CN110298421B - Online generation, offline generation and verification method and device for two-dimensional code - Google Patents

Online generation, offline generation and verification method and device for two-dimensional code Download PDF

Info

Publication number
CN110298421B
CN110298421B CN201910563025.5A CN201910563025A CN110298421B CN 110298421 B CN110298421 B CN 110298421B CN 201910563025 A CN201910563025 A CN 201910563025A CN 110298421 B CN110298421 B CN 110298421B
Authority
CN
China
Prior art keywords
user
information
channel
dimensional code
platform
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910563025.5A
Other languages
Chinese (zh)
Other versions
CN110298421A (en
Inventor
刘红霖
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Yunbao Big Data Industry Development Co ltd
Original Assignee
Yunbao Big Data Industry Development Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Yunbao Big Data Industry Development Co ltd filed Critical Yunbao Big Data Industry Development Co ltd
Priority to CN201910563025.5A priority Critical patent/CN110298421B/en
Publication of CN110298421A publication Critical patent/CN110298421A/en
Application granted granted Critical
Publication of CN110298421B publication Critical patent/CN110298421B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/36User authentication by graphic or iconic representation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06KGRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K17/00Methods or arrangements for effecting co-operative working between equipments covered by two or more of main groups G06K1/00 - G06K15/00, e.g. automatic card files incorporating conveying and reading operations
    • G06K17/0022Methods or arrangements for effecting co-operative working between equipments covered by two or more of main groups G06K1/00 - G06K15/00, e.g. automatic card files incorporating conveying and reading operations arrangements or provisious for transferring data to distant stations, e.g. from a sensing device
    • G06K17/0025Methods or arrangements for effecting co-operative working between equipments covered by two or more of main groups G06K1/00 - G06K15/00, e.g. automatic card files incorporating conveying and reading operations arrangements or provisious for transferring data to distant stations, e.g. from a sensing device the arrangement consisting of a wireless interrogation device in combination with a device for optically marking the record carrier
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06KGRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K19/00Record carriers for use with machines and with at least a part designed to carry digital markings
    • G06K19/06Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code
    • G06K19/06009Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code with optically detectable marking
    • G06K19/06037Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code with optically detectable marking multi-dimensional coding
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06KGRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K19/00Record carriers for use with machines and with at least a part designed to carry digital markings
    • G06K19/06Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code
    • G06K19/06009Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code with optically detectable marking
    • G06K19/06046Constructional details
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06KGRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K7/00Methods or arrangements for sensing record carriers, e.g. for reading patterns
    • G06K7/10Methods or arrangements for sensing record carriers, e.g. for reading patterns by electromagnetic radiation, e.g. optical sensing; by corpuscular radiation
    • G06K7/14Methods or arrangements for sensing record carriers, e.g. for reading patterns by electromagnetic radiation, e.g. optical sensing; by corpuscular radiation using light without selection of wavelength, e.g. sensing reflected white light
    • G06K7/1404Methods for optical code recognition
    • G06K7/1408Methods for optical code recognition the method being specifically adapted for the type of code
    • G06K7/14172D bar codes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06KGRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K7/00Methods or arrangements for sensing record carriers, e.g. for reading patterns
    • G06K7/10Methods or arrangements for sensing record carriers, e.g. for reading patterns by electromagnetic radiation, e.g. optical sensing; by corpuscular radiation
    • G06K7/14Methods or arrangements for sensing record carriers, e.g. for reading patterns by electromagnetic radiation, e.g. optical sensing; by corpuscular radiation using light without selection of wavelength, e.g. sensing reflected white light
    • G06K7/1404Methods for optical code recognition
    • G06K7/1439Methods for optical code recognition including a method step for retrieval of the optical code
    • G06K7/1443Methods for optical code recognition including a method step for retrieval of the optical code locating of the code in an image

Abstract

The application provides a method and a device for online generation, offline generation and verification of a two-dimensional code, wherein the method comprises the following steps: receiving a two-dimensional code generation request, wherein the two-dimensional code generation request comprises user identification information and platform identification information; acquiring information of an opened channel corresponding to the user identification information from a management platform corresponding to the platform identification information; and generating a two-dimensional code according to the information of the opened channel, and returning the two-dimensional code to the user terminal. Through the technical scheme of the application, the user can pass verification authentication in a plurality of channel scenes with access rights of the user without switching application programs, and the operation efficiency of the user is improved.

Description

Online generation, offline generation and verification method and device for two-dimensional code
Technical Field
The application relates to the technical field of networks, in particular to a method and a device for online generation, offline generation and verification of two-dimensional codes.
Background
The two-dimensional code is also called a two-dimensional bar code, which records data symbol information by using a certain specific image set which is distributed on a plane (in a two-dimensional direction) according to a certain rule and is black-white alternate graph.
However, the two-dimension code in the related art only supports authentication in a single channel scene, which makes it necessary for a user to find and open the two-dimension code corresponding to the channel scene in different channel scenes, and excessively complicated operation will cause inconvenience in use of the user, especially in scene environments with large people flow and complex groups, which is not beneficial to trip safety of the user.
Disclosure of Invention
In view of this, the application provides a method and a device for online generation, offline generation and verification of two-dimension codes, which realize that different application scenes can share the same set of two-dimension codes, so that a user can perform access right authentication under a plurality of different application scenes without switching application programs, further obtain corresponding scene services, eliminate the constraint that one set of two-dimension codes only supports a single application scene in the related art, and improve the operation efficiency of the user.
In order to achieve the above purpose, the present application provides the following technical solutions:
according to a first aspect of the present application, an online two-dimensional code generating method is provided, and is applied to a code transmitting center, the method includes:
receiving a two-dimensional code generation request, wherein the two-dimensional code generation request comprises user identification information and platform identification information;
Acquiring information of an opened channel corresponding to the user identification information from a management platform corresponding to the platform identification information;
and generating a two-dimensional code according to the information of the opened channel, and returning the two-dimensional code to the user terminal.
According to a second aspect of the present application, an online two-dimensional code generating method is provided and applied to a user terminal, the method includes:
a two-dimensional code generation request is sent, wherein the two-dimensional code generation request comprises user identification information of a local end user and platform identification information of a management platform corresponding to target channel equipment;
and receiving a two-dimensional code returned by the code sending center, wherein the two-dimensional code is generated by the code sending center according to the information of the opened channel corresponding to the user identification information, and the information of the opened channel is from a management platform corresponding to the platform identification information.
According to a third aspect of the present application, an offline two-dimensional code generating method is provided and applied to a code transmitting center, and the method includes:
generating offline coding information aiming at a target user, wherein the offline coding information comprises information of an opened channel recorded by the target user at a management platform, and the offline coding information does not comprise a user signature corresponding to the target user;
And sending the offline coding information to the target user, so that the target user generates a user signature through a corresponding user private key, and then, generating an offline two-dimensional code according to the user signature and the offline coding information.
According to a fourth aspect of the present application, an offline two-dimensional code generating method is provided and applied to a user terminal, the method includes:
receiving offline coding information sent by a code receiving center, wherein the offline coding information comprises information of an opened channel of a target user, and the offline coding information does not contain a user signature corresponding to the target user;
performing user signature processing on the offline coding information to obtain user signature information;
and generating an offline two-dimensional code according to the user signature information and the offline coding information.
According to a fifth aspect of the present application, there is provided a two-dimensional code verification generating method applied to channel equipment, the method comprising:
acquiring a two-dimensional code provided by a user to be verified;
analyzing the two-dimensional code to obtain the information of the opened channel contained in the two-dimensional code, wherein the information of the opened channel is used for indicating the channel of the user to be verified with access right;
When the channel access condition is met, judging that the user to be verified passes verification; otherwise, judging that the user to be authenticated fails to pass authentication; wherein the channel access condition includes: and the user to be verified has access rights to the channel corresponding to the channel equipment.
According to a sixth aspect of the present application, there is provided an online generating device for two-dimensional codes, applied to a code transmitting center, the device comprising:
the receiving unit is used for receiving a two-dimensional code generation request, wherein the two-dimensional code generation request comprises user identification information and platform identification information;
the acquisition unit acquires the information of the opened channel corresponding to the user identification information from the management platform corresponding to the platform identification information;
the generation unit is used for generating a two-dimensional code according to the information of the opened channel;
and the sending unit returns the two-dimensional code to the user terminal.
According to a seventh aspect of the present application, there is provided an online generating device of a two-dimensional code, applied to a user terminal, the device comprising:
the system comprises a sending unit, a receiving unit and a receiving unit, wherein the sending unit sends a two-dimension code generation request, and the two-dimension code generation request comprises user identification information of a local end user and platform identification information of a management platform corresponding to target channel equipment;
The receiving unit is used for receiving the two-dimensional code returned by the code sending center, wherein the two-dimensional code is generated by the code sending center according to the information of the opened channel corresponding to the user identification information, and the information of the opened channel is from the management platform corresponding to the platform identification information.
According to an eighth aspect of the present application, there is provided an offline two-dimensional code generating device applied to a code transmitting center, the device comprising:
the generation unit is used for generating offline coding information aiming at a target user, wherein the offline coding information comprises information of an opened channel recorded by the target user at a management platform, and the offline coding information does not comprise a user signature corresponding to the target user;
and the first sending unit is used for sending the offline coding information to the target user so as to generate a user signature through a corresponding user private key by the target user and then generate an offline two-dimensional code according to the user signature and the offline coding information.
According to a ninth aspect of the present application, there is provided an offline generating device of a two-dimensional code, applied to a user terminal, the device comprising:
the first receiving unit is used for receiving off-line coding information sent by a code sending center, wherein the off-line coding information comprises information of an opened channel of a target user, and the off-line coding information does not contain a user signature corresponding to the target user;
A signature unit for carrying out user signature processing on the offline coding information to obtain user signature information;
and the first generation unit is used for generating an offline two-dimensional code according to the user signature information and the offline coding information.
According to a tenth aspect of the present application, there is provided a two-dimensional code verification apparatus applied to channel equipment, the apparatus comprising:
the first acquisition unit acquires a two-dimensional code provided by a user to be authenticated;
the first analysis unit analyzes the two-dimensional code to obtain the information of the opened channel contained in the two-dimensional code, wherein the information of the opened channel is used for indicating the channel of the user to be verified with access right;
a first judging unit that judges that the user to be authenticated passes authentication when a channel access condition is satisfied; otherwise, judging that the user to be authenticated fails to pass authentication; wherein the channel access condition includes: and the user to be verified has access rights to the channel corresponding to the channel equipment.
According to the technical scheme, through improvement of the two-dimension code generation mode, different channels can be verified through the same set of two-dimension codes, under the application scene of using the two-dimension codes to verify a plurality of channels, a user can conduct authority authentication based on the same set of two-dimension codes without switching application programs, further scene service corresponding to the channels is obtained, and the operation efficiency of the user is improved.
Drawings
FIG. 1 is an application scenario diagram of online generation, offline generation and verification of a two-dimensional code according to an exemplary embodiment of the present application;
fig. 2 is a flowchart of an online generation method of a two-dimensional code according to an exemplary embodiment of the present application;
FIG. 3 is a flowchart of another online generation method of a two-dimensional code according to an exemplary embodiment of the present application;
fig. 4 is an interaction diagram of an online generation method of a two-dimensional code according to an exemplary embodiment of the present application;
fig. 5 is a flowchart of a method of generating two-dimensional codes offline in accordance with an exemplary embodiment of the present application;
fig. 6 is a flowchart of another offline generation method of a two-dimensional code according to an exemplary embodiment of the present application;
fig. 7 is an interaction diagram of a method for offline generation of a two-dimensional code according to an exemplary embodiment of the present application;
FIG. 8 is an interaction diagram of a channel opening process in accordance with an exemplary embodiment of the present application;
fig. 9 is a flowchart of a two-dimensional code verification method in accordance with an exemplary embodiment of the present application;
fig. 10 is an interaction diagram of a two-dimensional code verification method according to an exemplary embodiment of the present application;
FIG. 11 is an interaction diagram of another two-dimensional code verification method according to an exemplary embodiment of the present application;
FIG. 12 is a schematic block diagram of an electronic device in accordance with an exemplary embodiment of the present application;
fig. 13 is a block diagram of an online generation apparatus of a two-dimensional code according to an exemplary embodiment of the present application;
FIG. 14 is a schematic block diagram of another electronic device in accordance with an exemplary embodiment of the present application;
fig. 15 is a block diagram of an online generation apparatus of another two-dimensional code in an exemplary embodiment of the present application;
FIG. 16 is a schematic block diagram of yet another electronic device in accordance with an exemplary embodiment of the present application;
fig. 17 is a block diagram of an offline generation apparatus of a two-dimensional code according to an exemplary embodiment of the present application;
FIG. 18 is a schematic block diagram of yet another electronic device in accordance with an exemplary embodiment of the present application;
fig. 19 is a block diagram of an off-line generating apparatus of another two-dimensional code in accordance with an exemplary embodiment of the present application;
FIG. 20 is a schematic block diagram of yet another electronic device in accordance with an exemplary embodiment of the present application;
fig. 21 is a block diagram of a two-dimensional code verification apparatus according to an exemplary embodiment of the present application.
Detailed Description
Reference will now be made in detail to exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, the same numbers in different drawings refer to the same or similar elements, unless otherwise indicated. The implementations described in the following exemplary examples do not represent all implementations consistent with the application. Rather, they are merely examples of apparatus and methods consistent with aspects of the application as detailed in the accompanying claims.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the application. As used in this specification and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used herein refers to and encompasses any or all possible combinations of one or more of the associated listed items.
It should be understood that although the terms first, second, third, etc. may be used herein to describe various information, these information should not be limited by these terms. These terms are only used to distinguish one type of information from another. For example, first information may also be referred to as second information, and similarly, second information may also be referred to as first information, without departing from the scope of the application. The word "if" as used herein may be interpreted as "at … …" or "at … …" or "responsive to a determination", depending on the context.
Fig. 1 is an application scenario diagram of online generation, offline generation and verification of a two-dimensional code according to an exemplary embodiment of the present application, as shown in fig. 1, in the application scenario, a code sending center 101, a channel server 102, a management platform 103, channel equipment and a user terminal 105 are involved, where the channel equipment may include the channel server 102 and the channel terminal 104.
Information communication can be realized between the code sending center and the management platform, between the code sending center and the channel equipment, between the management platform and the channel equipment, and between the channel server and the channel terminal in the channel equipment through a network, so that interaction and data processing are completed. The network may include wired or wireless telecommunication means, for example, the network may include a local area network ("LAN"), a wide area network ("WAN"), an intranet, the internet, a mobile telephone network, a Virtual Private Network (VPN), a cellular or other mobile communication network, bluetooth, NFC, or any combination thereof, in which the channel server, management platform, channel terminal are not limited to one, as shown in fig. 1, the transcoding center may interface with multiple user terminals, the transcoding center may also be associated with multiple management platforms, for example, management platform 103a, management platform 103b in fig. 1, the transcoding center may be associated with multiple channel servers, for example, channel server 102a and channel server 102b in fig. 1, the transcoding center may be associated with multiple channel terminals, for example, channel terminal 104a and channel terminal 104b in fig. 1, the management platform may be responsible for maintaining information of multiple channel devices and multiple user terminals, the channel devices may acquire and perform verification processes for multiple users, for example, user terminal 105a and user terminal 105b in fig. 1.
The management platform framework may relate to a front-end interface and a back-end, where the front-end interface is displayed on the user terminal, and may be a web page, mobile phone software, an application program applicable to the portable terminal, or the like, and the specific installation form may be pre-installed software of the user terminal or third party software installed by the user, or the like. The back end performs interaction with the database according to the business logic, performs processing procedures such as information retrieval, feedback and the like corresponding to the operation of the user in the front end interface, and feeds back the processing result to the front end interface. For convenience of presentation, the management platform server is hereinafter referred to as a management platform, and the front-end interface of the user terminal side is referred to as a user terminal.
The code information related to the two-dimension code generation comprises identification information of a user and a management platform, the identification information is acquired from the management platform by a code transmitting center, the code transmitting center can be in butt joint with a plurality of management platforms, the plurality of management platforms can classify and divide user information to be maintained according to classification modes of different dimensions, such as classification according to administrative areas, for example, the related information of residents in an administrative city is maintained by the same management platform, or the related information of resident residents in an administrative area is maintained by the same management platform; the method can also be divided according to social organization groups, for example, the related information of members of the same company, factory and school is maintained by the same management platform, or the related information of members of the same political party is maintained by the same management platform; the multiple management platforms can also determine the management platform to which the current position information belongs according to the current position information of the user terminal. The application does not limit the division mode of the members to be maintained by the plurality of management platforms.
The code transmitting center is used for generating the two-dimensional code and providing related special services such as coding information required by the two-dimensional code, the services can be arranged in independent physical equipment according to specific service quantity, or can run by means of a virtual machine or can be in a form of software compatible with any operating system, and the application is not limited to the specific services. Based on the communication connection for obtaining the request information sent by the user terminal, the code sending center can send the generated two-dimensional code or the coding information required by the two-dimensional code to the user terminal, so that when the user passes through the two-dimensional code shown on the user terminal and passes through the verification of the channel equipment, the service provided by the channel is obtained.
The channel equipment is associated with an off-line application scene and can comprise a channel server and a channel terminal, wherein the channel terminal can be channel management equipment such as a gate, a machine tool supporting a two-dimension code detection function and the like; the application scenario may relate to, for example, restaurants, parks, libraries, etc. Further, the channel device may complete verification of the acquired two-dimensional code according to a preset processor, and the processor may include any combination of a central processing unit (Central Processing Unit, CPU), a graphics processor (Graphics Processing Unit, GPU), a network processor (Network Processor, NP), a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), and a Field Programmable Gate Array (FPGA).
The following examples are provided to further illustrate the application. The following describes specific embodiments of the present application in detail by way of examples and in connection with specific application scenarios.
Fig. 2 is a flowchart of an online generation method of a two-dimensional code according to an exemplary embodiment of the present application, and as shown in fig. 2, the method may be applied to a code center, and the method may include the steps of:
step 201, a two-dimensional code generation request is received, wherein the two-dimensional code generation request contains user identification information and platform identification information.
Step 202, obtaining information of an opened channel corresponding to the user identification information from a management platform corresponding to the platform identification information.
And 203, generating a two-dimensional code according to the information of the opened channel, and returning the two-dimensional code to the user terminal.
In an embodiment, a platform signature can be generated through a platform private key corresponding to a management platform, a two-dimensional code is further generated according to information containing an opened channel and coding information of the platform signature, and a platform public key corresponding to the platform private key is sent to each channel device associated with the management platform by a code sending center, so that the channel device can verify the platform signature contained in the two-dimensional code displayed by the user terminal based on the platform public key corresponding to the management platform.
Further, the code sending center can select a group of key pairs from a plurality of groups of keys corresponding to the management platform according to a preset rule as platform keys for generating platform signatures, the platform keys comprise platform public keys and platform private keys obtained through an algorithm, the code sending center generates the platform signatures based on the selected platform private keys, a platform key number corresponding to the platform keys is added to coding information for generating the two-dimension codes, and after the channel equipment analyzes the platform key number from the two-dimension codes, the platform public keys for checking the platform signatures are determined according to the platform key numbers, and signature checking is carried out by using the platform public keys.
Further, the encoding information for generating the two-dimensional code further comprises a key validity period, wherein the key validity period is used for indicating the authorized available time of the key, and the key comprises a platform key and a user key. In a specific process, the code sending center sets a corresponding key validity period for the determined key information, and adds a field corresponding to the key validity period to the coding information corresponding to the corresponding key, so that after the channel equipment analyzes the key validity period from the two-dimensional code, whether a platform secret key corresponding to the platform signature is in the validity period is verified according to the key validity period.
In another embodiment, the user signature can be generated through the user private key corresponding to the user identification information, so that the code sending center generates the two-dimensional code according to the encoding information containing the user signature and the user public key corresponding to the user private key, and after the channel equipment acquires the two-dimensional code, the user signature verification can be performed on the user signature according to the user public key analyzed by the two-dimensional code.
In yet another embodiment, the code transmitting center may generate the two-dimensional code according to the encoded information including the valid duration of the two-dimensional code and the code output timestamp, so that the channel device determines that the two-dimensional code passes the valid period test of the two-dimensional code according to the time when the sum of the valid duration of the two-dimensional code and the code output timestamp is greater than the time when the channel device checks the two-dimensional code, and otherwise, determines that the two-dimensional code is invalid.
Fig. 3 is a flowchart of another online generation method of a two-dimensional code according to an exemplary embodiment of the present application, and as shown in fig. 3, the method may be applied to a user terminal, and the method may include the steps of:
step 301, a two-dimension code generation request is sent, wherein the two-dimension code generation request comprises user identification information of a local end user and platform identification information of a management platform corresponding to target channel equipment.
Step 302, receiving a two-dimensional code returned by the code sending center, wherein the two-dimensional code is generated by the code sending center according to the information of the opened channel corresponding to the user identification information, and the information of the opened channel is from a management platform corresponding to the platform identification information.
According to the embodiment, the two-dimensional code returned by the code sending center received by the user terminal contains all channel identification information with access rights of the user terminal currently logged in, so that the user can pass the right authentication of any channel with access rights of the user through displaying the received two-dimensional code, and in the process, an application program does not need to be switched, and the operation efficiency is improved.
Fig. 4 is an interaction diagram of an online generation method of a two-dimensional code according to an exemplary embodiment of the present application, as shown in fig. 4, the interaction process involves a code sending center, a user terminal, and a management platform, and the interaction process may include the following steps:
in step 401, the management platform receives a two-dimension code generation request sent by the user terminal.
When a user executes a trigger operation for generating the two-dimension code at the user terminal, a request instruction of a corresponding two-dimension code generation request is formed in response to the trigger operation. The user terminal can automatically acquire the user identification information of the target user and the platform identification information of the management platform to which the target user belongs, further generate a two-dimensional code generation request which can contain the user identification information, and send the two-dimensional code generation request to the management platform corresponding to the platform identification information through the user terminal.
Step 402, the management platform determines the information of the opened channel corresponding to the user identification information.
The user identification information is used for identifying the characteristic information of the user logged in by the current user terminal, and can be user account information, user nickname or thumbnail information for compressing the user account information so as to improve the processing efficiency of request generation, transmission and analysis, and it is easy to understand that the information capable of uniquely characterizing the current user logged in by the user terminal belongs to the protection range of the user identification information in the application, and the application does not limit the concrete expression form of the user identification information.
The platform identification information can be used for identifying the characteristic information of the management platform, and the user terminal further obtains the platform identification information corresponding to the management platform by determining the management platform.
The method for determining the management platform can be various, the management platform can be the management platform to which the user logged in by the current user terminal belongs, or the management platform to which the target application scene based on the LBS (Location Based Service, location-based service) of the user terminal belongs can be determined, and the management platform corresponding to the acquisition request to be sent is determined.
Step 403, the code sending center receives a two-dimension code generating request containing the information of the opened channel and the user identification information sent by the management platform.
In an embodiment, the management platform receives request information of a user terminal about a two-dimensional code generation request, determines user identification information and platform identification information corresponding to the user terminal based on the received request information, further obtains information of an opened channel corresponding to the user identification information, and sends the request information containing the information of the opened channel to the code sending center so that the code sending center generates the two-dimensional code based on the received information of the opened channel.
In another embodiment, the code sending center may directly receive a two-dimensional code generation request containing user identification information and platform identification information sent by the user terminal, and further determine information of an opened channel corresponding to the user identification information based on the received two-dimensional code generation request. In the specific determination process of the information of the opened channel, the code sending center can query a prestored information list of the opened channel, or the code sending center can send an information acquisition request of the opened channel to the management platform, and further determine the information of the opened channel corresponding to the user identification information according to response information returned by the management platform.
Step 404, determining the information of the opened channel, the user identification information and the platform identification information in the two-dimension code generation request.
In step 405, information about the key is determined. The information related to the key may include key information, platform key number information, and a key validity period.
The key information comprises a platform key and a user key, wherein the platform key is determined by a preset rule in platform keys corresponding to a plurality of groups of management platforms, the user key is key information corresponding to user identification information, and the user key can be determined according to the preset rule.
In the specific implementation process, determining the platform key according to a preset rule can be to identify whether the current time is in a preset time period, if not, randomly determining a group of platform keys according to a plurality of groups of keys corresponding to the management platform, or randomly generating a group of platform keys; otherwise, the last determined platform key is obtained.
Similarly, whether to randomly generate the user key can be determined according to the recognition result of whether the current time is in the preset time period, namely, if the current time is not in the preset time period, a group of user keys is randomly generated, or a group of user keys is randomly selected from a plurality of groups of user keys corresponding to the user identification information; otherwise, the last determined user key is obtained.
Of course, the preset rule can also be that a group of platform keys and a group of user keys can be randomly generated without any condition, so that the generation efficiency of key information is improved.
And generating a corresponding platform key number for the platform key determined by the code sending center, so that the code sending center also adds the platform key number into the coded information, and when the channel equipment performs platform signature verification, the platform public key for signature verification can be rapidly determined according to the platform key number.
After the key information is determined by the code sending center, correspondingly, setting a key validity period for the determined key information, wherein the determined key validity period is longer than an updating period of the key, preferentially determining whether the current verification time is in the key validity period or not in the process of verifying the two-dimensional code by the channel equipment, and rapidly determining that the verified two-dimensional code is in an invalid state under the condition that the verification time of the channel equipment exceeds the key validity period, thereby improving the screening speed of the invalid two-dimensional code.
Step 406, determining the extended domain information.
Based on application requirements in different scenes, scene domain information or custom domain information related to channels with access rights of the current user can be correspondingly increased in an expansion domain, such as member grade information corresponding to the current user can be increased in the expansion domain under the application scenes that members with different grades can enjoy different services, so that when channel equipment can acquire member grade information corresponding to the user according to two-dimensional codes displayed by a user terminal, corresponding services can be provided according to the grade information; when the public transportation authority is opened by the user, specific public transportation types which can be used by the current user can be added in the expansion domain, or the park visit authority is opened by the user, the specific range of the park can be further clarified through the expansion domain, or the channel equipment can further determine the special authority condition of the user under the current channel according to the expansion domain information in the two-dimension code if the service authority of some articles in the park is available.
Step 407, determining the two-dimensional code version and the code identification, and designating the effective duration of the two-dimensional code.
The code identifier is used for indicating that the generated two-dimensional code is a two-dimensional code generated offline or a two-dimensional code generated online, for example, 00 can be used for indicating that the two-dimensional code is a two-dimensional code generated online by a code transmitting center, and 01 can be used for indicating that the two-dimensional code is generated by a user terminal under the offline condition; the time interval between the start of the two-dimensional code output and the failure of the two-dimensional code can be represented by the effective duration of the two-dimensional code.
Step 408, determining platform signature information. Integrating the first field information to be subjected to platform signature processing, and performing platform signature processing by using the determined platform public key to obtain platform signature information.
The first field information to be subjected to platform signature processing is integrated, the first field information to be embodied in the two-dimensional code can be combined according to the actual situation, and in an exemplary embodiment, the first field information to be subjected to platform signature processing can include: two-dimension code version, two-dimension code length, code identification, management platform coding, platform key number, user identification information, key expiration time, two-dimension code effective duration, user public key, information of an opened channel and expansion domain information.
Step 409, determining user signature information. And carrying out user signature processing on the second field information.
In an embodiment, before the user signature processing is performed, the code output timestamp may be requested to generate the code output timestamp, and the code output time of the two-dimensional code is recorded through the code output timestamp. And the expiration time of the two-dimension code can be obtained after the effective duration of the two-dimension code is added on the basis of the code-out time stamp, so that channel equipment can judge whether the time for executing the verification operation of the channel is overdue or not through the expiration time.
The second field information of the user signature processing to be performed may be combined according to actual needs, and in an exemplary embodiment, the second field information may include the first field information, the platform signature information, and the code-out timestamp, so that the user signature information is obtained by performing the user signature processing on the second field information.
Step 410, generating a two-dimensional code based on the determined encoding information.
In step 411, the code sending center returns the generated two-dimensional code to the management platform.
In step 412, the management platform sends the received two-dimensional code to the user terminal for display by the user terminal.
In an embodiment, field information in the encoded information for generating the two-dimensional code may be classified into user signature information and second field information other than the user signature information, where the field information may include a two-dimensional code version, a two-dimensional code length, a code identifier, a management platform code, a platform key number, user identification information, a key expiration time, a two-dimensional code valid duration, a user public key, information of an opened channel, extended domain information, platform signature information, a code output timestamp, and user signature information, and of course, content in the encoded information of the two-dimensional code to be generated may be adjusted according to actual conditions, which is not limited by the present application.
In another embodiment, the fields involved in the encoded information may be selectively compressed to reduce the amount of data involved in the operation and improve the efficiency of the corresponding operation. In a specific embodiment, the compression processing may be performed on the two-dimensional code version, the information about the time, and other information except for the information about the effective duration.
According to the embodiment, the two-dimensional code returned by the code sending center received by the user terminal contains all channel identification information (namely the information of the opened channels) of the user terminal with the access right of the user currently logged in, so that the user displays the received two-dimensional code, and the user does not need to switch an application program in the process through the right authentication of any channel with the access right of the user, thereby improving the operation efficiency.
The method for generating the two-dimensional code offline is described below, in the process of generating the two-dimensional code offline, the specific content and the information determining mode of the related coding information are similar to those recorded in the method for generating the two-dimensional code online, and in the process of generating the two-dimensional code offline, the description is not repeated, and the related information can refer to the method for generating the two-dimensional code online.
Fig. 5 is a flowchart of a method for generating a two-dimensional code offline according to an exemplary embodiment of the present application, which is applied to a code center as shown in fig. 5, and may include the steps of:
step 501, generating offline coding information for a target user, wherein the offline coding information comprises information of an opened channel recorded by the target user at a management platform, and the offline coding information does not comprise a user signature corresponding to the target user.
In an embodiment, the offline coding information further includes platform signature information, where the platform signature information may be generated by a platform private key corresponding to the platform key determined by the coding center; the code sending center can add the platform key number corresponding to the platform key to the offline coding information, so that the channel equipment determines a platform public key for carrying out platform signature verification according to the platform key number.
Step 502, the offline coding information is sent to the target user, so that after the target user generates a user signature through a corresponding user private key, an offline two-dimensional code is generated according to the user signature and the offline coding information.
In an embodiment, a preset number of offline coding information may be sent to the user terminal, where each offline coding information includes different valid two-dimensional code durations.
According to the embodiment, the code sending center can send the offline coding information containing the information of the opened channel to the user terminal of the target user, so that the user terminal can conduct user signature processing through the corresponding user private key, and further the offline two-dimensional code is generated based on the user signature information and the offline coding information. Therefore, when the user terminal is in an offline state and cannot normally communicate and interact with the code sending center, the user terminal can complete user signature processing according to the offline coding information acquired in advance, and then the offline two-dimensional code is generated based on the user signature information and the offline coding information.
Fig. 6 is a flowchart of another method for generating two-dimensional codes offline according to an exemplary embodiment of the present application, which is applied to a user terminal as shown in fig. 6, and may include the steps of:
step 601, receiving offline coding information sent by a code sending center, wherein the offline coding information comprises information of an opened channel of a target user, and the offline coding information does not contain a user signature corresponding to the target user.
In an embodiment, a preset number of offline coding information sent by a code sending center may be received, where the offline coding information further includes a two-dimensional code effective duration, and the two-dimensional code effective durations corresponding to the preset number of offline coding information are different, and the user equipment may generate the two-dimensional code based on the offline coding information with the shortest two-dimensional code effective duration.
In another embodiment, a preset verification time input by a user at the user terminal can be obtained, offline coding information with the effective duration of the two-dimensional code being longer than the preset verification time is determined according to the preset verification time, and the effective duration of the two-dimensional code is determined in the effective duration of the two-dimensional code being longer than the preset verification time, so that the user terminal generates the two-dimensional code based on the offline coding information corresponding to the effective duration of the two-dimensional code being longer than the predicted verification time.
And step 602, performing user signature processing on the offline coded information to obtain user signature information.
And step 603, generating an offline two-dimensional code according to the user signature information and the offline coding information.
In an embodiment, the time stamp process may be requested to generate the out-code time stamp, so that the offline encoding information for generating the offline two-dimensional code includes the out-code time stamp and the user signature. Further, the offline coding information can further include a two-dimension code effective duration, so that the channel equipment can determine that the two-dimension code passes the two-dimension code effective duration inspection according to the fact that the sum of the two-dimension code effective duration and the code output time stamp is larger than the moment that the channel equipment verifies the two-dimension code, and otherwise, the two-dimension code is determined to be invalid.
According to the embodiment, the user terminal can pre-receive the offline coding information issued by the code receiving center, so that when the user terminal is in an offline state and cannot perform normal communication interaction with the code transmitting center, the user terminal can complete user signature processing based on the acquired offline coding information, and further generate an offline two-dimensional code for verifying channel equipment based on the user signature information and the offline coding information.
Fig. 7 is an interaction diagram of a method for generating two-dimensional codes offline according to an exemplary embodiment of the present application, as shown in fig. 7, may include a code transmitting center, a user terminal, and a management platform, and the method may include the steps of:
in step 701, the management platform receives an acquisition request of offline coding information sent by the user terminal.
Step 702, the management platform determines the information of the opened channel corresponding to the user identification information in the acquisition request, and sends the request information containing the information of the opened channel to the code sending center.
In step 703, the sending center determines the user identification information, the platform identification information and the information of the opened channel corresponding to the user identification information in the request information sent by the management platform.
In an embodiment, the user terminal interacts with the code sending center through the management platform, and when a preset condition is met, the user terminal sends an offline coding information acquisition request containing user identification information to the management platform, so that the management platform invokes the code sending center, and the offline coding information corresponding to the user identification information is determined based on the acquired user identification information and platform identification information.
The preset condition may be that a trigger instruction of the user terminal about acquiring the two-dimensional code is received in an environment with a good network communication state. When the user terminal receives the trigger instruction for acquiring the two-dimension code and the communication state between the user terminal and the management platform is good, the user terminal can generate request information for acquiring the offline coding information of the two-dimension code, and send the generated request information for acquiring the offline coding information of the two-dimension code to the management platform, so that the management platform invokes the code sending center, the code sending center completes the determination of the offline coding information, and the determined offline coding information is returned to the user terminal through the management platform.
The preset condition can also be that the user terminal receives a trigger instruction for acquiring the offline coding information of the two-dimension code, namely, the user can actively trigger and generate the trigger instruction for acquiring the offline coding information of the two-dimension code through the user terminal under the condition of good network communication condition,
In a specific embodiment of generating the instruction about the request for acquiring the offline coding information, the user may implement the triggering instruction through a physical key in the user terminal, or implement the triggering instruction through a virtual key in the preset interface, so as to prolong the protection life of the physical key.
In another embodiment, the code sending center may send a request for obtaining channel information to the management platform under the condition that the preset condition is met, so as to obtain the information of the opened channel corresponding to the pre-stored user identification information. In a specific embodiment, when a preset condition is reached, the code sending center traverses the prestored user identification information, determines the management platform corresponding to each user identification information, and further obtains all the opened channel information with access rights corresponding to the prestored user identification information from the management platform.
In the manner of determining the management platform, the code sending center may determine according to a pre-stored correspondence between the user and the management platform, or determine according to a real-time situation of the user, for example, determine, based on real-time location information of a user terminal currently used by the user, a management platform to which the real-time location information belongs, and further determine the management platform corresponding to the user identification information of the determined management platform.
In step 704, the transcoding center determines the platform key and the user key.
The method for determining the platform key and the user key is similar to the method for determining the platform key and the user key when the two-dimensional code is generated on line by the code transmitting center, and the application is not repeated.
Step 705, integrating the offline coding information corresponding to the information of the opened channel by the code sending center, wherein the offline coding information also comprises a platform signature and a user public key which have completed the platform signature processing, and the offline coding information is not signed by the user.
In one embodiment, the user signature process is not performed in the field of the offline encoded information integrated by the encoding center, and the user private key and the offline encoded information are sent to the user device in the encoding process so that the user signature process is performed by the user device according to the obtained user private key.
In another embodiment, the code transmitting center may integrate a preset amount of offline coding information, where attribute information related to time and aging in the offline coding information has a certain change, so that when the two-dimensional code shown by the user equipment fails due to expiration of the attribute information, the user equipment may generate the two-dimensional code information based on the coding information that the operation time for identification is still within the validity period of each attribute information.
For example, when the attribute information with the validity period is the valid duration of the two-dimensional code, each piece of offline coding information in the preset quantity can contain the same valid duration of the two-dimensional code, so that when the two-dimensional code shown by the user terminal is invalid due to expiration of the validity period, the user terminal can regenerate the two-dimensional code, and when the channel equipment checks the generated two-dimensional code, the time for executing the checking operation is still in the valid time of the two-dimensional code.
In still another embodiment, the effective duration of the two-dimensional code corresponding to the preset number of offline coding information may be different. For example: the effective duration of the two-dimensional code contained in the determined 5 offline coding information can be 5 minutes, 10 minutes, 20 minutes, 30 minutes and 50 minutes respectively, and obviously the effective duration of the two-dimensional code is not limited by the application.
The user can input a time interval (hereinafter simply referred to as a predicted verification time) for acquiring and verifying the two-dimensional code from the channel equipment through the user terminal, and various input modes can be used, for example, the user can input predicted duration in the terminal interface or select one of the displayed time interval values of the terminal interface; the user can obtain the predicted verification time length input by the user through the terminal, and further the offline coding information with the effective time length longer than the predicted verification time length is selected to generate the two-dimension code.
When the effective time length of the plurality of two-dimensional codes is longer than the predicted verification time length, the user terminal can select the two-dimensional code with the shortest effective time length in the plurality of two-dimensional codes which is longer than the predicted verification time length, and generate the two-dimensional code based on offline coding information containing the shortest effective time length of the two-dimensional codes so as to improve the tamper-proof safety of the two-dimensional code.
And step 706, returning the offline coding information and the user private key to the management platform so that the management platform returns to the target user corresponding to the user identification information, performing user signature processing on the offline coding information containing the code-out time stamp based on the user private key by the target user, and generating an offline two-dimensional code based on the user signature information, the code-out time stamp and the offline coding information.
In an embodiment, the sending center sends the offline coding information with preset quantity and the user private key to the user terminal through the management platform, so that when the user terminal receives the instruction information about generating the two-dimension code triggered by the user, the user private key is used for carrying out user signature processing on one group of offline coding information.
Step 707 generates an out-code timestamp for the received offline encoded information.
When a trigger instruction about generating a two-dimensional code sent by a user is received, the user terminal requests timestamp processing for the received offline coded information and a user private key to generate an out-code timestamp about the received offline coded information.
At step 708, user signature information is determined.
And the user terminal performs user signature processing on the offline coded information and the code output time stamp based on the user private key so as to obtain a user signature.
Step 709, generating an offline two-dimensional code.
And generating an offline two-dimensional code based on the user signature, the code output timestamp and the offline coding information, so that the channel equipment performs verification according to the offline two-dimensional code displayed by the user terminal.
According to the embodiment, the user terminal can complete user signature processing based on the offline coding information issued by the pre-received code issuing center, and further generate an offline two-dimension code for verifying the channel equipment based on the user signature information, the offline coding information and the code issuing time stamp, so that the user terminal can also realize a two-dimension code image for verifying the authority of the channel under the condition of abnormal network communication state.
In the online generation process of the two-dimension code or the offline generation process of the two-dimension code, the corresponding information of the opened channel corresponding to the user identification information can be provided with a corresponding user channel opening identification field so as to realize the transmission and identification of the information of the opened channel.
In an exemplary embodiment, the user channel opening identification may be stored using 5 bytes, where each Byte is divided into 8 bits, so that a total of 40 scenarios of identification of the user's current authorization status may be provided.
In a specific identification manner, the Bit can be represented by using 0 and 1 on each Bit, and the specific Bit can be represented by 0: the channel corresponding to the identification Bit where the current Bit is located is a scene that the user corresponding to the user identification does not have access or use permission, and can be represented by 1: the channel corresponding to the identification Bit where the Bit is currently located is a scenario that the user corresponding to the user identification has access right or use right, where the channel corresponding to the identification Bit is a standard that is set uniformly in advance, for example, as shown in the following table 1, in the unified standard, a channel number 00 corresponding to the identification Bit 0 may be specified, and a channel name corresponding to the channel number 00 is a rail transit (subway), similarly, a channel number corresponding to the identification Bit 1 may be 01, and a channel name corresponding to the channel number 01 is a bus, etc., where the unified standard mentioned herein is only taken as an example, and it can be understood that all the identification modes belonging to the same concept belong to the scope of the technical scheme to be protected in the present application.
Identification bit Channel numbering Channel name
0 00 * Rail transit (subway)
1 01 * Bus
2 02 * Canteen (canteen)
3 03 * Zoo
4 04 * Scenic spot
5 05 * Library
TABLE 1
The user can open the channel without access or use rights through the user terminal, and update the channel information with access or use rights of the login user in the management platform, for example
Fig. 8 is an interaction diagram of a channel opening process in accordance with an exemplary embodiment of the present application. As shown in fig. 8, the channel opening process involves an interaction process between the user terminal, the channel server, and the management platform, and the interaction process may include the following steps:
step 801, a user terminal sends a channel opening request to a channel server.
In an embodiment, the request body portion in the channel opening request information may include user identification information of the channel right to be opened, channel identification information of the channel right to be opened, and corresponding timestamp information.
Step 802, the channel server determines user identification information corresponding to the received channel opening request.
In an embodiment, the user identification information may be an identification capable of uniquely identifying the user identification information, such as a user mobile phone number, a user nickname, a user ID number, and the like.
Step 803, a user account information acquisition request is sent.
The channel server sends a user account information acquisition request to the management platform based on the determined user identification information to acquire corresponding user account information.
Step 804, opening channel rights corresponding to the user account information.
And the channel server executes corresponding authority opening operation based on the user account information so as to open the channel authority corresponding to the user account information.
In an embodiment, the rights opening operation executed by the channel server may include account fusion, encryption-free processing, and other operations, and according to different actual needs, different processing modes and execution sequences of corresponding processing modes may be added in the rights opening operation, where the account fusion may enable the channel device to accurately identify different virtual identity identifiers of the same user in the process of verifying the acquired two-dimensional code, so as to reduce the identification error rate in the process of verifying the two-dimensional code of the channel device.
And step 805, returning prompt information of authority opening to the user terminal, and sending channel authorities corresponding to the updated user identification information to the management platform, so that the management platform updates the channel authorities corresponding to the user identification information.
In an embodiment, the activation result may be identification information of whether the function of the channel right is successfully activated, for example, the identification information may be a status code, so that the user terminal may determine the activation state of the function of the channel right by identifying the status code, in a specific embodiment, when the status code is 10000, the requested channel right may be considered to be successfully activated, and when the status code is 90000, the requested channel right may be considered to be failed to be activated, so that the user may perform a corresponding operation.
According to the embodiment, in response to the opening requirement of the channel authority on the user side, the channel server can execute the opening operation of the corresponding channel authority, so that the user terminal can still obtain the access authority or the use authority of the newly authorized channel based on the same user account, the user does not need to switch application programs, even two-dimension code information, and the operation efficiency is improved.
Fig. 9 is a flowchart of a two-dimensional code verification method according to an exemplary embodiment of the present application, as shown in fig. 9, which may be applied to channel equipment, the method may include the steps of:
step 901, obtaining a two-dimensional code provided by a user to be authenticated.
Step 902, analyzing the two-dimensional code to obtain the information of the opened channel contained in the two-dimensional code, wherein the information of the opened channel is used for indicating the channel with the access right of the user to be verified.
In an embodiment, the determining that the channel access condition of the user to be verified passing verification may include: and the sum of the effective duration of the two-dimension code and the code output time stamp is larger than the time when the channel equipment checks the two-dimension code.
In another embodiment, the analysis information of the two-dimensional code further includes a key expiration time, and further determining that the user to be verified passes the channel access condition of verification may include: the expiration time of the key is larger than the time of checking the two-dimension code by the channel equipment.
In an embodiment, the channel device may include a channel terminal or a channel server.
Step 903, when the channel access condition is satisfied, determining that the user to be authenticated passes authentication; otherwise, judging that the user to be authenticated fails to pass authentication; wherein the channel access condition includes: and the user to be verified has access rights to the channel corresponding to the channel equipment.
In another embodiment, the user identification information contained in the two-dimensional code may be obtained, and further traversing whether the user identification information exists in a pre-stored blacklist, and determining that the channel access condition of the user to be verified through verification may include: the user to be authenticated is not in the blacklist.
In still another embodiment, the platform signature analyzed in the two-dimensional code may be verified according to a platform public key of the management platform, and determining that the user to be verified passes the channel access condition of verification may include: and the platform verification signature obtained according to the platform public key is consistent with the platform signature analyzed in the two-dimensional code.
In still another embodiment, the user public key included in the two-dimensional code may be obtained, and further, the user signature analyzed in the two-dimensional code is verified according to the user public key, and determining that the user to be verified passes the channel access condition of verification may include: and the user verification signature obtained according to the user public key is consistent with the user signature analyzed in the two-dimensional code.
According to the embodiment, the channel equipment can acquire and analyze the two-dimensional code displayed by the user terminal to obtain the information included in the two-dimensional code, and determine the state of the channel corresponding to the channel equipment according to the information of the opened channel included in the analysis information of the two-dimensional code, so that when the channel identified in the two-dimensional code is in the opened state, the user of the user terminal displaying the two-dimensional code is judged to have access rights.
Fig. 10 is an interaction diagram of a two-dimensional code verification method according to an exemplary embodiment of the present application, as shown in fig. 10, may be applied to channel equipment, which may be a channel server or a channel terminal, and the method may include the steps of:
in step 1001, the channel terminal obtains the two-dimensional code displayed by the user terminal.
Step 1002, the channel terminal sends the acquired two-dimensional code to the channel server.
In step 1003, analysis information of the two-dimensional code is determined.
The channel server analyzes the received two-dimensional code and determines analysis information corresponding to the two-dimensional code.
Step 1004, judging the opened state corresponding to the channel identifier.
Analyzing whether a channel identifier corresponding to a current channel in the analysis information is in an opened state, if so, entering step 1005; otherwise, determining that the two-dimensional code verification fails, and returning prompt information which does not have the access right of the current channel to the user terminal.
In step 1005, it is determined whether user identification information exists in the blacklist.
Traversing the pre-stored blacklist, judging whether user identification information in analysis information corresponding to the two-dimensional code exists in the blacklist, if not, performing step 1006, otherwise, determining that the two-dimensional code verification fails, and returning prompt information about that the logged-in user is in the blacklist state under the current channel scene to the user terminal.
In step 1006, the key validity period of the parsed information is checked.
And reading the key validity period in the analysis information, judging whether the current time is in the key validity period, if not, determining that the two-dimensional code verification fails, and returning prompt information of the two-dimensional code failure to the user terminal, otherwise, entering a step 1007.
Step 1007, checking the effective time of the two-dimension code.
Reading the code output time stamp and the effective duration of the two-dimensional code in the analysis information, determining the effective time of the two-dimensional code, judging whether the current time is within the effective time of the two-dimensional code, if not, determining that the two-dimensional code fails to check, and returning prompt information of the two-dimensional code failure to the user terminal, otherwise, entering step 1008.
Step 1008, verifying the platform signature information in the parsed information.
Reading a platform key number in the analysis information, determining a platform public key based on the read platform key number, and carrying out signature processing on first field information in the analysis information by using the platform public key to obtain a platform verification signature; judging whether the platform verification signature is consistent with the platform signature information in the analysis information, if so, determining that the two-dimensional code passes the platform signature verification, and entering a step 1009; otherwise, determining that the two-dimension code fails to check, and returning prompt information that the two-dimension code is invalid to the user terminal.
Step 1009, verifying the user signature information in the parsed information.
Reading user public key information in the analysis information, and carrying out signature processing on a second field in the analysis information based on the read user public key so as to obtain a user verification signature; judging whether the user verification signature is consistent with the user signature information in the analysis information, if not, determining that the two-dimensional code verification fails, and returning prompt information that the two-dimensional code is invalid to the user terminal; if so, determining that the two-dimensional code passes the user signature verification, and entering step 1010.
And step 1010, returning prompt information of passing the verification.
The channel server determines that the two-dimension code displayed by the user terminal passes the verification, and returns the verification passing information to the channel terminal so as to carry out subsequent related operations by the channel terminal.
In an embodiment, after the channel server determines that the two-dimensional code displayed by the user terminal passes the verification, the channel server may also return and display the verified prompt information to the user terminal device, so that the user may use the prompt information displayed in the user terminal as a pass credential of the use authority.
In another embodiment, the steps 1004 to 1009 can be adjusted according to the sequence of the fields in the actual parsing information; for example, when the field related to the key validity period in the parsing information is before the field representing the opened channel identification information, the operation of reading the key validity period, judging whether the current time is in the key validity period (i.e. step 1006) can be preferentially executed, then reading the opened channel identification information, and judging whether the user has the access right to the current channel (i.e. step 1004), and the sequence of the verification of steps 1004 to 1009 is not limited explicitly.
Fig. 11 is an interaction diagram of another two-dimensional code verification method according to an exemplary embodiment of the present application, as shown in fig. 11, which may be applied to a channel terminal, the method may include the steps of:
step 1101, obtaining a two-dimensional code displayed by a user terminal.
In step 1102, the channel terminal determines analysis information of the two-dimensional code.
And the channel terminal analyzes the received two-dimensional code and determines analysis information corresponding to the two-dimensional code.
Step 1103, the channel terminal determines an opened state corresponding to the channel identifier.
The channel terminal analyzes whether the channel identifier corresponding to the current channel in the analysis information is in an opened state, if so, the step 1104 is entered; otherwise, determining that the two-dimensional code fails to check, and sending out a check failure alarm.
In step 1104, the channel terminal determines whether user identification information exists in the blacklist.
Traversing a pre-stored blacklist, judging whether user identification information in analysis information corresponding to the two-dimensional code exists in the blacklist, and if not, performing step 1105; otherwise, determining that the two-dimensional code fails to check, and sending out a check failure alarm.
Step 1105, key validity period verification of channel terminal analysis information.
Reading the key validity period in the analysis information, judging whether the current time is in the key validity period, if not, determining that the two-dimensional code fails to verify, and sending out a verification failure alarm; otherwise, step 1106 is entered.
And 1106, checking the effective time of the two-dimension code by the channel terminal.
Reading the code output time stamp and the effective time length of the two-dimensional code in the analysis information, determining the effective time of the two-dimensional code, judging whether the current time is within the effective time of the two-dimensional code, if not, determining that the two-dimensional code fails to check, and sending a check failure alarm; otherwise, step 1107 is entered.
Step 1107, verifying the platform signature information in the channel terminal analysis information.
Reading a platform key number in the analysis information, determining a platform public key based on the read platform key number, and carrying out signature processing on first field information in the analysis information by using the platform public key to obtain a platform verification signature; judging whether the platform verification signature is consistent with the platform signature information in the analysis information, if so, determining that the two-dimensional code passes the platform signature verification, and entering step 1108; otherwise, determining that the two-dimensional code fails to check, and sending out a check failure alarm.
In an embodiment, the first field information may be other information than platform signature information, user signature information, and an out-code timestamp. For example, if the fields in the parsing information are in order: two-dimensional code version, two-dimensional code length, code identification, management platform coding, platform key number, user identification information, key expiration time, two-dimensional code effective duration, user public key, information of an opened channel, extended domain information, platform signature information, code output time stamp and user private key signature information, and then the first field information can be: two-dimension code version, two-dimension code length, code identification, management platform coding, platform key number, user identification information, key expiration time, effective duration of the two-dimension code, user public key, information of an opened channel and information of an extended domain.
Step 1108, the channel terminal analyzes the user signature information verification in the information.
Reading user public key information in the analysis information, and carrying out signature processing on a second field in the analysis information based on the read user public key so as to obtain a user verification signature; judging whether the user verification signature is consistent with the user signature information in the analysis information, if not, determining that the two-dimensional code verification fails, and sending out a verification failure alarm; if so, determining that the two-dimensional code passes the user signature verification, and entering step 1109.
In an embodiment, the second field information may be other information besides the user signature information, and in a specific implementation process, when the fields in the parsing information are in sequence: two-dimensional code version, two-dimensional code length, code identification, management platform coding, platform key number, user identification information, key expiration time, two-dimensional code effective duration, user public key, information of an opened channel, extended domain information, platform signature information, code output time stamp and user private key signature information, and then the second field information can be: two-dimension code version, two-dimension code length, code identification, management platform coding, platform key number, user identification information, key expiration time, two-dimension code effective duration, user public key, information of an opened channel, information of extended domain information, platform signature information and code output time stamp.
In step 1109, the channel terminal returns the prompt information for checking whether the channel terminal passes or not to the user terminal.
And determining that the two-dimension code displayed by the user terminal passes the verification, and carrying out subsequent related operation by the channel terminal, wherein in the process, the channel terminal can return prompt information about whether the verification passes or not to the user terminal.
In an embodiment, the channel terminal directly executes subsequent operations on the two-dimensional code which passes the verification, or may also return prompt information about whether the two-dimensional code passes the verification to the user terminal.
In an embodiment, the steps 1103 to 1108 may be performed with corresponding adjustment of the action steps according to the sequence of the fields in the actual parsing information; for example, when the field related to the key validity period in the parsing information precedes the field representing the opened channel identification information, the operation of reading the key validity period, determining whether the current time is in the key validity period (i.e. step 1105) may be preferentially performed, and then reading the opened channel identification information, and determining whether the user has access rights to the current channel (i.e. step 1103), where the order of the verification of steps 1103 to 1108 is not specifically defined.
In the process of performing online verification on the two-dimensional code, the blacklist list may be stored in the channel server, so that whether the user identification information in the analysis information is in the blacklist is judged by the channel server, and in another embodiment; in the process of performing offline verification on the two-dimension code, the blacklist is issued to the channel terminal in advance by the channel server, and the issuing action can be set to be triggered periodically or manually by a channel manager, so that the application is not limited to the method.
The blacklist records user identification information of which the behavior state violates preset treaty standards, for example, when a user fails to complete corresponding payment operation within a preset time after checking a two-dimensional code of a charging channel, the user identification information corresponding to the user can be added into the blacklist through a risk mechanism of the channel side if the behavior of the user violates the preset treaty, each channel can maintain the blacklist of the channel, and the blacklist can be fed back to a management platform after the preset time is passed, so that the management platform feeds back channel information in the blacklist state to a user terminal.
The determining of the behavior state of the user may be performed by the management platform, and in an embodiment, the management platform may determine, according to the behavior state of the user and the contract criteria corresponding to the behavior state, whether the behavior state of the user violates the corresponding contract criteria. The standard for judging the behavior state of the user can be uniformly formulated for the management platform and is suitable for the constraint of all authority behaviors related to each channel associated with the management platform, or the management platform prestores the treaty standard corresponding to each channel, so that the treaty standard corresponding to the channel is determined according to the corresponding channel information in the log record information, and the behavior state of the user is judged.
The management platform can classify and record the user identification information with the default behavior state and the corresponding default behavior information according to the channel information corresponding to the default behavior information to form a default behavior record (hereinafter referred to as a blacklist). And feeding back a blacklist corresponding to each channel when a preset condition is met, wherein the preset condition can be a preset time period or a preset record number. In a specific embodiment, the blacklist may be actively issued to the channel server by the management platform, or the channel server may send an acquisition request about the blacklist to the management platform.
The management platform may monitor the status of the user identification information located in the blacklist of channels for the channel's offensiveness. When the behavior state is changed and no default state exists, modifying the default behavior record of the user identification information under the channel, so that the modified default behavior record is sent to the channel server when the preset condition is met, so that the channel server carries out corresponding updating, and the channel server synchronizes the modified default behavior record to the channel terminal.
Similarly, when the preset condition is met, the modified blacklist corresponding to the channel is fed back to each channel, and the preset condition can be a preset time period or a preset record number. In a specific embodiment, the blacklist may be actively issued to the channel server by the management platform, or the channel server may send an acquisition request about the blacklist to the management platform.
Fig. 12 is a schematic structural diagram of an electronic device in accordance with an exemplary embodiment of the present application. Referring to fig. 12, at the hardware level, the electronic device includes a processor, an internal bus, a network interface, a memory, and a nonvolatile memory, and may include hardware required by other services. The processor reads the corresponding computer program from the nonvolatile memory to the memory and then operates the computer program to form the online generation device of the two-dimension code at the code sending center side on the logic level. Of course, other implementations, such as logic devices or combinations of hardware and software, are not excluded from the present application, that is, the execution subject of the following processing flows is not limited to each logic unit, but may be hardware or logic devices.
Referring to fig. 13, fig. 13 is a block diagram of an online generation device of a two-dimensional code according to an exemplary embodiment of the present application, which is applied to a code transmitting center, in a software implementation, the online generation device of a two-dimensional code may include:
a receiving unit 1301 configured to receive a two-dimensional code generation request, where the two-dimensional code generation request includes user identification information and platform identification information;
an acquiring unit 1302 configured to acquire information of an opened channel corresponding to the user identification information from a management platform corresponding to the platform identification information;
a generating unit 1303 for generating a two-dimensional code according to the information of the opened channel;
and a transmitting unit 1304 for returning the two-dimensional code to the user terminal.
Optionally, the method further comprises:
a first signature generating unit 1305, configured to generate a platform signature by using a platform private key corresponding to the management platform; the information for generating the two-dimensional code further comprises the platform signature, and the channel equipment corresponding to the management platform holds the platform public key corresponding to the platform private key, so that the platform signature contained in the two-dimensional code is verified.
Optionally, the method further comprises:
a selecting unit 1305, configured to select a set of platform keys from a plurality of sets of platform keys corresponding to the management platform;
A second signature generation unit 1306 that generates a platform signature based on the platform private key of the selected platform keys; the information for generating the two-dimensional code further comprises a platform key number corresponding to the selected platform key, so that the channel equipment analyzes the platform key number from the two-dimensional code, and then determines a platform public key for verifying the platform signature according to the platform key number.
Optionally, the information for generating the two-dimensional code further includes a key validity period, so that after the channel device analyzes the key validity period from the two-dimensional code, whether the platform key corresponding to the platform signature is in the validity period is verified according to the key validity period.
Optionally, the method further comprises:
a third signature generation unit 1307 for generating a user signature by using a user private key corresponding to the user identification information; the information for generating the two-dimensional code further comprises a user public key corresponding to the user signature and the user private key, so that the channel equipment performs user signature verification on the user signature according to the user public key.
Optionally, the information for generating the two-dimensional code further includes a two-dimensional code valid duration and a code output timestamp, so that the channel device determines that the two-dimensional code passes the two-dimensional code valid duration inspection according to the fact that the sum of the two-dimensional code valid duration and the code output timestamp is greater than the time when the channel device verifies the two-dimensional code, and otherwise, determines that the two-dimensional code is invalid.
Fig. 14 is a schematic structural diagram of another electronic device in an exemplary embodiment of the present application. Referring to fig. 14, at the hardware level, the electronic device includes a processor, an internal bus, a network interface, a memory, and a nonvolatile memory, and may include hardware required by other services. The processor reads the corresponding computer program from the nonvolatile memory to the memory and then operates the computer program to form the online generation device of the two-dimension code at the user terminal side on the logic level. Of course, other implementations, such as logic devices or combinations of hardware and software, are not excluded from the present application, that is, the execution subject of the following processing flows is not limited to each logic unit, but may be hardware or logic devices.
Referring to fig. 15, fig. 15 is a block diagram of another online generation apparatus of two-dimensional codes according to an exemplary embodiment of the present application, which is applied to a user terminal, in a software implementation manner, the online generation apparatus of two-dimensional codes may include:
a transmitting unit 1501 which transmits a two-dimensional code generation request including user identification information of a home terminal user and platform identification information of a management platform corresponding to a target channel device;
And the receiving unit 1502 receives the two-dimensional code returned by the code sending center, wherein the two-dimensional code is generated by the code sending center according to the information of the opened channel corresponding to the user identification information, and the information of the opened channel is from the management platform corresponding to the platform identification information.
Fig. 16 is a schematic structural diagram of still another electronic device in accordance with an exemplary embodiment of the present application. Referring to fig. 16, at the hardware level, the electronic device includes a processor, an internal bus, a network interface, a memory, and a nonvolatile memory, and may include hardware required by other services. The processor reads the corresponding computer program from the nonvolatile memory to the memory and then operates the computer program to form the off-line generating device of the two-dimension code at the transmitting center side on the logic level. Of course, other implementations, such as logic devices or combinations of hardware and software, are not excluded from the present application, that is, the execution subject of the following processing flows is not limited to each logic unit, but may be hardware or logic devices.
Referring to fig. 17, fig. 17 is a block diagram of an offline generating device of a two-dimensional code according to an exemplary embodiment of the present application, which is applied to a code transmitting center, in a software implementation, the offline generating device of a two-dimensional code may include:
A generating unit 1701, configured to generate offline coding information for a target user, where the offline coding information includes information of an opened channel recorded by the target user at a management platform, and the offline coding information does not include a user signature corresponding to the target user;
and the first sending unit 1702 sends the offline coding information to the target user, so that after the target user generates a user signature through a corresponding user private key, an offline two-dimensional code is generated according to the user signature and the offline coding information.
Optionally, the sending unit is specifically configured to:
the second sending unit 1703 sends a preset number of offline coding information to the user terminal, where each offline coding information includes different effective duration of the two-dimensional code.
Optionally, the offline coding information further comprises platform signature information; the platform signature information is generated by a platform private key corresponding to the platform key determined by the code sending center; and the platform key number corresponding to the platform key information is added into the offline coding information by the code sending center, so that the channel equipment determines a platform public key for carrying out platform signature verification according to the platform key number.
Fig. 18 is a schematic structural diagram of still another electronic device in accordance with an exemplary embodiment of the present application. Referring to fig. 18, at the hardware level, the electronic device includes a processor, an internal bus, a network interface, a memory, and a nonvolatile memory, and may include hardware required by other services. The processor reads the corresponding computer program from the nonvolatile memory to the memory and then operates the computer program to form the off-line generating device of the two-dimension code on the logic level. Of course, other implementations, such as logic devices or combinations of hardware and software, are not excluded from the present application, that is, the execution subject of the following processing flows is not limited to each logic unit, but may be hardware or logic devices.
Referring to fig. 19, fig. 19 is a block diagram of another two-dimensional code offline generating device according to an exemplary embodiment of the present application, which is applied to a user terminal, in a software implementation, the two-dimensional code offline generating device may include:
the first receiving unit 1901 receives offline coding information sent by a code receiving center, wherein the offline coding information comprises information of an opened channel of a target user, and the offline coding information does not contain a user signature corresponding to the target user;
A signature unit 1902, configured to perform user signature processing on the offline encoded information, so as to obtain user signature information;
the first generating unit 1903 generates an offline two-dimensional code according to the user signature information and the offline coding information.
Optionally, the method further comprises:
a time stamp generating unit 1904 that generates an out-code time stamp;
a second generating unit 1905, configured to generate an offline two-dimensional code according to the code output timestamp, the user signature, and the offline encoding information; the offline coding information further comprises a two-dimension code effective duration, so that channel equipment determines that the two-dimension code passes the two-dimension code effective duration test according to the fact that the sum of the two-dimension code effective duration and the code output time stamp is larger than the time when the channel equipment checks the two-dimension code, and otherwise, determines that the two-dimension code is invalid.
Optionally, the first receiving unit is specifically configured to:
the second receiving unit 1906 receives a preset number of offline coding information sent by the code sending center, wherein the offline coding information further includes two-dimensional code effective time lengths, and the two-dimensional code effective time lengths corresponding to the preset number of offline coding information are different.
The third generating unit 1907 generates the two-dimensional code based on the offline coding information with the shortest effective duration of the two-dimensional code.
Optionally, the method further comprises:
an acquisition unit 1908 for acquiring a predicted verification time length input by a user at a user terminal;
and a fourth generating unit 1909, configured to generate a two-dimensional code according to offline coding information including a valid two-dimensional code duration greater than the prediction verification duration.
Fig. 20 is a schematic structural diagram of still another electronic device in accordance with an exemplary embodiment of the present application. Referring to fig. 20, at the hardware level, the electronic device includes a processor, an internal bus, a network interface, a memory, and a nonvolatile memory, and may include hardware required by other services. The processor reads the corresponding computer program from the nonvolatile memory to the memory and then operates the computer program to form the two-dimensional code verification device on the logic level. Of course, other implementations, such as logic devices or combinations of hardware and software, are not excluded from the present application, that is, the execution subject of the following processing flows is not limited to each logic unit, but may be hardware or logic devices.
Referring to fig. 21, fig. 21 is a block diagram of a two-dimensional code verification apparatus according to an exemplary embodiment of the present application, which is applied to channel equipment, in a software implementation, the two-dimensional code verification apparatus may include:
A first acquisition unit 2101 that acquires a two-dimensional code provided by a user to be authenticated;
a first parsing unit 2102, configured to parse the two-dimensional code to obtain information of an opened channel included in the two-dimensional code, where the information of the opened channel is used to indicate a channel that the user to be verified has access rights;
a first judging unit 2103 that judges that the user to be authenticated passes authentication when a channel access condition is satisfied; otherwise, judging that the user to be authenticated fails to pass authentication; wherein the channel access condition includes: and the user to be verified has access rights to the channel corresponding to the channel equipment.
Optionally, the method further comprises:
a second acquisition unit 2104 that acquires user identification information contained in the two-dimensional code;
a traversing unit 2105 that traverses whether the user identification information exists in a pre-stored blacklist;
the second judging unit 2106, the channel access condition further includes: the user to be authenticated is not in the blacklist.
Optionally, the method further comprises:
the first verification unit 2107 is used for verifying the platform signature analyzed in the two-dimensional code according to the platform public key of the management platform;
the third judging unit 2108, the channel access condition further includes: and the platform verification signature obtained according to the platform public key is consistent with the platform signature analyzed in the two-dimensional code.
Optionally, the method further comprises:
a third acquisition unit 2109 that acquires a user public key contained in the two-dimensional code;
a second checking unit 2110, for checking the user signature resolved in the two-dimensional code according to the user public key;
the fourth judging unit 2111, the channel access condition further includes: and the user verification signature obtained according to the user public key is consistent with the user signature analyzed in the two-dimensional code.
Optionally, the method further comprises:
the second analysis unit 2112 analyzes the effective duration and the code output time stamp of the two-dimensional code according to the two-dimensional code;
the fifth judging unit 2113, the channel access condition further includes: and the sum of the effective duration of the two-dimension code and the code output time stamp is larger than the time when the channel equipment checks the two-dimension code.
Optionally, the analysis information of the two-dimensional code further includes a key expiration time, where the channel access condition further includes: the expiration time of the key is larger than the time of checking the two-dimension code by the channel equipment.
Optionally, the channel device includes a channel terminal or a channel server.
The device corresponds to the method, and more details are not repeated.
In one typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
The memory may include volatile memory in a computer-readable medium, random Access Memory (RAM) and/or nonvolatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of computer-readable media.
Computer readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of storage media for a computer include, but are not limited to, phase change memory (PRAM), static Random Access Memory (SRAM), dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), read Only Memory (ROM), electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium, which can be used to store information that can be accessed by a computing device. Computer-readable media, as defined herein, does not include transitory computer-readable media (transmission media), such as modulated data signals and carrier waves.
For the device embodiments, reference is made to the description of the method embodiments for the relevant points, since they essentially correspond to the method embodiments. The apparatus embodiments described above are merely illustrative, wherein the elements illustrated as separate elements may or may not be physically separate, and the elements shown as elements may or may not be physical elements, may be located in one place, or may be distributed over a plurality of network elements. Some or all of the modules may be selected according to actual needs to achieve the purposes of the present application. Those of ordinary skill in the art will understand and implement the present application without undue burden.
While this specification contains many specific implementation details, these should not be construed as limitations on the scope of any application or of what may be claimed, but rather as descriptions of features of specific embodiments of particular applications. Certain features that are described in this specification in the context of separate embodiments can also be implemented in combination in a single embodiment. On the other hand, the various features described in the individual embodiments may also be implemented separately in the various embodiments or in any suitable subcombination. Furthermore, although features may be acting in certain combinations and even initially claimed as such, one or more features from a claimed combination can in some cases be excised from the combination, and the claimed combination may be directed to a subcombination or variation of a subcombination.
The foregoing description of the preferred embodiments of the application is not intended to be limiting, but rather to enable any modification, equivalent replacement, improvement or the like to be made within the spirit and principles of the application.

Claims (26)

1. The online generation method of the two-dimensional code is characterized by being applied to a code sending center, and comprises the following steps:
receiving a two-dimensional code generation request, wherein the two-dimensional code generation request comprises user identification information and platform identification information;
acquiring information of an opened channel corresponding to the user identification information from a management platform corresponding to the platform identification information; the method comprises the steps that the information of the opened channel is provided with a corresponding user channel opening identification field, and the user channel opening identification field is used for realizing transmission and identification of the information of the opened channel;
generating a two-dimensional code according to the information of the opened channel, and returning the two-dimensional code to a user terminal, so that the channel terminal reading the two-dimensional code obtains the information of the opened channel through the two-dimensional code, and verifies the access right of the user corresponding to the user terminal.
2. The method as recited in claim 1, further comprising:
Generating a platform signature through a platform private key corresponding to the management platform;
the information for generating the two-dimensional code further comprises the platform signature, and the channel equipment corresponding to the management platform holds the platform public key corresponding to the platform private key, so that the platform signature contained in the two-dimensional code is verified.
3. The method according to claim 2, wherein the generating a platform signature by the platform private key corresponding to the management platform comprises:
selecting a group of platform keys from a plurality of groups of platform keys corresponding to the management platform;
generating a platform signature based on a platform private key in the selected platform keys;
the information for generating the two-dimensional code further comprises a platform key number corresponding to the selected platform key, so that the channel equipment analyzes the platform key number from the two-dimensional code, and then determines a platform public key for verifying the platform signature according to the platform key number.
4. The method of claim 2, wherein the information for generating the two-dimensional code further includes a key validity period, such that after the channel device analyzes the key validity period from the two-dimensional code, verifying whether the platform key corresponding to the platform signature is within the validity period according to the key validity period.
5. The method as recited in claim 1, further comprising:
generating a user signature through a user private key corresponding to the user identification information;
the information for generating the two-dimensional code further comprises a user public key corresponding to the user signature and the user private key, so that the channel equipment performs user signature verification on the user signature according to the user public key.
6. The method as recited in claim 1, further comprising:
the information for generating the two-dimensional code further comprises a two-dimensional code effective duration and a code output time stamp, so that channel equipment determines that the two-dimensional code passes through the two-dimensional code effective duration inspection according to the fact that the sum of the two-dimensional code effective duration and the code output time stamp is larger than the moment that the channel equipment verifies the two-dimensional code, and otherwise, determines that the two-dimensional code is invalid.
7. The online generation method of the two-dimensional code is characterized by being applied to a user terminal, and comprises the following steps:
a two-dimensional code generation request is sent, wherein the two-dimensional code generation request comprises user identification information of a local end user and platform identification information of a management platform corresponding to target channel equipment;
receiving a two-dimensional code returned by a code receiving center, wherein the two-dimensional code is generated by the code sending center according to the information of the opened channel corresponding to the user identification information, so that a channel terminal reading the two-dimensional code obtains the information of the opened channel through the two-dimensional code and verifies the access authority of a user corresponding to the user terminal, the information of the opened channel is from a management platform corresponding to the platform identification information, and a corresponding user channel opening identification field is set for the information of the opened channel and is used for realizing transmission and identification of the information of the opened channel.
8. An off-line generation method of a two-dimensional code is characterized by being applied to a code sending center, and comprises the following steps:
generating offline coding information aiming at a target user, wherein the offline coding information comprises information of an opened channel recorded by the target user at a management platform, and the offline coding information does not comprise a user signature corresponding to the target user; the method comprises the steps that the information of the opened channel is provided with a corresponding user channel opening identification field, and the user channel opening identification field is used for realizing transmission and identification of the information of the opened channel;
and sending the offline coding information to the target user, generating a user signature by the target user through a corresponding user private key, and generating an offline two-dimensional code according to the user signature and the offline coding information, so that a channel terminal reading the offline two-dimensional code obtains the information of the opened channel through the offline two-dimensional code, and verifying the access authority of the target user.
9. The method of claim 8, wherein said sending the offline encoded information to the target user comprises:
and sending the preset quantity of off-line coding information to the user terminal, wherein each off-line coding information respectively comprises different effective duration of the two-dimensional code.
10. The method of claim 8, wherein the offline coding information further comprises platform signature information;
the platform signature information is generated by a platform private key corresponding to the platform key determined by the code sending center;
and the platform key number corresponding to the platform key information is added into the offline coding information by the code sending center, so that the channel equipment determines a platform public key for carrying out platform signature verification according to the platform key number.
11. An offline generation method of a two-dimensional code is characterized by being applied to a user terminal, and the method comprises the following steps:
receiving offline coding information sent by a code receiving center, wherein the offline coding information comprises information of an opened channel of a target user, and the offline coding information does not contain a user signature corresponding to the target user; the information of the opened channel is provided with a corresponding user channel opening identification field which is used for realizing the transmission and identification of the information of the opened channel;
performing user signature processing on the offline coding information to obtain user signature information;
and generating an offline two-dimensional code according to the user signature information and the offline coding information, so that a channel terminal reading the offline two-dimensional code obtains the information of the opened channel through the offline two-dimensional code, and verifies the access right of the target user.
12. The method as recited in claim 11, further comprising:
generating a code-out time stamp;
generating an offline two-dimensional code according to the code output timestamp, the user signature and the offline coding information;
the offline coding information further comprises a two-dimension code effective duration, so that channel equipment determines that the two-dimension code passes the two-dimension code effective duration test according to the fact that the sum of the two-dimension code effective duration and the code output time stamp is larger than the time when the channel equipment checks the two-dimension code, and otherwise, determines that the two-dimension code is invalid.
13. The method of claim 11, wherein receiving the offline coded information sent by the transcoding center comprises:
receiving preset quantity of off-line coding information sent by a code receiving center, wherein the off-line coding information further comprises two-dimensional code effective time lengths, and the two-dimensional code effective time lengths corresponding to the preset quantity of off-line coding information are different;
and generating the two-dimension code based on the offline coding information with the shortest effective duration of the two-dimension code.
14. The method as recited in claim 13, further comprising:
acquiring a predicted verification time length input by a user at a user terminal;
And generating the two-dimension code according to the offline coding information containing the effective duration of the two-dimension code which is longer than the predicted verification duration.
15. A two-dimensional code verification method, characterized by being applied to channel equipment, the method comprising:
acquiring a two-dimensional code provided by a user to be verified;
analyzing the two-dimensional code to obtain the information of the opened channel contained in the two-dimensional code, wherein the information of the opened channel is used for indicating the channel of the user to be verified with access right; the information of the opened channel is provided with a corresponding user channel opening identification field which is used for realizing the transmission and identification of the information of the opened channel;
when the channel access condition is met, judging that the user to be verified passes verification; otherwise, judging that the user to be authenticated fails to pass authentication; wherein the channel access condition includes: and the user to be verified has access rights to the channel corresponding to the channel equipment.
16. The method as recited in claim 15, further comprising:
obtaining user identification information contained in the two-dimensional code;
traversing whether the user identification information exists in a pre-stored blacklist;
wherein the channel access conditions further include: the user to be authenticated is not in the blacklist.
17. The method as recited in claim 15, further comprising:
verifying the platform signature analyzed in the two-dimensional code according to the platform public key of the management platform;
wherein the channel access conditions further include: and the platform verification signature obtained according to the platform public key is consistent with the platform signature analyzed in the two-dimensional code.
18. The method as recited in claim 15, further comprising:
obtaining a user public key contained in the two-dimensional code;
verifying the user signature analyzed in the two-dimensional code according to the user public key;
wherein the channel access conditions further include: and the user verification signature obtained according to the user public key is consistent with the user signature analyzed in the two-dimensional code.
19. The method as recited in claim 15, further comprising:
according to the analysis of the two-dimensional code, the effective duration and the code output time stamp of the two-dimensional code are obtained;
wherein the channel access conditions further include: and the sum of the effective duration of the two-dimension code and the code output time stamp is larger than the time when the channel equipment checks the two-dimension code.
20. The method of claim 15, wherein the parsed information of the two-dimensional code further includes a key expiration time, and wherein the channel access condition further includes: the expiration time of the key is larger than the time of checking the two-dimension code by the channel equipment.
21. The method of claim 15, wherein the channel device comprises a channel terminal or a channel server.
22. An online generating device of a two-dimensional code, which is applied to a code sending center, the device comprises:
the receiving unit is used for receiving a two-dimensional code generation request, wherein the two-dimensional code generation request comprises user identification information and platform identification information;
the acquisition unit acquires the information of the opened channel corresponding to the user identification information from the management platform corresponding to the platform identification information; the method comprises the steps that the information of the opened channel is provided with a corresponding user channel opening identification field, and the user channel opening identification field is used for realizing transmission and identification of the information of the opened channel;
the generation unit is used for generating a two-dimensional code according to the information of the opened channel;
and the sending unit returns the two-dimensional code to the user terminal, so that the channel terminal reading the two-dimensional code obtains the information of the opened channel through the two-dimensional code, and verifies the access right of the user corresponding to the user terminal.
23. An online generation device of a two-dimensional code, which is applied to a user terminal, the device comprising:
The system comprises a sending unit, a receiving unit and a receiving unit, wherein the sending unit sends a two-dimension code generation request, and the two-dimension code generation request comprises user identification information of a local end user and platform identification information of a management platform corresponding to target channel equipment;
the receiving unit is used for receiving the two-dimensional code returned by the code sending center, the two-dimensional code is generated by the code sending center according to the information of the opened channel corresponding to the user identification information, so that a channel terminal reading the two-dimensional code obtains the information of the opened channel through the two-dimensional code and verifies the access authority of the user corresponding to the user terminal, wherein the information of the opened channel is from a management platform corresponding to the platform identification information, and a corresponding user channel opening identification field is set for the information of the opened channel and is used for realizing transmission and identification of the information of the opened channel.
24. An off-line generating device of a two-dimensional code, which is applied to a code transmitting center, the device comprising:
the generation unit is used for generating offline coding information aiming at a target user, wherein the offline coding information comprises information of an opened channel recorded by the target user at a management platform, and the offline coding information does not comprise a user signature corresponding to the target user; the information of the opened channel is provided with a corresponding user channel opening identification field which is used for realizing the transmission and identification of the information of the opened channel;
And the sending unit is used for sending the offline coding information to the target user, generating a user signature by the target user through a corresponding user private key, and generating an offline two-dimensional code according to the user signature and the offline coding information, so that a channel terminal reading the offline two-dimensional code can acquire the information of the opened channel through the offline two-dimensional code, and verifying the access right of the target user.
25. An offline two-dimensional code generating device, which is applied to a user terminal, the device comprising:
the receiving unit is used for receiving the offline coding information sent by the code sending center, wherein the offline coding information comprises information of an opened channel of a target user, and the offline coding information does not contain a user signature corresponding to the target user; the information of the opened channel is provided with a corresponding user channel opening identification field which is used for realizing the transmission and identification of the information of the opened channel;
a signature unit for carrying out user signature processing on the offline coding information to obtain user signature information;
and the generation unit is used for generating an offline two-dimensional code according to the user signature information and the offline coding information, so that a channel terminal reading the offline two-dimensional code can acquire the information of the opened channel through the offline two-dimensional code, and the access right of the target user can be verified.
26. A two-dimensional code verification device, characterized in that it is applied to channel equipment, said device includes:
the acquisition unit acquires a two-dimensional code provided by a user to be authenticated;
the analysis unit analyzes the two-dimensional code to obtain the information of the opened channel contained in the two-dimensional code, wherein the information of the opened channel is used for indicating the channel of the user to be verified with access right; the information of the opened channel is provided with a corresponding user channel opening identification field which is used for realizing the transmission and identification of the information of the opened channel;
the judging unit is used for judging that the user to be verified passes verification when the channel access condition is met; otherwise, judging that the user to be authenticated fails to pass authentication; wherein the channel access condition includes: and the user to be verified has access rights to the channel corresponding to the channel equipment.
CN201910563025.5A 2019-06-26 2019-06-26 Online generation, offline generation and verification method and device for two-dimensional code Active CN110298421B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910563025.5A CN110298421B (en) 2019-06-26 2019-06-26 Online generation, offline generation and verification method and device for two-dimensional code

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910563025.5A CN110298421B (en) 2019-06-26 2019-06-26 Online generation, offline generation and verification method and device for two-dimensional code

Publications (2)

Publication Number Publication Date
CN110298421A CN110298421A (en) 2019-10-01
CN110298421B true CN110298421B (en) 2023-11-03

Family

ID=68028923

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910563025.5A Active CN110298421B (en) 2019-06-26 2019-06-26 Online generation, offline generation and verification method and device for two-dimensional code

Country Status (1)

Country Link
CN (1) CN110298421B (en)

Families Citing this family (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110807131B (en) * 2019-11-01 2023-06-02 中国海洋石油集团有限公司 Drill rod maintenance line with automatic identification function
CN111709506B (en) * 2020-06-12 2023-07-11 北京思特奇信息技术股份有限公司 Custom label generation method and system
CN111967556B (en) * 2020-08-11 2022-09-16 福建博思数字科技有限公司 Two-dimensional code offline generation method and storage medium
CN111833047A (en) * 2020-08-19 2020-10-27 深圳市富之富信息科技有限公司 Payment code generation method and device based on mobile payment and computer equipment
CN112398923A (en) * 2020-11-03 2021-02-23 万达信息股份有限公司 Method and system for generating offline electronic health code
CN112215322B (en) * 2020-12-14 2021-04-13 深圳市深圳通有限公司 Traffic two-dimensional code generation method and generation device, and verification method and verification device
CN113011864B (en) * 2021-03-22 2022-12-16 支付宝(杭州)信息技术有限公司 Two-dimensional code generation and verification method, device, equipment and readable medium
CN113223224B (en) * 2021-05-12 2023-10-24 支付宝(杭州)信息技术有限公司 Traffic processing method and device
CN113255012B (en) * 2021-07-01 2021-10-19 深圳市深圳通有限公司 Method, device and equipment for managing riding codes and storage medium
CN114298258A (en) * 2021-12-21 2022-04-08 北京格灵深瞳信息技术股份有限公司 Offline two-dimensional code generation method
CN114444860B (en) * 2021-12-24 2023-04-18 长威信息科技发展股份有限公司 One-code passing method and terminal
CN115509360B (en) * 2022-10-11 2023-10-20 云宝宝大数据产业发展有限责任公司 Virtual reality VR interactive system based on meta-universe

Citations (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CA2759414A1 (en) * 2009-04-20 2010-10-28 Alter Core, S.L. System and method for personal certification using a mobile device
WO2014108005A1 (en) * 2013-01-11 2014-07-17 Tencent Technology (Shenzhen) Company Limited Co-verification method, two-dimensional code generation method, and device and system therefor
CN104065621A (en) * 2013-03-21 2014-09-24 腾讯科技(深圳)有限公司 Identify verification method for third-party service, client and system
CN104618334A (en) * 2014-12-29 2015-05-13 通邮(中国)科技有限公司 Method and system for generating and verifying dynamic two-dimensional code
CN104715242A (en) * 2015-03-27 2015-06-17 刘学明 Identity authentication system and method based on two-dimensional iris codes
WO2015184800A1 (en) * 2014-06-05 2015-12-10 Tencent Technology (Shenzhen) Company Limited Method and system for processing resource exchange information
CN105279469A (en) * 2015-09-15 2016-01-27 重庆智韬信息技术中心 Two-dimension code oriented authorization method
CN106846506A (en) * 2017-01-25 2017-06-13 腾讯科技(深圳)有限公司 A kind of method and system that Information Authentication is carried out based on message identification code
CN107368335A (en) * 2017-07-24 2017-11-21 奇酷互联网络科技(深圳)有限公司 A kind of method and apparatus and mobile terminal of Quick Response Code identification
CN107835079A (en) * 2017-11-02 2018-03-23 广州佳都数据服务有限公司 A kind of two-dimentional code authentication method and equipment based on digital certificate
CN107835160A (en) * 2017-10-20 2018-03-23 浙江工商大学 Third party's user authen method based on Quick Response Code
CN108052663A (en) * 2017-01-17 2018-05-18 海南亚元防伪技术研究所(普通合伙) A kind of application process and device of shared Quick Response Code
CN108510022A (en) * 2018-03-19 2018-09-07 维沃移动通信有限公司 A kind of Quick Response Code generates, verification method and server
WO2019000126A1 (en) * 2017-06-25 2019-01-03 深圳市秀趣品牌文化传播有限公司 Method for securely processing product promotion information of e-commerce platform
CN109767207A (en) * 2018-12-28 2019-05-17 优城(宁波)地铁科技有限公司 One kind unifying signaling open platform system for urban track traffic
CN109872146A (en) * 2019-02-17 2019-06-11 北京意锐新创科技有限公司 Third party's interface call method and system based on two dimension code reading device

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101839490B1 (en) * 2016-11-01 2018-03-16 김점두 Origin of satellite information systems for protection of changes climate

Patent Citations (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CA2759414A1 (en) * 2009-04-20 2010-10-28 Alter Core, S.L. System and method for personal certification using a mobile device
WO2014108005A1 (en) * 2013-01-11 2014-07-17 Tencent Technology (Shenzhen) Company Limited Co-verification method, two-dimensional code generation method, and device and system therefor
CN104065621A (en) * 2013-03-21 2014-09-24 腾讯科技(深圳)有限公司 Identify verification method for third-party service, client and system
WO2015184800A1 (en) * 2014-06-05 2015-12-10 Tencent Technology (Shenzhen) Company Limited Method and system for processing resource exchange information
CN104618334A (en) * 2014-12-29 2015-05-13 通邮(中国)科技有限公司 Method and system for generating and verifying dynamic two-dimensional code
CN104715242A (en) * 2015-03-27 2015-06-17 刘学明 Identity authentication system and method based on two-dimensional iris codes
CN105279469A (en) * 2015-09-15 2016-01-27 重庆智韬信息技术中心 Two-dimension code oriented authorization method
CN108052663A (en) * 2017-01-17 2018-05-18 海南亚元防伪技术研究所(普通合伙) A kind of application process and device of shared Quick Response Code
CN106846506A (en) * 2017-01-25 2017-06-13 腾讯科技(深圳)有限公司 A kind of method and system that Information Authentication is carried out based on message identification code
WO2019000126A1 (en) * 2017-06-25 2019-01-03 深圳市秀趣品牌文化传播有限公司 Method for securely processing product promotion information of e-commerce platform
CN107368335A (en) * 2017-07-24 2017-11-21 奇酷互联网络科技(深圳)有限公司 A kind of method and apparatus and mobile terminal of Quick Response Code identification
CN107835160A (en) * 2017-10-20 2018-03-23 浙江工商大学 Third party's user authen method based on Quick Response Code
CN107835079A (en) * 2017-11-02 2018-03-23 广州佳都数据服务有限公司 A kind of two-dimentional code authentication method and equipment based on digital certificate
CN108510022A (en) * 2018-03-19 2018-09-07 维沃移动通信有限公司 A kind of Quick Response Code generates, verification method and server
CN109767207A (en) * 2018-12-28 2019-05-17 优城(宁波)地铁科技有限公司 One kind unifying signaling open platform system for urban track traffic
CN109872146A (en) * 2019-02-17 2019-06-11 北京意锐新创科技有限公司 Third party's interface call method and system based on two dimension code reading device

Also Published As

Publication number Publication date
CN110298421A (en) 2019-10-01

Similar Documents

Publication Publication Date Title
CN110298421B (en) Online generation, offline generation and verification method and device for two-dimensional code
CN108881165A (en) A kind of multicenter Verification System with block issue mechanism
CN103140890A (en) Method and apparatus for voice signature authentication
CN103490884A (en) System and method for verification of digital certificates
RU2578739C2 (en) Determining detailed location network computers
CN103929482B (en) A kind of method and apparatus for being securely accessed by monitoring frontend
CN112134893B (en) Internet of things safety protection method and device, electronic equipment and storage medium
CN108260015B (en) Voting data processing method and device and electronic equipment
CN107124420A (en) Auth method and device
CN110263579A (en) A kind of data processing method, system and relevant device
CN106161348A (en) A kind of method of single-sign-on, system and terminal
CN108123961A (en) Information processing method, apparatus and system
CN110825776B (en) Air quality detection report processing method and device, computing equipment and storage medium
CN113098758B (en) Enterprise message pushing security gateway system based on enterprise WeChat
CN104518871B (en) A kind of network platform and method of self-service certification movable storage device
CN113067802A (en) User identification method, device, equipment and computer readable storage medium
CN110740122B (en) Method and device for improving safety of data warehouse
CN110601850B (en) Scenic spot information recording method, related equipment and storage medium
KR20210083457A (en) Electronic vote record management system based on blockchain
CN113515728B (en) Internet of things platform software authorization control system and method based on multistage deployment
CN109450953B (en) Authorization method and device, electronic equipment and computer readable storage medium
CN113849802A (en) Equipment authentication method and device, electronic equipment and storage medium
US10853816B1 (en) Systems and methods for authentication of an individual on a communications device
CN117118750B (en) Data sharing method and device based on white-box password, electronic equipment and medium
CN115550076B (en) Method and system for authentication by using domain log

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant