CN109670290A - The method for determining user identity - Google Patents

The method for determining user identity Download PDF

Info

Publication number
CN109670290A
CN109670290A CN201811591603.8A CN201811591603A CN109670290A CN 109670290 A CN109670290 A CN 109670290A CN 201811591603 A CN201811591603 A CN 201811591603A CN 109670290 A CN109670290 A CN 109670290A
Authority
CN
China
Prior art keywords
user
service provider
data
image
embedded
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
CN201811591603.8A
Other languages
Chinese (zh)
Inventor
王彪
任燕
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nan Changhong As A Business Management Ltd Co
Original Assignee
Nan Changhong As A Business Management Ltd Co
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nan Changhong As A Business Management Ltd Co filed Critical Nan Changhong As A Business Management Ltd Co
Priority to CN201811591603.8A priority Critical patent/CN109670290A/en
Publication of CN109670290A publication Critical patent/CN109670290A/en
Withdrawn legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/33User authentication using certificates
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/36User authentication by graphic or iconic representation

Abstract

The purpose of the present invention is designing a kind of user authen method, to ensure a trustworthy identity checks, using mobile device, for example, phone, none username and password.The purpose captures user registration image (such as bar code or QR code) Lai Shixian of particular production by user in his mobile device shown by service provider.

Description

The method for determining user identity
Technical field
The present invention relates to the information protections in computer network and system.There are user authen method, using password from pre- Password segment is obtained in the color image of definition.
Background technique
There is an existing user identification method, using PIN code, thus user is assigned a unique personal generation Code is used for access information system [2].There are a kind of for accessing the cipher-code input method of Computer Database, is counted using dynamic The image [3] that calculation machine generates.In the presence of the existing method [4] for accessing protected service using disposal password.
Using username and password [5-8], there are user identification methods.
User identification method exists, and passes through the disposable password generator of Additional Verification factor (dual factor anthentication) one, print The username and password of code card, biomolecule and other factors supplement inputs [9].
In order to mitigate security risk, all existing methyl-ODS and system requirements user are difficult to remember and use using those Inconvenient complicated password.The invasion for invading the Service Providers system of user ID data is increasing.In user name and close The each additional identities verifying factor added on code can bring huge cost, and user experience is made to become complicated, thus It can not it is expected to obtain improvement of safety.
Summary of the invention
Mobile device will turn to structural data from the received data sequence of optical sensor, extract service provider identity Symbol, service provider's access point resource identifier and unique access token, and/or other data of insertion in the images.It moves Dynamic equipment is digitally signed the unique access token and/or other data that are embedded in the images, and is submitted to clothes Business provider's access point, service provider's access point are demonstrate,proved along with public key/number of the mobile phone for signing the message Book.Service provider verifies the digital signature of received message, and if it succeeds, by the received public key/digital certificate of institute It is associated with the profile that user has created.
In repeated accesses, user is captured in special login image, such as bar code or QR code, is shown by ISP Show in his mobile device.Structural data is serialized by the image that optical sensor captures, extracts service provider's mark Know other data of symbol, service provider's access point resource identifier and unique access token and/or insertion in the images.With The common identity used during family selection service provider's registration herein, unique visit of the mobile device to being embedded into login image It asks that token and/or other data are digitally signed, and submits to service provider access point and its subsidiary public key/digital certificate For signing the message.Service provider verifies the digital signature of received message, passes through the public key/number stored during registration Word signature opens to match user profiles for the unique access token received or other data being embedded in login image Use user conversation.
In order to begin to use system big from service (such as Email, forum, E-business service, interactive TV service etc.) It is mostly provided in online form, user opens from Service Source page computer or any other equipment.Service mentions user herein For creating configuration file at quotient, the information of special services is presented in the specific request of specified services provider.If user is in spy Determine to create configuration file at service provider, then user any is recognized by what he may use when creating configuration file Card means authenticate the configuration file.User is captured special using the application program (for example, smart phone) in the mobile device The registration image of production, such as bar code or QR code.The data sequence captured by optical sensor is turned to structuring by application program Data extract Service Provider Identifier, service provider's access point resource identifier, and insertion in the images unique Access token and/or other data.Mobile device counts the unique access token and/or other data that are embedded in the image Word signature, and is submitted to service provider's access point, and with the public key for signing the mobile phone of the message/ Digital certificate.Service provider verifies the digital signature of received message, and if it succeeds, by the received public key/number of institute Word certificate is associated with the profile that user creates.
When needing additional safety inspection, begin to use the occasion of service, such as bank service, user may need every The place of son presence service provider.Then, can registration image be presented to user in person in service provider, for example, will It is printed upon on service registration table, on the computer screen display etc..Then user is captured with app on his mobile device The registration image.As described above, carrying out next register step.In repeated accesses, user catches on his mobile device Obtain the login image of particular production, such as the equipment that bar code or QR code service provider show.By being somebody's turn to do for optical sensor capture Image is serialized into structural data, extracts Service Provider Identifier, service provider access point resource identifier, and It is embedded in unique access token in the images and/or other data.User's selection uses during service provider registration Common identity.Mobile device is digitally signed the unique access token and/or other data that are embedded into login image, And it is submitted to service provider access point, along with public key/digital certificate for signing the message.Service provider tests The digital signature for demonstrate,proving the message received, by the public key/digital signature matches user profile stored during registration, and to connect The unique access token received or other data being embedded in enable user conversation.Log in picture.This completes with Family verification process.
Sometimes, when service provider needs to implement add-on security control during login process, service provider can be with Registration is for submitting the IP address of the original mobile device of login request message and disposing geographical location limitation.The use then enabled Family session.For example, service provider can use only to allow accessing from the equipment very close with the IP address of initiation mobile device Family session becomes more complicated so that initiating any identity theft attacks.

Claims (1)

1. one kind is for determining user identity, being related to creating new user profiles or being authenticated to by pre-existing authentication device existing There is the method for user profiles, wherein after creating user profiles, user captures the registration image of particular production, such as bar shaped Code or QR code have application program, such as smart phone on the mobile apparatus;The data that application program will be captured by optical sensor Sequence turns to structural data, extracts Service Provider Identifier, service provider's access point resource identifier and is embedded in this Unique access token and/or other data in image, are digitally signed and/or are embedded in the figure to unique access token Other data as in;Mobile device carries out number to the unique access token being embedded in described image and/or other data Signature, and described image is submitted into service provider's access point, which is accompanied by for signing message User public key/digital certificate;The digital signature of message that service provider's verifying receives, if it succeeds, will receive Public key/digital certificate is associated with the configuration file that user creates;In repeated accesses, use that user shows in service provider Special login image, such as bar code or QR code are captured in the mobile device of family;By the described image of optical sensor capture by sequence Column turn to structural data, extract Service Provider Identifier, service provider's access point resource identifier and are embedded in described Unique access token and/or other data in image;The identical body that user selects user to use when service provider registers Part, the unique access token of mobile device digital signing and/or insertion log in other data of image, and by the token, data And/or image submits to service provider's access point, public key/digital certificate with user's signature message;Service provider tests The digital signature for demonstrate,proving the message received, by the public key/digital signature matches user profile stored during registration, and to connect Other data being embedded in the unique access token or login image received enable user conversation, to complete user authentication mistake Journey.
CN201811591603.8A 2018-12-20 2018-12-20 The method for determining user identity Withdrawn CN109670290A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811591603.8A CN109670290A (en) 2018-12-20 2018-12-20 The method for determining user identity

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811591603.8A CN109670290A (en) 2018-12-20 2018-12-20 The method for determining user identity

Publications (1)

Publication Number Publication Date
CN109670290A true CN109670290A (en) 2019-04-23

Family

ID=66146889

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811591603.8A Withdrawn CN109670290A (en) 2018-12-20 2018-12-20 The method for determining user identity

Country Status (1)

Country Link
CN (1) CN109670290A (en)

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140359299A1 (en) * 2011-10-04 2014-12-04 Relative Cc, Sia Method for Determination of User's Identity

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140359299A1 (en) * 2011-10-04 2014-12-04 Relative Cc, Sia Method for Determination of User's Identity

Similar Documents

Publication Publication Date Title
US11405380B2 (en) Systems and methods for using imaging to authenticate online users
JP6804643B2 (en) Service execution method and equipment
CN111414599A (en) Identity authentication method, device, terminal, server and readable storage medium
KR20190093640A (en) Methods, apparatus, and systems for processing two-dimensional barcodes
CN104767616B (en) A kind of information processing method, system and relevant device
CN109684801B (en) Method and device for generating, issuing and verifying electronic certificate
WO2014016621A1 (en) Identity generation mechanism
JP2011141785A (en) Member registration system using portable terminal and authentication system
US20140053251A1 (en) User account recovery
EP2764655A1 (en) Method for determination of user's identity
KR102313868B1 (en) Cross authentication method and system using one time password
CN109670290A (en) The method for determining user identity
WO2018066426A1 (en) Fake web page determination device, fake web page determination system, fake web page determination method, and fake web page determination program
KR101475422B1 (en) Internet Security Method and System using One Time IDentification
CN113395162A (en) System and method for counting votes in an electronic voting system
CN102769606A (en) Gene certificate-based network digital identity authentication method
KR102029309B1 (en) Information input apparatus having authentication request and method using the same
JP2017033199A (en) Authentication server and authentication server program
JP2023537578A (en) Mobile app login and device registration
US20210320924A1 (en) Authorization system and authorization method
KR20150060611A (en) Internet Security System using One Time IDentification
KR101505137B1 (en) Internet Security System using One Time IDentification
AU2010361584B2 (en) User account recovery
IT201600115265A1 (en) Process and computer system for the identification and authentication of the digital identity of a subject in possession of a personal telecommunication device.
KR20150091601A (en) Method and system for copying certificate

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WW01 Invention patent application withdrawn after publication
WW01 Invention patent application withdrawn after publication

Application publication date: 20190423