CN103795714A - Identity authentication system and method - Google Patents
Identity authentication system and method Download PDFInfo
- Publication number
- CN103795714A CN103795714A CN201410025117.5A CN201410025117A CN103795714A CN 103795714 A CN103795714 A CN 103795714A CN 201410025117 A CN201410025117 A CN 201410025117A CN 103795714 A CN103795714 A CN 103795714A
- Authority
- CN
- China
- Prior art keywords
- module
- authentication
- information
- gateway
- result information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
The invention provides an identity authentication system and method. The identity authentication system comprises an alliance mechanism module, an authentication gateway module and an authentication assembly module, wherein the alliance mechanism module is used for sending a client request message sent by a client side to the authentication gateway module, the authentication gateway module is used for receiving the client request message sent by the alliance mechanism module, processing the client request message, sending the processed authentication request message to the authentication assembly module, receiving an authentication result message returned by the authentication assembly module, signing and storing the authentication result message, returning the authentication result message to the alliance mechanism module, and the authentication assembly module is used for receiving and processing the authentication request message sent by the authentication gateway module, and returning the authentication result message obtained after processing to the authentication gateway module. The identity authentication system and method can provide identity authentication for electronic business systems of more social institutions, thereby further saving developing and maintenance cost of the electronic business systems, and meanwhile improving security level and user experience.
Description
Technical field
The present invention relates to data processing field, in particular to a kind of identity authorization system and method.
Background technology
In recent years, along with the development of ecommerce, government, enterprise, mechanism etc. constantly promote e commerce transactions system, and these systems generally all require in conjunction with customer account management, and therefore, authentication becomes requisite safety measure.But for all kinds of e commerce transactions systems, the development and maintenance cost of building a set of perfect identity authorization system is too high.Therefore,, for the huge authentication demand of social framework, can provide unified identity authentication service in the urgent need to one.
Although there are in the market some identity authorization systems,, these Verification Systems generally do not support have the social framework of demand that authentication service is provided to ecommerce, third party's payment, affiliate etc.Present situation based on such and demand, set up a kind of system that identity authentication service is provided to social framework etc., become body problem urgently to be resolved hurrily and in need of immediate treatment.Therefore, be necessary the authentication service of existing identity authorization system to extend, expand channel range, for ecommerce, third party's payment, industry pre-payment, educational institution, enterprise-like corporation etc. have the social framework of authentication demand that authentication service is provided.
Summary of the invention
For solving the problems of the technologies described above, the invention provides a kind of identity authorization system and method, can provide authentication for the e commerce transactions system of social framework widely, thereby further save the development and maintenance cost of e commerce transactions system, promote safe class and user experience simultaneously.
According to the first aspect of the embodiment of the present invention, a kind of identity authorization system is provided, comprising:
Alliance's mechanism module, is sent to authentication gateway module for the client requests information that client is sent;
Authentication gateway module, for receiving the described client requests information that described alliance mechanism module sends, described client requests information is processed, and authentication request information after treatment is sent to certified component module, and receive the authentication result information that described certified component module is returned, described authentication result information is signed and stored and return described alliance mechanism module;
Certified component module, the authentication request information of sending for receiving and process described authentication gateway module, is back to described authentication gateway module by the authentication result information obtaining after processing.
According to the second aspect of the embodiment of the present invention, a kind of identity identifying method is provided, said method comprising the steps of:
S1, the client requests information that alliance's mechanism module sends client is sent to authentication gateway module;
S2, authentication gateway module is processed the described client requests information receiving, and the authentication request information obtaining after processing is sent to certified component module;
S3, described certified component module receives and processes described authentication request information, and the authentication result information obtaining after processing is back to described authentication gateway module; And
S4, described authentication gateway module receives the described authentication result information of returning, and described authentication result information is signed and stored and return described alliance mechanism module.
Implement a kind of identity authorization system and method that the embodiment of the present invention provides, have the following advantages:
1) can provide authentication to the e commerce transactions system of social framework widely, save the development and maintenance cost of these e commerce transactions systems;
2) there is higher fail safe and user experience.
Accompanying drawing explanation
Fig. 1 is according to the structural representation of a kind of identity authorization system 100 of the embodiment of the present invention;
Fig. 2 is the structural representation of authentication gateway module 120 described in system 100 of the present invention;
Fig. 3 is the structural representation of the signing module 123 of gateway of authentication gateway module 120 in system 100 of the present invention;
Fig. 4 is the structural representation of the gateway authentication module 124 of authentication gateway module 120 in system 100 of the present invention;
Fig. 5 is the flow chart of a kind of identity identifying method of the present invention.
Embodiment
For making object, technical scheme and the advantage of embodiments of the invention clearer, below in conjunction with accompanying drawing, the present invention is described in further detail.
First, the part technical term the present invention relates to is described:
ECTIP system: enterprise-level electronic channel integration platform, that different channels, channel and client, product are carried out to integration management, define the competitive advantage of all kinds of channels, the products & services of responsibility, client location and the operation of each channel emphasis of distinct each channel, design unified operating process and service interface, the consistency guaranteeing service quality and the consistency of brand.
ECIF system: corporate client information management system is to set up unified client's view, and the customer information of enterprise is integrated, and forms and concentrates comprehensive customer information.
Fig. 1 is according to the structural representation of a kind of identity authorization system 100 of the embodiment of the present invention, and referring to Fig. 1, this system comprises: alliance's mechanism module 110, authentication gateway module 120 and certified component module 130.Set forth respectively below:
Alliance's mechanism module 110, is sent to authentication gateway module 120 for the client requests information that client is sent.Alliance's mechanism module 110 is that the information between client and authentication gateway module transmits bridge, the application service of mechanism is provided, and client trading request is sent to authentication gateway processing.
Certified component module 130, the authentication request information of sending for receiving and process authentication gateway module 120, is back to authentication gateway module 120 by the authentication result information obtaining after processing.Certified component module 130 provides the authentication of each channel for external client, and this is module integrated existing electronic channel is also integrated authentication infrastructures simultaneously, carries out unified management, to reach sharing of resource.
The system environments that a kind of identity authorization system 100 of the embodiment of the present invention moves has: HP-UX and IBM AIX, and development platform mainly contains: unix environment C language development platform and J2EE Java language development platform; Windows environment C and Java development platform.This system has standards service interface, adopts WebService/Https/Tcp protocol issuance, facilitates system or intermodule to call and exchanges data; By PKI technology, to reach the authentication of both sides' identity and the protection of the secret of information; Support the expansion of authentication mode; Support that financial IC card carries out voucher authentication.
Fig. 2 is the structural representation of authentication gateway module 120 described in system 100 of the present invention.Referring to Fig. 2, this module comprises:
The gateway module 123 of contracting, for the treatment of signing process of exchange;
Wherein, the signing module 123 of gateway and gateway authentication module 124 are to be applied to (signing transaction or authenticating transactions) two kinds of verification process arranged side by side, authentication gateway module 120 is according to the classification of the client requests information receiving (signing transaction authentication request or authenticating transactions authentication request), and the signing module 123 of application gateway and gateway authentication module 124 are processed these two kinds independently authentication request respectively.
In addition, described authentication gateway module 120 can also comprise: auditing and supervisory module and cipher processing module.
Auditing and supervisory module, monitors and analyzes for described client requests information and described authentication result information that described authentication gateway module 120 is received and sent.This auditing and supervisory module is as the supplementary module of real-time monitoring statistics, can represent in real time the content such as number of times, authentication institute's working medium equipment and authentication result of alliance's mechanism module 110 authentication request.
Cipher processing module, is encrypted and decryption processing for described client requests information and described authentication result information that described authentication gateway module is received and sent.This cipher processing module is mainly carried out the processing of cryptographic algorithm, and the solicited message that comprises message information that alliance's mechanism module 110 is sent and be sent to certified component module 130 is decoded or turns encryption.In addition, this module can also be signed to the authentication result information of returning to alliance's mechanism module 110, prevents pretending to be of authentication structures.
Fig. 3 is the structural representation of the signing module 123 of gateway of authentication gateway module 120 in system 100 of the present invention, and with lower module, for signing transaction authentication process, referring to Fig. 3, the signing module 123 of described gateway comprises:
Customer information authentication module 1231, for according to client requests information, calls basic scheduler module 122, compares with customer information, completes client identity checking.This customer information authentication module 1231 can be by calling ECIF system comparison client's identity information (as: identity document information).
Credential information acquisition module 1232, for calling basic scheduler module 122, obtains credential information.This credential information acquisition module 1232 can be by calling ECTIP system acquisition credential information (as: voucher coding, inspection voucher state etc.).
Signing bind request module 1233, for sending signing authentication request according to credential information to certified component module 130.Described credential information can be the voucher coding after encrypting and authenticating.
Fig. 4 is the structural representation of the gateway authentication module 124 of authentication gateway module 120 in system 100 of the present invention, and with lower module, for authenticating transactions verification process, referring to Fig. 4, described gateway authentication module 124 comprises:
Mechanism of alliance authentication module 1241, for carrying out authentication according to client requests information to alliance's mechanism module 110 and obtaining voucher numbering.This mechanism of alliance authentication module 1241 can be by calling ECIF system comparison client's identity information (as: certificate number and bank's card number).
Voucher status checkout module 1242, for checking voucher state according to voucher numbering.This voucher status checkout module 1242 can be by calling ECTIP systems inspection voucher state (as: certificate status etc.).
Transaction authentication request module 1243, for sending transaction authentication request to certified component module 130.
Fig. 5 is the flow chart of a kind of identity identifying method of the present invention; Referring to Fig. 5, said method comprising the steps of:
S1, the client requests information that alliance's mechanism module sends client is sent to authentication gateway module;
S2, authentication gateway module is processed the client requests information receiving, and the authentication request information obtaining after processing is sent to certified component module;
S3, certified component module receives and processes authentication request information, and the authentication result information obtaining after processing is back to authentication gateway module; And
S4, authentication gateway module receives the authentication result information of returning, and authentication result information is signed and stored and return alliance's mechanism module.
In embodiments of the present invention, in described method, also comprise:
Described client requests information and described authentication result information are monitored and analyzed; And
Described client requests information and described authentication result information are encrypted and decryption processing.
Wherein said encryption and decryption processing comprises to be changed message protocol and data utilization cryptographic algorithm, and the authentication result information of returning is signed, and prevents pretending to be of authentication structures.
In embodiments of the present invention, described step S2 and step S3 specifically comprise the following steps:
S21, described authentication gateway module receives and resolves the described client requests information that described alliance mechanism module sends.
S22, calls described basic scheduler module, obtains credential information;
S23, sends signing authentication request according to described credential information to described certified component module;
S24, certified component module receives and processes described signing authentication request, and the authentication result information obtaining after processing is back to described authentication gateway module.
Above step is signing transaction authentication flow process, and wherein, credential information described in step S22 comprises by calling ECTIP system acquisition credential information (as: voucher coding, inspection voucher state etc.); In step S23, signing authentication request comprises digital signature authentication request; In step S24, process the checking that described signing authentication request comprises digital signature, return to the result information and comprise the form transmission with note code.
In another embodiment of the invention, described step S2 and step S3 specifically comprise the following steps:
S31, described authentication gateway module is carried out authentication according to described client requests information to described alliance mechanism module and is obtained voucher numbering;
S32, checks described voucher state according to described voucher numbering;
S33, sends transaction authentication request to described certified component module;
S34, receives and processes described transaction authentication request, and authentication result information after treatment is back to described authentication management module.
Above step is authenticating transactions identifying procedure, and wherein, step S32 can be by calling ECIF system comparison client's identity information (as: certificate number and bank's card number); In step S33, transaction authentication request comprises digital signature authentication request; In step S34, process the checking that described transaction authentication request comprises digital signature, return to the result information and comprise the form transmission with note code.
Through the above description of the embodiments, those skilled in the art can be well understood to the present invention and can realize by the mode of software combined with hardware platform, can certainly all implement by hardware.Based on such understanding, what technical scheme of the present invention contributed to background technology can embody with the form of software product in whole or in part, this computer software product can be stored in storage medium, as ROM/RAM, magnetic disc, CD etc., comprise that some instructions (can be personal computers in order to make a computer equipment, server, or the network equipment etc.) carry out the method described in some part of each embodiment of the present invention or embodiment.
Above disclosed is only the preferred embodiments of the present invention; certainly can not limit protection scope of the present invention with this; therefore the equivalent variations of according to the instruction of the claims in the present invention, above-described embodiment being done, still belongs in the scope that the claims in the present invention contain.
Claims (10)
1. an identity authorization system, is characterized in that, described system comprises:
Alliance's mechanism module, is sent to authentication gateway module for the client requests information that client is sent;
Authentication gateway module, for receiving the described client requests information that described alliance mechanism module sends, described client requests information is processed, and authentication request information after treatment is sent to certified component module, and receive the authentication result information that described certified component module is returned, described authentication result information is signed and stored and return described alliance mechanism module; And
Certified component module, the authentication request information of sending for receiving and process described authentication gateway module, is back to described authentication gateway module by the authentication result information obtaining after processing.
2. system as claimed in claim 1, is characterized in that, described authentication gateway module comprises:
Access parsing module, the described client requests information sending for receiving and resolve described alliance mechanism module;
Basis scheduler module, for the treatment of client identity checking, client device information is obtained and client device status checkout;
The gateway module of contracting, for the treatment of signing process of exchange;
Gateway authentication module, for the treatment of authenticating transactions process.
3. system as claimed in claim 2, is characterized in that, described authentication gateway module also comprises:
Auditing and supervisory module, monitors and analyzes for described client requests information and described authentication result information that described authentication gateway module is received and sent;
Cipher processing module, is encrypted and decryption processing for described client requests information and described authentication result information that described authentication gateway module is received and sent.
4. system described in claim 2, is characterized in that, the signing module of described gateway also comprises:
Customer information authentication module, for according to described client requests information, calls described basic scheduler module, compares with customer information, completes described client identity checking;
Credential information acquisition module, for calling described basic scheduler module, obtains credential information;
Signing bind request module, for sending signing authentication request according to described credential information to described certified component module;
Information management module, the described authentication result information of sending for receiving and store described certified component module, and described authentication result information is returned to described alliance mechanism module.
5. system described in claim 2, is characterized in that, described gateway authentication module comprises:
Mechanism of alliance authentication module, for carrying out authentication according to described client requests information to described alliance mechanism module and obtaining voucher numbering;
Voucher status checkout module, for checking voucher state according to described voucher numbering;
Transaction authentication request module, for sending transaction authentication request to described certified component module;
Authentication management module, the described authentication result information of sending for receiving and store described certified component module, and described authentication result information is returned to described alliance mechanism module.
6. system described in claim 4 or 5, is characterized in that, described certified component module comprises:
Signing authentication module, for receiving and processing described signing authentication request, is back to described information management module by authentication result information after treatment;
Transaction authentication module, for receiving and processing described transaction authentication request, is back to described authentication management module by authentication result information after treatment.
7. an identity identifying method, is characterized in that, said method comprising the steps of:
S1, the client requests information that alliance's mechanism module sends client is sent to authentication gateway module;
S2, authentication gateway module is processed the described client requests information receiving, and the authentication request information obtaining after processing is sent to certified component module;
S3, described certified component module receives and processes described authentication request information, and the authentication result information obtaining after processing is back to described authentication gateway module; And
S4, described authentication gateway module receives the described authentication result information of returning, and described authentication result information is signed and stored and return described alliance mechanism module.
8. method as claimed in claim 7, is characterized in that, described step S2 and step S3 specifically comprise the following steps:
S21, described authentication gateway module receives and resolves the described client requests information that described alliance mechanism module sends;
S22, calls described basic scheduler module, obtains credential information;
S23, sends signing authentication request according to described credential information to described certified component module;
S24, described certified component module receives and processes described signing authentication request, and the authentication result information obtaining after processing is back to described authentication gateway module.
9. method as claimed in claim 7, is characterized in that, described step S2 and step S3 specifically comprise the following steps:
S31, described authentication gateway module is carried out authentication according to described client requests information to described alliance mechanism module and is obtained voucher numbering;
S32, checks described voucher state according to described voucher numbering;
S33, sends transaction authentication request to described certified component module;
S34, receives and processes described transaction authentication request, and authentication result information after treatment is back to described authentication management module.
10. method as claimed in claim 7, is characterized in that, in described method, also comprises:
Described client requests information and described authentication result information are monitored and analyzed; And
Described client requests information and described authentication result information are encrypted and decryption processing.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410025117.5A CN103795714A (en) | 2014-01-20 | 2014-01-20 | Identity authentication system and method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410025117.5A CN103795714A (en) | 2014-01-20 | 2014-01-20 | Identity authentication system and method |
Publications (1)
Publication Number | Publication Date |
---|---|
CN103795714A true CN103795714A (en) | 2014-05-14 |
Family
ID=50671000
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201410025117.5A Pending CN103795714A (en) | 2014-01-20 | 2014-01-20 | Identity authentication system and method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN103795714A (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2019052195A1 (en) * | 2017-09-14 | 2019-03-21 | 深圳市华付信息技术有限公司 | Aggregation authentication method and system |
CN109787975A (en) * | 2019-01-17 | 2019-05-21 | 深圳壹账通智能科技有限公司 | Identity identifying method, device, computer equipment and storage medium |
CN110602130A (en) * | 2019-09-24 | 2019-12-20 | 中盈优创资讯科技有限公司 | Terminal authentication system and method, equipment terminal and authentication server |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1635738A (en) * | 2003-12-26 | 2005-07-06 | 鸿富锦精密工业(深圳)有限公司 | General authentication authorization service system and method |
CN101778380A (en) * | 2009-12-31 | 2010-07-14 | 卓望数码技术(深圳)有限公司 | Identity authentication method, device and system |
CN102629935A (en) * | 2012-03-07 | 2012-08-08 | 中兴通讯股份有限公司 | Method for installing application software based on cloud service, device thereof and system thereof |
-
2014
- 2014-01-20 CN CN201410025117.5A patent/CN103795714A/en active Pending
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1635738A (en) * | 2003-12-26 | 2005-07-06 | 鸿富锦精密工业(深圳)有限公司 | General authentication authorization service system and method |
CN101778380A (en) * | 2009-12-31 | 2010-07-14 | 卓望数码技术(深圳)有限公司 | Identity authentication method, device and system |
CN102629935A (en) * | 2012-03-07 | 2012-08-08 | 中兴通讯股份有限公司 | Method for installing application software based on cloud service, device thereof and system thereof |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2019052195A1 (en) * | 2017-09-14 | 2019-03-21 | 深圳市华付信息技术有限公司 | Aggregation authentication method and system |
CN109787975A (en) * | 2019-01-17 | 2019-05-21 | 深圳壹账通智能科技有限公司 | Identity identifying method, device, computer equipment and storage medium |
CN110602130A (en) * | 2019-09-24 | 2019-12-20 | 中盈优创资讯科技有限公司 | Terminal authentication system and method, equipment terminal and authentication server |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11863545B2 (en) | Secure token distribution | |
EP3114602B1 (en) | Method and apparatus for verifying processed data | |
CN111080295B (en) | Electronic contract processing method and device based on blockchain | |
AU2015204470B2 (en) | Efficient methods for protecting identity in authenticated transmissions | |
US9806889B2 (en) | Key downloading method, management method, downloading management method, device and system | |
Ramana et al. | A three-level gateway protocol for secure M-commerce transactions using encrypted OTP | |
CN103714458B (en) | Mobile terminal transaction encryption method based on Quick Response Code | |
CN110050435A (en) | Key pair architecture for security message transmitting-receiving | |
CN103380592B (en) | Method, server and system for personal authentication | |
JP2019521620A (en) | Establish secure channel | |
CN107483191A (en) | A kind of SM2 algorithm secret keys segmentation signature system and method | |
CN104301288A (en) | Method and system for online identity authentication, online transaction certification, and online certification protection | |
EP4022871A1 (en) | Gateway agnostic tokenization | |
CN103795714A (en) | Identity authentication system and method | |
CN112074835A (en) | Techniques to perform secure operations | |
US20170344992A1 (en) | Payment verification method, apparatus and system | |
CN102542445A (en) | Voice payment system | |
CN115085934A (en) | Contract management method based on block chain and combined key and related equipment | |
Chang et al. | A highly efficient and secure electronic cash system based on secure sharing in cloud environment | |
CN110505205A (en) | Cloud platform encryption and decryption services cut-in method and access system | |
TWI802794B (en) | Financial business review integration system and method thereof | |
CN103346881A (en) | Cloud computing system of bank payment passwords and application method thereof | |
CN115021972B (en) | Trusted computing method, device, equipment and medium based on block chain | |
Yang | Mobile Payment Security in the Context of Big Data: Certificateless Public Key Cryptography. | |
CN106127470A (en) | A kind of financial transaction system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20140514 |
|
WD01 | Invention patent application deemed withdrawn after publication |