Disclosure of Invention
According to an aspect of the present invention, there is provided a method for performing cooperative authentication of identification information in the internet, the method comprising:
when user equipment wants to establish virtual private network connection with a data server in the Internet, sending an identity authentication request to an authentication server in the Internet, wherein the identity authentication request comprises: an identifier of the user equipment, a network address of the user equipment and password information;
in response to receiving the identity authentication request, the authentication server acquires an identifier and password information of the user equipment in the identity authentication request, acquires a preset password associated with the user equipment from a password database according to the identifier of the user equipment, and determines that a verification result of initial verification of the user equipment is passed when the preset password is the same as a current password in the password information;
when the verification result of the initial verification of the user equipment is determined to be passed, the authentication server sends the identifier of the user equipment and the network address of the user equipment to the data server to prompt the data server to add the identifier of the user equipment and the network address of the user equipment to a metadata push white list, wherein the data server sends a metadata set associated with all data files stored by the data server to each user equipment in the metadata push white list according to the network address of each user equipment in the metadata push white list at preset time intervals;
the authentication server selects one text file from a plurality of text files in a text information base as a basic text file according to an identifier of the user equipment, creates a random number sequence generator associated with the basic text file, sets a maximum value of a random number for the random number sequence generator according to the number of characters included in the basic text file, wherein the random number is a natural number, sets a survival time and a counter for the random number sequence generator, sets an initial value of the counter to 0, and sends the basic text file and the random number sequence generator to the user equipment;
in response to receiving the base text file and the random number sequence generator, the user device determining whether a lifetime of the random number sequence generator expires, setting the lifetime of the random number sequence generator to infinity when it is determined that the lifetime of the random number sequence generator does not expire, and generating a first random number sequence using the random number sequence generator, wherein the first random number sequence includes a plurality of natural numbers having a positional order and a numerical value of each natural number is less than or equal to a maximum value of a random number;
the user equipment sends the generated first random number sequence to the authentication server, and the user equipment selects a plurality of characters from the basic text file according to the position sequence by using the generated first random number sequence to form a first character sequence, wherein each random number in the random number sequence selects a character in a corresponding position from the plurality of characters in the basic text file and forms the first character sequence according to the position sequence of the random number sequence;
prompting a user of the user equipment to generate authentication data including a plurality of identification information according to the first character sequence, wherein the authentication data includes at least the following identification information: video identification information, audio identification information and synthesized fingerprint identification information, and each of all data frames of the video identification information comprises a facial image of a user and at least a predetermined number of consecutive data frames of all data frames of the video identification information comprise an image of user-entered fingerprint identification information;
wherein a user records video identification information and audio identification information through a multimedia input device of a user device, wherein the video identification information is video information which is formed when the user reads the first character sequence and at least comprises the face of the user, and the audio identification information is audio information which is formed when the user reads the first character sequence and is synchronized with the video identification information in time;
wherein a user inputs fingerprint information through a fingerprint input device of a user equipment and generates a second random number sequence using the random number sequence generator, wherein the second random number sequence includes a plurality of natural numbers having no positional order and a numerical value of each natural number is less than or equal to a maximum value of the random numbers; selecting a natural number with the largest numerical value from the second random data column as an authentication natural number, selecting a plurality of characters from the first character sequence according to the numerical value of the authentication natural number, combining the selected plurality of characters with fingerprint information input through a fingerprint input device to form mixed information and encrypting the mixed information, and transmitting the selected plurality of characters from the first character sequence according to the numerical value of the authentication natural number to an authentication server;
the user equipment sends video identification information, audio identification information and encrypted mixed information to the authentication server, the authentication server carries out voice recognition on the audio identification information to obtain a first character sequence, the authentication server generates a second character sequence according to a first random number sequence received from the user equipment, and when the second character sequence is determined to be the same as the first character sequence, whether the video identification information and the audio identification information are synchronous in time is determined;
decrypting the encrypted mix information to obtain decrypted plurality of characters and fingerprint information when it is determined that the video identification information and the audio identification information are synchronized in time, sending an instruction to the data server to cause a virtual private network connection to be established between the user device and the data server when the decrypted plurality of characters are the same as the plurality of characters sent by the user device and the fingerprint information is authenticated.
When a user of the user equipment wants to establish a virtual private network between the user equipment and a data server in the internet, the user sends an identity authentication request to an authentication server of the internet through the user equipment.
The password database is configured to store identification information and password information associated with each of a plurality of user devices within the internet.
The metadata push white list includes a plurality of push items, each push item including: an identifier of the user equipment and a network address of the user equipment.
Storing a plurality of text files in the text information base, wherein the text content of each text file is different or not completely same, and the text content of each text file is the text content of natural language; the natural language is English or Chinese.
According to another aspect of the present invention, there is provided a system for performing cooperative authentication of identification information in the internet, the system comprising:
the method comprises the following steps that when the user equipment wants to establish virtual private network connection with a data server in the Internet, the user equipment sends an identity authentication request to an authentication server in the Internet, wherein the identity authentication request comprises the following steps: an identifier of the user equipment, a network address of the user equipment and password information;
the authentication server responds to the received identity authentication request, acquires the identifier and the password information of the user equipment in the identity authentication request, acquires a preset password associated with the user equipment from a password database according to the identifier of the user equipment, and determines that the verification result of the initial verification of the user equipment is passed when the preset password is the same as the current password in the password information; when it is determined that the verification result of the initial verification of the user equipment is passed, the authentication server transmits an identifier of the user equipment and a network address of the user equipment to the data server,
the data server adds the identifier of the user equipment and the network address of the user equipment into a metadata push white list, wherein the data server sends a metadata set associated with all data files stored by the data server to each user equipment in the metadata push white list according to the network address of each user equipment in the metadata push white list at preset time intervals;
the authentication server selects one text file from a plurality of text files in a text information base according to the identifier of the user equipment to serve as a basic text file, creates a random number sequence generator associated with the basic text file, sets the maximum value of a random number for the random number sequence generator according to the number of characters included in the basic text file, wherein the random number is a natural number, sets a survival time and a counter for the random number sequence generator, sets the initial value of the counter to be 0, and sends the basic text file and the random number sequence generator to the user equipment;
in response to receiving the base text file and the random number sequence generator, the user device determining whether a lifetime of the random number sequence generator expires, setting the lifetime of the random number sequence generator to infinity when it is determined that the lifetime of the random number sequence generator does not expire, and generating a first random number sequence using the random number sequence generator, wherein the first random number sequence includes a plurality of natural numbers having a positional order and a numerical value of each natural number is less than or equal to a maximum value of a random number;
the user equipment sends the generated first random number sequence to the authentication server, and the user equipment selects a plurality of characters from the basic text file according to the position sequence by using the generated first random number sequence to form a first character sequence, wherein each random number in the random number sequence selects a character in a corresponding position from the plurality of characters in the basic text file and forms the first character sequence according to the position sequence of the random number sequence;
prompting a user of the user equipment to generate authentication data including a plurality of identification information according to the first character sequence, wherein the authentication data includes at least the following identification information: video identification information, audio identification information and synthesized fingerprint identification information, and each of all data frames of the video identification information comprises a facial image of a user and at least a predetermined number of consecutive data frames of all data frames of the video identification information comprise an image of user-entered fingerprint identification information;
wherein a user records video identification information and audio identification information through a multimedia input device of a user device, wherein the video identification information is video information which is formed when the user reads the first character sequence and at least comprises the face of the user, and the audio identification information is audio information which is formed when the user reads the first character sequence and is synchronized with the video identification information in time;
wherein a user inputs fingerprint information through a fingerprint input device of a user equipment and generates a second random number sequence using the random number sequence generator, wherein the second random number sequence includes a plurality of natural numbers having no positional order and a numerical value of each natural number is less than or equal to a maximum value of the random numbers; selecting a natural number with the largest numerical value from the second random data column as an authentication natural number, selecting a plurality of characters from the first character sequence according to the numerical value of the authentication natural number, combining the selected plurality of characters with fingerprint information input through a fingerprint input device to form mixed information and encrypting the mixed information, and transmitting the selected plurality of characters from the first character sequence according to the numerical value of the authentication natural number to an authentication server;
the user equipment sends video identification information, audio identification information and encrypted mixed information to the authentication server, the authentication server carries out voice recognition on the audio identification information to obtain a first character sequence, the authentication server generates a second character sequence according to a first random number sequence received from the user equipment, and when the second character sequence is determined to be the same as the first character sequence, whether the video identification information and the audio identification information are synchronous in time is determined;
decrypting the encrypted mix information to obtain decrypted plurality of characters and fingerprint information when it is determined that the video identification information and the audio identification information are synchronized in time, sending an instruction to the data server to cause a virtual private network connection to be established between the user device and the data server when the decrypted plurality of characters are the same as the plurality of characters sent by the user device and the fingerprint information is authenticated.
When a user of user equipment wishes to establish a virtual private network between the user equipment and a data server in the Internet, the user sends an identity authentication request to an authentication server of the Internet through the user equipment;
the password database is configured to store identification information and password information associated with each of a plurality of user devices within the internet.
The metadata push white list includes a plurality of push items, each push item including: an identifier of the user equipment and a network address of the user equipment.
Storing a plurality of text files in the text information base, wherein the text content of each text file is different or not completely same, and the text content of each text file is the text content of natural language; the natural language is English or Chinese.
Detailed Description
Fig. 1 is a flow chart of a method 100 for performing collaborative authentication of identification information in the internet according to an embodiment of the present invention. In step 101, when a user equipment wishes to establish a virtual private network connection with a data server in the internet, an identity authentication request is sent to an authentication server in the internet, where the identity authentication request includes: an identifier of the user device, a network address of the user device, and password information.
When a user of the user equipment wants to establish a virtual private network between the user equipment and a data server in the internet, the user sends an identity authentication request to an authentication server of the internet through the user equipment. The password information is a combination of capital English letters, lowercase English letters and numbers.
In step 102, in response to receiving the identity authentication request, the authentication server obtains an identifier and password information of the user equipment in the identity authentication request, obtains a preset password associated with the user equipment from a password database according to the identifier of the user equipment, and determines that a verification result of initial verification of the user equipment is passed when the preset password is the same as a current password in the password information. The password database is configured to store identification information and password information associated with each of a plurality of user devices within the internet. The password database stores a plurality of records, each record including an identifier of a user device and a preset password. The password information includes a current password input by a user through a character input device of the user equipment.
In step 103, when it is determined that the verification result of the initial verification of the user equipment is passed, the authentication server transmits the identifier of the user equipment and the network address of the user equipment to the data server to cause the data server to add the identifier of the user equipment and the network address of the user equipment to the metadata push white list, wherein the data server transmits the metadata set associated with all data files stored by the data server to each user equipment in the metadata push white list according to the network address of each user equipment in the metadata push white list at predetermined time intervals.
The metadata push white list includes a plurality of push items, each push item including: an identifier of the user equipment and a network address of the user equipment. And each user device in the metadata pushing white list is a target user device of the data server when the metadata pushing is carried out. The predetermined time interval is 1 day, 2 days, 3 days, 5 days, 7 days, 10 days, 15 days, 20 days, or 30 days. Or the data server sends a metadata set associated with all data files stored by the data server to each user equipment in the metadata push white list according to the network address of each user equipment in the metadata push white list at a preset time. The predetermined time is the 1 st day of each month or the last day of each month. The metadata collection includes metadata for each of all data files stored by the data server.
In step 104, the authentication server selects one text file from a plurality of text files in a text information base as a base text file according to an identifier of the user equipment, creates a random number sequence generator associated with the base text file, sets a maximum value of a random number for the random number sequence generator according to the number of characters included in the base text file, wherein the random number is a natural number, sets a survival time and a counter for the random number sequence generator, sets an initial value of the counter to 0, and transmits the base text file and the random number sequence generator to the user equipment.
The text information base stores a plurality of text files, wherein the text content of each text file is different or not completely same, and the text content of each text file is the text content of natural language. The natural language is English or Chinese. The identifier of the user equipment can indicate a name of a natural language used by the user equipment.
The authentication server selecting one text file from a plurality of text files in a text information base as a basic text file according to the identifier of the user equipment comprises: the authentication server determines the name of the natural language used by the user equipment according to the identifier of the user equipment, and selects one text file which is the same as the natural language used by the user equipment from a plurality of text files in a text information base as a basic text file according to the name of the natural language used by the user equipment.
Selecting one text file which is the same as the natural language used by the user equipment from a plurality of text files in a text information base according to the name of the natural language used by the user equipment as a basic text file, wherein the text file comprises: selecting a plurality of text files in a text information base, wherein the text files are the same as the natural language used by the user equipment, from a plurality of text files in a text information base according to the name of the natural language used by the user equipment, and randomly selecting one text file from the text files in the same natural language used by the user equipment as a basic text file.
Each text file includes at least 10 characters, 20 characters, 50 characters, 100 characters, 200 characters, 300 characters, or 500 characters; and there is no space between any two adjacent characters of all the characters of each text file. And replacing the characters with words, expressions or characters. The base text file includes 120 characters, and thus the maximum value of the random numbers that the random number sequence generator can generate is 120 and the minimum value of the random numbers that the random number sequence generator can generate is 1. The survival time is 1 minute, 2 minutes, 5 minutes, 8 minutes, 10 minutes, 15 minutes, or 20 minutes.
In step 105, in response to receiving the base text file and the random number sequence generator, the user equipment determines whether a lifetime of the random number sequence generator expires, sets the lifetime of the random number sequence generator to infinity when it is determined that the lifetime of the random number sequence generator does not expire, and generates a first random number sequence using the random number sequence generator, wherein the first random number sequence includes a plurality of natural numbers having a positional order and a value of each natural number is less than or equal to a maximum value of a random number.
Upon determining that the lifetime of the random number sequence generator has expired, discarding the base text file and the random number sequence generator. The lifetime of the random number sequence generator is set to infinity so that the random number sequence generator does not fail in generating the random number/random number sequence. The plurality of natural numbers in the position order do not have the same natural number or the same numerical value. The first random number sequence includes at least 5 characters, 10 characters, 20 characters, 30 characters, or 50 characters.
In step 106, the user equipment sends the generated first random number sequence to the authentication server, and the user equipment selects a plurality of characters from the base text file according to the position order by using the generated first random number sequence to form a first character sequence, wherein each random number in the random number sequence selects a character in a corresponding position from the plurality of characters in the base text file and forms the first character sequence according to the position order of the random number sequence.
In step 107, the user of the user equipment is prompted to generate authentication data comprising a plurality of identification information according to the first character sequence, wherein the authentication data comprises at least the following identification information: video identification information, audio identification information and synthesized fingerprint identification information, and each of all data frames of the video identification information comprises a facial image of a user and at least a predetermined number of consecutive data frames of all data frames of the video identification information comprise an image of user-entered fingerprint identification information. The predetermined number is 25, 30, 40, 50, 80, 100, 120, 150, 200, 300, 500, 800 or 1000. The number of all data frames of the video identification information is 100, 200, 300, 500, 800, 1000, 2000, 3000 or 5000.
And recording video identification information and audio identification information by a user through a multimedia input device of user equipment, wherein the video identification information is video information which is formed when the user reads the first character sequence and at least comprises the face of the user, and the audio identification information is audio information which is formed when the user reads the first character sequence and is synchronized with the video identification information in time. The multimedia input device includes: the camera and the microphone are used for recording the video identification information, and the microphone is used for recording the audio identification information.
Wherein a user inputs fingerprint information through a fingerprint input device of a user equipment and generates a second random number sequence using the random number sequence generator, wherein the second random number sequence includes a plurality of natural numbers having no positional order and a numerical value of each natural number is less than or equal to a maximum value of the random numbers; selecting a natural number with the largest numerical value from the second random data sequence as an authentication natural number, selecting a plurality of characters from the first character sequence according to the numerical value of the authentication natural number, combining the selected plurality of characters with fingerprint information input through a fingerprint input device to form mixed information and encrypting the mixed information, and transmitting the selected plurality of characters from the first character sequence according to the numerical value of the authentication natural number to an authentication server.
The selecting a plurality of characters from the first character sequence according to the value of the authentication natural number comprises: randomly selecting a numeric character of the authentication natural number from the first character sequence. Alternatively, and determining the parity of the authentication natural number, selecting a plurality of characters from the first character sequence according to the value and the parity of the authentication natural number, comprising: when the authentication natural number is an odd number, selecting (randomly) a numeric number of characters of the authentication natural number from the first character sequence. When the authentication natural number is an even number, 1/2-number characters of the numeric value of the authentication natural number are (randomly) selected from the first character sequence.
In step 108, the user device sends the video identification information, the audio identification information and the encrypted mixed information to the authentication server, the authentication server performs voice recognition on the audio identification information to obtain a first character sequence, and the authentication server generates a second character sequence according to the first random number sequence received from the user device, and determines whether the video identification information and the audio identification information are synchronized in time when it is determined that the second character sequence is the same as the first character sequence.
The authentication server generating the second sequence of characters from the first sequence of random numbers received from the user device comprises: the authentication server selects a plurality of characters from the base text file according to the position sequence by utilizing the first random number sequence to form a second character sequence, wherein each random number in the random number sequence selects the character of the corresponding position in the plurality of characters of the base text file and forms the second character sequence according to the position sequence of the random number sequence.
Determining whether the video identification information and the audio identification information are synchronized in time includes: it is determined whether each video frame in the video identification information is synchronized with a corresponding audio sample point in the audio identification information.
In step 109, in the event that it is determined that the video identification information and the audio identification information are synchronized in time, decrypting the encrypted mixed information to obtain a plurality of decrypted characters and fingerprint information, and when the plurality of decrypted characters are the same as the plurality of characters transmitted by the user device and the fingerprint information is authenticated, transmitting an instruction to the data server to cause a virtual private network connection to be established between the user device and the data server.
Determining that video identification information and audio identification information are synchronized in time when it is determined that each video frame in the video identification information is synchronized with a corresponding audio sampling point in the audio identification information; when each video frame in the video identification information is determined to be asynchronous with the corresponding audio sampling point in the audio identification information, determining that the video identification information and the audio identification information are asynchronous in time; after decrypting the encrypted mixed information to obtain a plurality of decrypted characters and fingerprint information, determining whether the plurality of decrypted characters and the plurality of characters sent by the user equipment are the same character set; after decrypting the encrypted mixed information to obtain a plurality of decrypted characters and fingerprint information, determining whether the plurality of decrypted characters are respectively the same as the plurality of characters sent by the user equipment; that is, the character set formed by the decrypted characters is the same as the character set formed by the characters sent by the user equipment; that is, the character set formed by the decrypted plurality of characters comprises the same character elements as the character set formed by the plurality of characters sent by the user equipment.
After sending instructions to the data server to cause a virtual private network connection to be established between the user equipment and the data server, establishing a virtual private network connection between the user equipment and the data server such that the user equipment is able to access the data server through the virtual private network connection. The user device is able to access the data server through the virtual private network connection to upload or download data files to or from the data server. And pre-storing the fingerprint information of each user in the authentication server to form a fingerprint information base, verifying the fingerprint information obtained through decryption according to the fingerprint information base, and determining that the fingerprint information obtained through decryption passes verification when the fingerprint information obtained through decryption is the same as the fingerprint information of the user in the fingerprint information base.
Fig. 2 is a schematic structural diagram of a system 200 for performing cooperative authentication of identification information in the internet according to an embodiment of the present invention. The system 200 includes: user equipment 201, authentication server 202 and data server 203.
The method comprises the following steps that when the user equipment 201 wants to establish virtual private network connection with a data server 203 in the internet, the user equipment 201 sends an identity authentication request to an authentication server 202 in the internet, wherein the identity authentication request comprises: an identifier of the user equipment 201, a network address of the user equipment 201, and password information;
the authentication server 202, in response to receiving the identity authentication request, the authentication server 202 obtaining an identifier and password information of the user equipment 201 in the identity authentication request, obtaining a preset password associated with the user equipment 201 from a password database according to the identifier of the user equipment 201, and determining that a verification result of initial verification of the user equipment 201 is passed when the preset password is the same as a current password in the password information; when it is determined that the verification result of the initial verification of the user equipment 201 is pass, the authentication server 202 transmits the identifier of the user equipment 201 and the network address of the user equipment 201 to the data server 203,
a data server 203, which adds the identifier of the user equipment 201 and the network address of the user equipment 201 to a metadata push white list, wherein the data server 203 sends a metadata set associated with all data files stored by the data server 203 to each user equipment 201 in the metadata push white list according to the network address of each user equipment 201 in the metadata push white list at a predetermined time interval;
further comprising, the authentication server 202 selecting one text file from a plurality of text files in a text information base as a base text file according to an identifier of the user equipment 201, creating a random number sequence generator associated with the base text file, setting a maximum value of a random number for the random number sequence generator according to the number of characters included in the base text file, wherein the random number is a natural number, setting a survival time and a counter for the random number sequence generator, setting an initial value of the counter to 0, and transmitting the base text file and the random number sequence generator to the user equipment 201;
in response to receiving the base text file and the random number sequence generator, the user device 201 determines whether a lifetime of the random number sequence generator expires, sets the lifetime of the random number sequence generator to infinity when it is determined that the lifetime of the random number sequence generator does not expire, and generates a first random number sequence using the random number sequence generator, wherein the first random number sequence includes a plurality of natural numbers having a positional order and a numerical value of each natural number is less than or equal to a maximum value of a random number;
the user equipment 201 sends the generated first random number sequence to the authentication server 202, and the user equipment 201 selects a plurality of characters from the base text file according to the position sequence by using the generated first random number sequence to form a first character sequence, wherein each random number in the random number sequence selects a character in a corresponding position from the plurality of characters in the base text file and forms the first character sequence according to the position sequence of the random number sequence;
prompting the user of the user equipment 201 to generate authentication data comprising a plurality of identification information according to the first character sequence, wherein the authentication data comprises at least the following identification information: video identification information, audio identification information and synthesized fingerprint identification information, and each of all data frames of the video identification information comprises a facial image of a user and at least a predetermined number of consecutive data frames of all data frames of the video identification information comprise an image of user-entered fingerprint identification information;
wherein the user records video identification information and audio identification information through the multimedia input device of the user equipment 201, wherein the video identification information is the video information formed when the user reads the first character sequence and at least comprises the face of the user, and the audio identification information is the audio information formed when the user reads the first character sequence and is synchronized with the video identification information in time;
wherein a user inputs fingerprint information through a fingerprint input device of the user equipment 201, and generates a second random number sequence using the random number sequence generator, wherein the second random number sequence includes a plurality of natural numbers having no positional order and a numerical value of each natural number is less than or equal to a maximum value of the random numbers; selecting a natural number having the largest numerical value from the second random data sequence as an authentication natural number, selecting a plurality of characters from the first character sequence according to the numerical value of the authentication natural number, combining the selected plurality of characters with fingerprint information input through a fingerprint input device to form mixed information and encrypting the mixed information, and transmitting the selected plurality of characters from the first character sequence according to the numerical value of the authentication natural number to the authentication server 202;
the user equipment 201 sends video identification information, audio identification information and encrypted mixed information to the authentication server 202, the authentication server 202 performs voice recognition on the audio identification information to acquire a first character sequence, the authentication server 202 generates a second character sequence according to a first random number sequence received from the user equipment 201, and when the second character sequence is determined to be the same as the first character sequence, whether the video identification information and the audio identification information are synchronized in time is determined;
in the event that it is determined that the video identification information and the audio identification information are synchronized in time, decrypting the encrypted mix information to obtain a plurality of decrypted characters and fingerprint information, and when the plurality of decrypted characters are the same as the plurality of characters transmitted by the user equipment 201 and the fingerprint information is authenticated, transmitting an instruction to the data server 203 to cause a virtual private network connection to be established between the user equipment 201 and the data server 203.
When a user of the user equipment 201 wishes to establish a virtual private network between the user equipment 201 and the data server 203 in the internet, the user sends an identity authentication request to the authentication server 202 of the internet through the user equipment 201. The password information is a combination of capital English letters, lowercase English letters and numbers.
The password database is used to store identification information and password information associated with each of a plurality of user devices 201 in the internet. The password database stores a plurality of records, each record including an identifier of the user device 201 and a preset password. The password information includes a current password input by the user through the character input device of the user equipment 201.
The metadata push white list includes a plurality of push items, each push item including: an identifier of the user equipment 201 and a network address of the user equipment 201. Each user device 201 in the metadata push white list is a target user device 201 of the data server 203 when performing metadata push. The predetermined time interval is 1 day, 2 days, 3 days, 5 days, 7 days, 10 days, 15 days, 20 days, or 30 days. Alternatively, the data server 203 sends a metadata set associated with all data files stored by the data server 203 to each user device 201 in the metadata push white list according to the network address of each user device 201 in the metadata push white list at a predetermined time. The predetermined time is the 1 st day of each month or the last day of each month. The metadata collection includes metadata for each of all data files stored by the data server 203.
Storing a plurality of text files in the text information base, wherein the text content of each text file is different or not completely same, and the text content of each text file is the text content of natural language; the natural language is English or Chinese. The identifier of the user equipment 201 can indicate the name of the natural language used by the user equipment 201.
The authentication server 202 selecting one text file from a plurality of text files in a text information base as a basic text file according to the identifier of the user equipment 201 comprises: the authentication server 202 determines a name of a natural language used by the user equipment 201 according to the identifier of the user equipment 201, and selects one text file, which is the same as the natural language used by the user equipment 201, from a plurality of text files in a text information base as a basic text file according to the name of the natural language used by the user equipment 201.
Selecting one text file which is the same as the natural language used by the user equipment 201 from a plurality of text files in a text information base according to the name of the natural language used by the user equipment 201 as a basic text file comprises: a plurality of text files in the same natural language used by the user equipment 201 are selected from a plurality of text files in a text information base according to the name of the natural language used by the user equipment 201, and one text file is randomly selected from the plurality of text files in the same natural language used by the user equipment 201 to serve as a basic text file.
Each text file includes at least 10 characters, 20 characters, 50 characters, 100 characters, 200 characters, 300 characters, or 500 characters; and there is no space between any two adjacent characters of all the characters of each text file. And replacing the characters with words, expressions or characters. The base text file includes 120 characters, and thus the maximum value of the random numbers that the random number sequence generator can generate is 120 and the minimum value of the random numbers that the random number sequence generator can generate is 1. The survival time is 1 minute, 2 minutes, 5 minutes, 8 minutes, 10 minutes, 15 minutes, or 20 minutes.
Upon determining that the lifetime of the random number sequence generator has expired, discarding the base text file and the random number sequence generator. The lifetime of the random number sequence generator is set to infinity so that the random number sequence generator does not fail in generating the random number/random number sequence. The plurality of natural numbers in the position order do not have the same natural number or the same numerical value. The first random number sequence includes at least 5 characters, 10 characters, 20 characters, 30 characters, or 50 characters. The predetermined number is 25, 30, 40, 50, 80, 100, 120, 150, 200, 300, 500, 800 or 1000. The number of all data frames of the video identification information is 100, 200, 300, 500, 800, 1000, 2000, 3000 or 5000.
The multimedia input device includes: the camera and the microphone are used for recording the video identification information, and the microphone is used for recording the audio identification information. Selecting a plurality of characters from the first character sequence according to the numerical value of the authentication natural number: the method comprises the step of randomly selecting a numeric character of the authentication natural number from the first character sequence. Alternatively, and determining the parity of the authentication natural number, selecting a plurality of characters from the first character sequence according to the value and the parity of the authentication natural number, comprising: when the authentication natural number is an odd number, selecting (randomly) a numeric character of the authentication natural number from the first character sequence; when the authentication natural number is an even number, 1/2-number characters of the numerical value of the authentication natural number are (randomly) selected from the first character sequence;
the authentication server 202 generating the second sequence of characters from the first sequence of random numbers received from the user device 201 comprises: the authentication server 202 selects a plurality of characters from the base text file in a positional order using the first random number sequence to constitute a second character sequence, wherein each random number in the random number sequence selects a character in a corresponding position among the plurality of characters of the base text file and the second character sequence is constituted in the positional order of the random number sequence.
Determining whether the video identification information and the audio identification information are synchronized in time includes: it is determined whether each video frame in the video identification information is synchronized with a corresponding audio sample point in the audio identification information.
Determining that video identification information and audio identification information are synchronized in time when it is determined that each video frame in the video identification information is synchronized with a corresponding audio sampling point in the audio identification information; when each video frame in the video identification information is determined to be asynchronous with the corresponding audio sampling point in the audio identification information, determining that the video identification information and the audio identification information are asynchronous in time; after decrypting the encrypted mixed information to obtain the decrypted plurality of characters and the fingerprint information, determining whether the obtained decrypted plurality of characters are the same character set as the plurality of characters transmitted by the user equipment 201; after decrypting the encrypted mixed information to obtain the decrypted plurality of characters and the fingerprint information, determining whether the obtained decrypted plurality of characters are respectively the same as the plurality of characters transmitted by the user equipment 201; that is, the character set composed of the plurality of decrypted characters is the same as the character set composed of the plurality of characters transmitted by the user equipment 201; i.e. the decrypted plurality of characters comprises the same character elements as the character set of the plurality of characters transmitted by the user equipment 201.
After sending an instruction to the data server 203 to cause a virtual private network connection to be established between the user equipment 201 and the data server 203, a virtual private network connection is established between the user equipment 201 and the data server 203 such that the user equipment 201 can access the data server 203 through the virtual private network connection. The user device 201 is able to access the data server 203 through a virtual private network connection to upload data files to the data server 203 or download data files from the data server 203. The fingerprint information of each user is stored in the authentication server 202 in advance to form a fingerprint information base, and the fingerprint information obtained through decryption is verified according to the fingerprint information base, and when the fingerprint information obtained through decryption is the same as the fingerprint information of the user in the fingerprint information base, it is determined that the fingerprint information obtained through decryption passes verification.
Fig. 3 is a schematic diagram of a user equipment 300 capable of inputting identification information according to an embodiment of the present invention. As shown in fig. 3, the user device 30 is placed on a support (e.g., a table). When the user equipment 300 wishes to establish a virtual private network connection with a data server within the internet, it sends an identity authentication request to an authentication server within the internet. Furthermore, the user of the user equipment 300 generates authentication data comprising a plurality of identification information from the first character sequence, wherein the authentication data comprises at least the following identification information: video identification information, audio identification information and synthesized fingerprint identification information, and each of all data frames of the video identification information comprises a facial image of a user and at least a predetermined number of consecutive data frames of all data frames of the video identification information comprise an image of user-entered fingerprint identification information.
A user (or user) records video identification information and audio identification information through a multimedia input device 303 (e.g., a camera with a microphone, a video camera, etc. capable of recording video and audio simultaneously) of the user equipment 300, wherein the video identification information is video information including at least a face of the user formed when the user reads the first character sequence, and the audio identification information is audio information formed when the user reads the first character sequence, and is synchronized with the video identification information in time. For example, the first character sequence is "hit the house, the house has panicum griseum, invite me to the farmhouse, green tree village, qingshan guo skew, kaixuan county garden, morus kendirachta, wait until sun day, and come to chrysanthemum", wherein punctuation marks are added for illustration or to enable display on the display 301, and in fact punctuation marks may not be included in the first character sequence (punctuation marks also belong to characters). That is, the first character sequence is "chrysanthemum when the mountain of the deceased person was invited to me by broomcorn millet to the Tianjia green tree village side Heqingshan guo out-oblique-open-pavilion garden leaves the Jichang mulberry leaf to the sun of the double sun". It should be appreciated that punctuation is added at the user device end to enable the user to better read aloud.
A user (or never) inputs fingerprint information through the fingerprint input device 302 of the user equipment 300 and generates a second random number sequence using the random number sequence generator, wherein the second random number sequence includes a plurality of natural numbers having no positional order and a numerical value of each natural number is less than or equal to a maximum value of the random numbers; selecting a natural number having a largest numerical value from the second random data sequence as an authentication natural number, selecting a plurality of characters from the first character sequence according to the numerical value of the authentication natural number, combining the selected plurality of characters with fingerprint information input through a fingerprint input device 302 to form and encrypt mixed information, and transmitting the selected plurality of characters from the first character sequence according to the numerical value of the authentication natural number to an authentication server.
When the user records the video identification information and the audio identification information using the multimedia input device 303, the video identification information and the audio identification information recorded by the user are synchronized in time since the video input and the audio input of the multimedia input device 303 are synchronized. In other cases, complete synchronization in time is often not achieved if the user forges, tampers, splices the video identification information and the audio identification information.
In general, the multimedia input device 303 may include: the camera and the microphone are used for recording the video identification information, and the microphone is used for recording the audio identification information. The display 301 may, for example, display a first sequence of characters, which may show the user's real-time status as the video identification information and the audio identification information are recorded (i.e., show the recording process in real-time).