cc, Sia | Method for Determination of User's Identity |
-
2018
- 2018-12-20 CN CN201811591603.8A patent/CN109670290A/en not_active Withdrawn
Patent Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20140359299A1 (en) * | 2011-10-04 | 2014-12-04 | Relative Cc, Sia | Method for Determination of User's Identity |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11405380B2 (en) | Systems and methods for using imaging to authenticate online users | |
JP6804643B2 (en) | Service execution method and equipment | |
CN111414599A (en) | Identity authentication method, device, terminal, server and readable storage medium | |
KR20190093640A (en) | Methods, apparatus, and systems for processing two-dimensional barcodes | |
CN104767616B (en) | A kind of information processing method, system and relevant device | |
CN109684801B (en) | Method and device for generating, issuing and verifying electronic certificate | |
WO2014016621A1 (en) | Identity generation mechanism | |
JP2011141785A (en) | Member registration system using portable terminal and authentication system | |
US20140053251A1 (en) | User account recovery | |
EP2764655A1 (en) | Method for determination of user's identity | |
KR102313868B1 (en) | Cross authentication method and system using one time password | |
CN109670290A (en) | The method for determining user identity | |
WO2018066426A1 (en) | Fake web page determination device, fake web page determination system, fake web page determination method, and fake web page determination program | |
KR101475422B1 (en) | Internet Security Method and System using One Time IDentification | |
CN113395162A (en) | System and method for counting votes in an electronic voting system | |
CN102769606A (en) | Gene certificate-based network digital identity authentication method | |
KR102029309B1 (en) | Information input apparatus having authentication request and method using the same | |
JP2017033199A (en) | Authentication server and authentication server program | |
JP2023537578A (en) | Mobile app login and device registration | |
US20210320924A1 (en) | Authorization system and authorization method | |
KR20150060611A (en) | Internet Security System using One Time IDentification | |
KR101505137B1 (en) | Internet Security System using One Time IDentification | |
AU2010361584B2 (en) | User account recovery | |
IT201600115265A1 (en) | Process and computer system for the identification and authentication of the digital identity of a subject in possession of a personal telecommunication device. | |
KR20150091601A (en) | Method and system for copying certificate |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WW01 | Invention patent application withdrawn after publication | ||
WW01 | Invention patent application withdrawn after publication |
Application publication date: 20190423 |